Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-20431 | 1 Google | 1 Android | 2022-10-12 | N/A | 7.8 HIGH |
| There is an missing authorization issue in the system service. Since the component does not have permission check , resulting in Local Elevation of privilege.Product: AndroidVersions: Android SoCAndroid ID: A-242221238 | |||||
| CVE-2022-39861 | 1 Samsung | 1 Factorycamera | 2022-10-12 | N/A | 3.3 LOW |
| Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. | |||||
| CVE-2021-27598 | 1 Sap | 1 Netweaver Application Server Java | 2022-10-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows an attacker to read some statistical data like product version, traffic, timestamp etc. because of missing authorization check in the servlet. | |||||
| CVE-2021-21467 | 1 Sap | 1 Banking Services | 2022-10-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP Banking Services (Generic Market Data) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. An unauthorized User is allowed to display restricted Business Partner Generic Market Data (GMD), due to improper authorization check. | |||||
| CVE-2022-36068 | 1 Discourse | 1 Discourse | 2022-10-06 | N/A | 4.3 MEDIUM |
| Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds. | |||||
| CVE-2022-29611 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-06 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2022-26102 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-06 | 5.5 MEDIUM | 5.4 MEDIUM |
| Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application. | |||||
| CVE-2020-25359 | 1 Rconfig | 1 Rconfig | 2022-10-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path. | |||||
| CVE-2020-26832 | 1 Sap | 2 Netweaver Application Server Abap, S\/4 Hana | 2022-10-05 | 7.5 HIGH | 7.6 HIGH |
| SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable. | |||||
| CVE-2019-0257 | 1 Sap | 2 Netweaver Application Server Abap, Netweaver As Abap | 2022-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7.50 to 7.53, from 7.74 to 7.75) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2021-21473 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 6.5 MEDIUM | 6.3 MEDIUM |
| SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform. | |||||
| CVE-2020-26818 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. | |||||
| CVE-2020-6270 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-05 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. | |||||
| CVE-2022-3124 | 1 Najeebmedia | 1 Frontend File Manager | 2022-10-04 | N/A | 5.3 MEDIUM |
| The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server | |||||
| CVE-2021-21468 | 1 Sap | 1 Business Warehouse | 2022-10-01 | 4.0 MEDIUM | 6.5 MEDIUM |
| The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table. | |||||
| CVE-2019-13047 | 1 Toaruos Project | 1 Toaruos | 2022-09-29 | 7.2 HIGH | 7.8 HIGH |
| kernel/sys/syscall.c in ToaruOS through 1.10.9 has incorrect access control in sys_sysfunc case 9 for TOARU_SYS_FUNC_SETHEAP, allowing arbitrary kernel pages to be mapped into user land, leading to root access. | |||||
| CVE-2020-20444 | 1 Openclinic Project | 1 Openclinic | 2022-09-29 | 6.5 MEDIUM | 7.2 HIGH |
| Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability . | |||||
| CVE-2021-28052 | 1 Hitach | 1 Vantara | 2022-09-28 | N/A | 4.9 MEDIUM |
| A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user (non-administrator) may view configuration in another tenant without authorization. This issue affects: Hitachi Vantara Hitachi Content Platform versions prior to 8.3.7; 9.0.0 versions prior to 9.2.3. | |||||
| CVE-2022-36642 | 1 Telosalliance | 2 Omnia Mpx Node, Omnia Mpx Node Firmware | 2022-09-27 | N/A | 9.8 CRITICAL |
| A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.0.0-1.4.9 allows attackers to access users credentials which makes him able to gain initial access to the control panel with high privilege because the cleartext storage of sensitive information which can be unlatched by exploiting the LFD vulnerability. | |||||
| CVE-2022-36340 | 1 Mailoptin | 1 Mailoptin | 2022-09-26 | N/A | 5.3 MEDIUM |
| Unauthenticated Optin Campaign Cache Deletion vulnerability in MailOptin plugin <= 1.2.49.0 at WordPress. | |||||