Total
1299 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-47408 | 1 Fp Newsletter Project | 1 Fp Newsletter | 2022-12-16 | N/A | 9.1 CRITICAL |
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. There is a CAPTCHA bypass that can lead to subscribing many people. | |||||
CVE-2022-23741 | 1 Github | 1 Enterprise Server | 2022-12-16 | N/A | 7.2 HIGH |
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
CVE-2022-46160 | 1 Enalean | 1 Tuleap | 2022-12-15 | N/A | 4.3 MEDIUM |
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.104, project level authorizations are not properly verified when accessing the project "homepage"/dashboards. Users not authorized to access a project may still be able to get some information provided by the widgets (e.g. number of members, content of the Notes widget...). This issue has been patched in Tuleap Community Edition 14.2.99.104, Tuleap Enterprise Edition 14.2-4, and Tuleap Enterprise Edition 14.1-5. | |||||
CVE-2022-23473 | 1 Enalean | 1 Tuleap | 2022-12-15 | N/A | 4.3 MEDIUM |
Tuleap is an Open Source Suite to improve management of software developments and collaboration. In versions prior to 14.2.99.148, Authorizations are not properly verified when accessing MediaWiki standalone resources. Users with read only permissions for pages are able to also edit them. This only affects the MediaWiki standalone plugin. This issue is patched in versions Tuleap Community Edition 14.2.99.148, Tuleap Enterprise Edition 14.2-5, and Tuleap Enterprise Edition 14.1-6. | |||||
CVE-2022-45956 | 1 Boa | 1 Boa | 2022-12-15 | N/A | 5.3 MEDIUM |
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism. | |||||
CVE-2022-3882 | 1 Wp-memory Project | 1 Wp-memory | 2022-12-15 | N/A | 6.5 MEDIUM |
The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin before 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
CVE-2022-3879 | 1 Car Dealer Project | 1 Car Dealer | 2022-12-15 | N/A | 6.5 MEDIUM |
The Car Dealer (Dealership) and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
CVE-2022-25685 | 1 Qualcomm | 250 Apq8009, Apq8009 Firmware, Apq8017 and 247 more | 2022-12-15 | N/A | 7.5 HIGH |
Denial of service in Modem module due to improper authorization while error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
CVE-2022-3881 | 1 Wptools Project | 1 Wptools | 2022-12-14 | N/A | 5.7 MEDIUM |
The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
CVE-2022-3880 | 1 Antihacker Project | 1 Antihacker | 2022-12-14 | N/A | 6.5 MEDIUM |
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin before 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
CVE-2022-3883 | 1 Stopbadbots Project | 1 Stopbadbots | 2022-12-14 | N/A | 6.5 MEDIUM |
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin before 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org | |||||
CVE-2021-42192 | 1 Konga Project | 1 Konga | 2022-12-14 | 9.0 HIGH | 8.8 HIGH |
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation. | |||||
CVE-2010-4296 | 3 Apple, Linux, Vmware | 6 Mac Os X, Linux Kernel, Fusion and 3 more | 2022-12-14 | 7.2 HIGH | N/A |
vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on Linux, VMware Player 3.1.x before 3.1.2 build 301548 on Linux, VMware Server 2.0.2 on Linux, and VMware Fusion 3.1.x before 3.1.2 build 332101 does not properly load libraries, which allows host OS users to gain privileges via vectors involving shared object files. | |||||
CVE-2017-12118 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 6.8 MEDIUM | 8.1 HIGH |
An exploitable improper authorization vulnerability exists in miner_stop API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). An attacker can send JSON to trigger this vulnerability. | |||||
CVE-2017-12117 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 6.8 MEDIUM | 8.1 HIGH |
An exploitable improper authorization vulnerability exists in miner_start API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | |||||
CVE-2017-12116 | 1 Ethereum | 1 Aleth | 2022-12-14 | 6.8 MEDIUM | 8.1 HIGH |
An exploitable improper authorization vulnerability exists in miner_setGasPrice API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | |||||
CVE-2017-12115 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 6.8 MEDIUM | 8.1 HIGH |
An exploitable improper authorization vulnerability exists in miner_setEtherbase API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. | |||||
CVE-2017-12114 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 4.3 MEDIUM | 6.8 MEDIUM |
An exploitable improper authorization vulnerability exists in admin_peers API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | |||||
CVE-2017-12113 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 6.8 MEDIUM | 8.1 HIGH |
An exploitable improper authorization vulnerability exists in admin_nodeInfo API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. | |||||
CVE-2017-12112 | 1 Ethereum | 1 Cpp-ethereum | 2022-12-14 | 6.8 MEDIUM | 8.1 HIGH |
An exploitable improper authorization vulnerability exists in admin_addPeer API of cpp-ethereum's JSON-RPC (commit 4e1015743b95821849d001618a7ce82c7c073768). A JSON request can cause an access to the restricted functionality resulting in authorization bypass. An attacker can send JSON to trigger this vulnerability. |