Total
220 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-28634 | 1 Glpi-project | 1 Glpi | 2023-04-12 | N/A | 8.8 HIGH |
| GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, a user who has the Technician profile could see and generate a Personal token for a Super-Admin. Using such token it is possible to negotiate a GLPI session and hijack the Super-Admin account, resulting in a Privilege Escalation. Versions 9.5.13 and 10.0.7 contain a patch for this issue. | |||||
| CVE-2022-4062 | 1 Schneider-electric | 1 Ecostruxure Power Commission | 2023-04-03 | N/A | 7.8 HIGH |
| A CWE-285: Improper Authorization vulnerability exists that could cause unauthorized access to certain software functions when an attacker gets access to localhost interface of the EcoStruxure Power Commission application. Affected Products: EcoStruxure Power Commission (Versions prior to V2.25) | |||||
| CVE-2023-0734 | 1 Wallabag | 1 Wallabag | 2023-03-09 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.4. | |||||
| CVE-2019-10159 | 1 Redhat | 2 Cfme-gemset, Cloudforms | 2023-02-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to an improper authorization in the migration log controller. An attacker with access to an unprivileged user can access all VM migration logs available. | |||||
| CVE-2016-7097 | 1 Linux | 1 Linux Kernel | 2023-02-12 | 3.6 LOW | 4.4 MEDIUM |
| The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. | |||||
| CVE-2023-0609 | 1 Wallabag | 1 Wallabag | 2023-02-08 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2023-0610 | 1 Wallabag | 1 Wallabag | 2023-02-08 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository wallabag/wallabag prior to 2.5.3. | |||||
| CVE-2022-4868 | 1 Froxlor | 1 Froxlor | 2023-01-06 | N/A | 4.3 MEDIUM |
| Improper Authorization in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | |||||
| CVE-2022-4804 | 1 Usememos | 1 Memos | 2023-01-05 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4688 | 1 Usememos | 1 Memos | 2022-12-30 | N/A | 8.8 HIGH |
| Improper Authorization in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-2901 | 1 Chatwoot | 1 Chatwoot | 2022-09-13 | N/A | 7.1 HIGH |
| Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. | |||||
| CVE-2022-2595 | 1 Kromit | 1 Titra | 2022-08-05 | N/A | 10.0 CRITICAL |
| Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1. | |||||
| CVE-2022-29233 | 1 Bigbluebutton | 1 Bigbluebutton | 2022-06-09 | 5.0 MEDIUM | 4.3 MEDIUM |
| BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of internal ids rather than on verification of the role of the user. Versions 2.3.18 and 2.4-rc-1 contain a patch for this issue. There are currently no known workarounds. | |||||
| CVE-2022-0829 | 1 Webmin | 1 Webmin | 2022-05-13 | 5.5 MEDIUM | 8.1 HIGH |
| Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | |||||
| CVE-2018-14662 | 4 Canonical, Debian, Opensuse and 1 more | 6 Ubuntu Linux, Debian Linux, Leap and 3 more | 2022-04-19 | 2.7 LOW | 5.7 MEDIUM |
| It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. | |||||
| CVE-2022-0587 | 1 Librenms | 1 Librenms | 2022-02-22 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Authorization in Packagist librenms/librenms prior to 22.2.0. | |||||
| CVE-2020-24431 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2021-09-08 | 5.8 MEDIUM | 4.4 MEDIUM |
| Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) for macOS are affected by a security feature bypass that could result in dynamic library code injection by the Adobe Reader process. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2019-18827 | 1 Barco | 8 Clickshare Cs-100, Clickshare Cs-100 Firmware, Clickshare Cse-200 and 5 more | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| On Barco ClickShare Button R9861500D01 devices (before firmware version 1.9.0) JTAG access is disabled after ROM code execution. This means that JTAG access is possible when the system is running code from ROM before handing control over to embedded firmware. | |||||
| CVE-2017-8409 | 1 Dlink | 2 Dcs-1130, Dcs-1130 Firmware | 2021-04-23 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to the device to provide a username and password. However, the device does not enforce the same restriction on a specific URL thereby allowing any attacker in possession of that to view the live video feed. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there. | |||||
| CVE-2019-14828 | 1 Moodle | 1 Moodle | 2021-03-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and earlier unsupported versions, where users with the capability to create courses were assigned as a teacher in those courses, regardless of whether they had the capability to be automatically assigned that role. | |||||