Total
1477 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2498 | 1 Gitlab | 1 Gitlab | 2022-08-11 | N/A | 7.5 HIGH |
| An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author. | |||||
| CVE-2022-33962 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2022-08-10 | N/A | 6.7 MEDIUM |
| In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-35243 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2022-08-10 | N/A | 9.1 CRITICAL |
| In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2022-2317 | 1 Simple-membership-plugin | 1 Simple Membership | 2022-08-05 | N/A | 9.8 CRITICAL |
| The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. | |||||
| CVE-2022-2273 | 1 Simple-membership-plugin | 1 Simple Membership | 2022-08-05 | N/A | 8.8 HIGH |
| The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request. | |||||
| CVE-2022-34338 | 1 Ibm | 1 Robotic Process Automation | 2022-08-05 | N/A | 6.5 MEDIUM |
| IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962. | |||||
| CVE-2022-35291 | 1 Sap | 1 Successfactors Mobile | 2022-08-02 | N/A | 8.1 HIGH |
| Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successful exploitation, the attacker can read/write attachments. Thus, compromising the confidentiality and integrity of the application | |||||
| CVE-2017-3257 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2022-08-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). | |||||
| CVE-2021-24207 | 1 Themeum | 1 Wp Page Builder | 2022-07-29 | 4.0 MEDIUM | 4.3 MEDIUM |
| By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages. | |||||
| CVE-2021-21786 | 1 Iobit | 1 Advanced Systemcare Ultimate | 2022-07-29 | 4.6 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability exists in the IOCTL 0x9c406144 handling of IOBit Advanced SystemCare Ultimate 14.2.0.220. A specially crafted I/O request packet (IRP) can lead to increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. | |||||
| CVE-2019-11632 | 1 Octopus | 2 Octopus Deploy, Octopus Server | 2022-07-27 | 5.5 MEDIUM | 8.1 HIGH |
| In Octopus Deploy 2019.1.0 through 2019.3.1 and 2019.4.0 through 2019.4.5, an authenticated user with the VariableViewUnscoped or VariableEditUnscoped permission scoped to a specific project could view or edit unscoped variables from a different project. (These permissions are only used in custom User Roles and do not affect built in User Roles.) | |||||
| CVE-2022-26113 | 1 Fortinet | 1 Forticlient | 2022-07-27 | N/A | 7.1 HIGH |
| An execution with unnecessary privileges vulnerability [CWE-250] in FortiClientWindows 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.10 may allow a local attacker to perform an arbitrary file write on the system. | |||||
| CVE-2022-26118 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2022-07-25 | N/A | 6.7 MEDIUM |
| A privilege chaining vulnerability [CWE-268] in FortiManager and FortiAnalyzer 6.0.x, 6.2.x, 6.4.0 through 6.4.7, 7.0.0 through 7.0.3 may allow a local and authenticated attacker with a restricted shell to escalate their privileges to root due to incorrect permissions of some folders and executable files on the system. | |||||
| CVE-2022-34754 | 1 Schneider-electric | 4 Acti9 Powertag Link C \(a9xelc10-a\), Acti9 Powertag Link C \(a9xelc10-a\) Firmware, Acti9 Powertag Link C \(a9xelc10-b\) and 1 more | 2022-07-22 | N/A | 6.8 MEDIUM |
| A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. Affected Products: Acti9 PowerTag Link C (A9XELC10-A) (V1.7.5 and prior), Acti9 PowerTag Link C (A9XELC10-B) (V2.12.0 and prior) | |||||
| CVE-2022-33708 | 1 Samsung | 1 Galaxy Store | 2022-07-16 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | |||||
| CVE-2022-33709 | 1 Samsung | 1 Galaxy Store | 2022-07-16 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | |||||
| CVE-2022-33710 | 1 Samsung | 1 Galaxy Store | 2022-07-16 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | |||||
| CVE-2022-23720 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2022-07-13 | 4.4 MEDIUM | 8.2 HIGH |
| PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints. | |||||
| CVE-2021-29951 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2022-07-12 | 6.4 MEDIUM | 6.5 MEDIUM |
| The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain network, grants normal remote users access to start or stop the service. This could be used to prevent the browser update service from operating (if an attacker spammed the 'Stop' command); but also exposed attack surface in the maintenance service. *Note: This issue only affected Windows operating systems older than Win 10 build 1709. Other operating systems are unaffected.*. This vulnerability affects Thunderbird < 78.10.1, Firefox < 87, and Firefox ESR < 78.10.1. | |||||
| CVE-2020-28014 | 1 Exim | 1 Exim | 2022-07-12 | 5.6 MEDIUM | 6.1 MEDIUM |
| Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to the exim user, and allows a denial of service because root-owned files can be overwritten. | |||||