Total
1299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0390 | 1 Gitlab | 1 Gitlab | 2022-04-12 | 2.1 LOW | 4.3 MEDIUM |
| Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | |||||
| CVE-2022-0373 | 1 Gitlab | 1 Gitlab | 2022-04-12 | 3.5 LOW | 4.3 MEDIUM |
| Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7.1 allows project non-members to retrieve the service desk email address | |||||
| CVE-2021-24824 | 1 Custom Content Shortcode Project | 1 Custom Content Shortcode | 2022-04-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved | |||||
| CVE-2021-32960 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2022-04-12 | 6.0 MEDIUM | 8.8 HIGH |
| Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is enabled and deployed contains a vulnerability that may allow a remote, authenticated attacker to bypass FactoryTalk Security policies based on the computer name. If successfully exploited, this may allow an attacker to have the same privileges as if they were logged on to the client machine. | |||||
| CVE-2021-28504 | 1 Arista | 18 Ccs-710p-12, Ccs-710p-16p, Ccs-720xp-24y6 and 15 more | 2022-04-12 | 4.3 MEDIUM | 7.5 HIGH |
| On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access-list has a rule which matches on “vxlan” as protocol then that rule and subsequent rules ( rules declared after it in ACL ) do not match on IP protocol field as expected. | |||||
| CVE-2022-26572 | 1 Xerox | 2 Colorqube 8580, Colorqube 8580 Firmware | 2022-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to print, view the status, and obtain sensitive information. | |||||
| CVE-2022-0740 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches. | |||||
| CVE-2022-1105 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled | |||||
| CVE-2018-1258 | 5 Netapp, Oracle, Pivotal Software and 2 more | 42 Oncommand Insight, Oncommand Unified Manager, Oncommand Workflow Automation and 39 more | 2022-04-11 | 6.5 MEDIUM | 8.8 HIGH |
| Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted. | |||||
| CVE-2022-1224 | 1 Phpipam | 1 Phpipam | 2022-04-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | |||||
| CVE-2021-37517 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| An Access Control vulnerability exists in Dolibarr ERP/CRM 13.0.2, fixed version is 14.0.0,in the forgot-password function becuase the application allows email addresses as usernames, which can cause a Denial of Service. | |||||
| CVE-2022-0406 | 1 Calibre-web Project | 1 Calibre-web | 2022-04-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. | |||||
| CVE-2017-5060 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2022-04-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. | |||||
| CVE-2021-3456 | 1 Theforeman | 1 Smart Proxy Salt | 2022-04-07 | 3.6 LOW | 7.1 HIGH |
| An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions that should be limited to the Foreman Server. This flaw allows an authenticated local attacker to access and delete limited resources and also causes a denial of service on the Foreman server. The highest threat from this vulnerability is to integrity and system availability. | |||||
| CVE-2018-1000805 | 4 Canonical, Debian, Paramiko and 1 more | 11 Ubuntu Linux, Debian Linux, Paramiko and 8 more | 2022-04-06 | 6.5 MEDIUM | 8.8 HIGH |
| Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. | |||||
| CVE-2021-35526 | 1 Hitachiabb-powergrids | 2 Sdm600, Sdm600 Firmware | 2022-04-06 | 7.2 HIGH | 7.8 HIGH |
| Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257). | |||||
| CVE-2022-26949 | 1 Rsa | 1 Archer | 2022-04-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges. | |||||
| CVE-2022-0726 | 1 Framasoft | 1 Peertube | 2022-04-05 | 5.5 MEDIUM | 5.4 MEDIUM |
| Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. | |||||
| CVE-2022-20002 | 1 Google | 1 Android | 2022-04-05 | 4.6 MEDIUM | 7.8 HIGH |
| In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657 | |||||
| CVE-2021-39789 | 1 Google | 1 Android | 2022-04-05 | 4.6 MEDIUM | 7.8 HIGH |
| In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-203880906 | |||||