Total
3908 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0273 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 6.5 Medium |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. | ||||
| CVE-2022-0270 | 1 Mirantis | 1 Bored-agent | 2024-11-21 | 8.8 High |
| Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups. | ||||
| CVE-2022-0203 | 1 Craterapp | 1 Crater | 2024-11-21 | 5.3 Medium |
| Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. | ||||
| CVE-2022-0170 | 1 Framasoft | 1 Peertube | 2024-11-21 | 4.3 Medium |
| peertube is vulnerable to Improper Access Control | ||||
| CVE-2022-0133 | 1 Framasoft | 1 Peertube | 2024-11-21 | 7.5 High |
| peertube is vulnerable to Improper Access Control | ||||
| CVE-2021-4300 | 1 Halcyon Project | 1 Halcyon | 2024-11-21 | 6.3 Medium |
| A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched remotely. Upgrading to version 1.1.1.0-hal is able to address this issue. The identifier of the patch is 0675b25ae9cc10b5fdc8ea3a32c642979762d45e. It is recommended to upgrade the affected component. The identifier VDB-217417 was assigned to this vulnerability. | ||||
| CVE-2021-4194 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 6.5 Medium |
| bookstack is vulnerable to Improper Access Control | ||||
| CVE-2021-4119 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 9.8 Critical |
| bookstack is vulnerable to Improper Access Control | ||||
| CVE-2021-4089 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.3 Medium |
| snipe-it is vulnerable to Improper Access Control | ||||
| CVE-2021-4037 | 3 Debian, Linux, Redhat | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. | ||||
| CVE-2021-4026 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 4.3 Medium |
| bookstack is vulnerable to Improper Access Control | ||||
| CVE-2021-4016 | 1 Rapid7 | 1 Insight Agent | 2024-11-21 | 4 Medium |
| Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control vulnerability whereby, the user has access to the snapshot directory. An attacker can access, read and copy any of the files in this directory e.g. asset_info.json or file_info.json, leading to a loss of confidentiality. This issue was fixed in Rapid7 Insight Agent 3.1.3. | ||||
| CVE-2021-47155 | 2024-11-21 | 9.1 Critical | ||
| The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | ||||
| CVE-2021-46304 | 1 Siemens | 8 Cp-8000 Master Module With I\/o -25\/\+70, Cp-8000 Master Module With I\/o -25\/\+70 Firmware, Cp-8000 Master Module With I\/o -40\/\+70 and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems. | ||||
| CVE-2021-46270 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 2.7 Low |
| JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin user is able to list all available repository names due to insufficient permission validation. | ||||
| CVE-2021-45730 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 6 Medium |
| JFrog Artifactory prior to 7.31.10, is vulnerable to Broken Access Control where a Project Admin is able to create, edit and delete Repository Layouts while Repository Layouts configuration should only be available for Platform Administrators. | ||||
| CVE-2021-45111 | 1 Odoo | 1 Odoo | 2024-11-21 | 8.1 High |
| Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials. | ||||
| CVE-2021-45074 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 4.3 Medium |
| JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low-privileged user is able to delete other known users OAuth token, which will force a reauthentication on an active session or in the next UI session. | ||||
| CVE-2021-45034 | 1 Siemens | 8 Cp-8000 Master Module With I\/o -25\/\+70, Cp-8000 Master Module With I\/o -25\/\+70 Firmware, Cp-8000 Master Module With I\/o -40\/\+70 and 5 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. | ||||
| CVE-2021-44460 | 1 Odoo | 1 Odoo | 2024-11-21 | 6.5 Medium |
| Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows users with deactivated accounts to access the system with the deactivated account and any permission it still holds, via crafted RPC requests. | ||||