CWE:
 

Topic
Date
Author
Med.
Trend Micro ServerProtect Disclosure / CSRF / XSS
26.05.2017
Multiple
Med.
Cisco Firepower Threat Management Console Local File Inclusion
06.10.2016
Matt Bergin
High
PLANET IP LFI / CSRF / XSS / Authentication Bypass
17.05.2016
Orwelllabs
High
Arris DG1670A Cable Modem Remote Command Execution
14.02.2016
Matt Bergin
Med.
SAP Business Objects Unauthorized File Repository Server Read
26.02.2015
Onapsis
Med.
SAP Business Objects Unauthorized File Repository Server Write
26.02.2015
Onapsis


CVEMAP Search Results

CVE
Details
Description
2022-05-11
Medium
CVE-2021-44167

Vendor: Fortinet
Software: Forticlient
 

 
An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.

 
2022-05-09
Medium
CVE-2022-22319

Updating...
 

 
IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366.

 
2022-05-05
Low
CVE-2022-26340

Vendor: F5
Software: Big-ip local...
 

 
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

 
Medium
CVE-2022-29263

Vendor: F5
Software: Big-ip acces...
 

 
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

 
2022-05-02
Medium
CVE-2022-28056

Vendor: Shopxo
Software: Shopxo
 

 
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php.

 
2022-04-21
Waiting for details
CVE-2021-23055

Updating...
 

 
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

 
2022-04-20
Waiting for details
CVE-2021-38483

Updating...
 

 
The affected product is vulnerable to misconfigured binaries, allowing users on the target PC with SYSTEM level privileges access to overwrite the binary and modify files to gain privilege escalation.

 
2022-04-13
Medium
CVE-2022-22958

Updating...
 

 
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two remote code execution vulnerabilities (CVE-2022-22957 & CVE-2022-22958). A malicious actor with administrative access can trigger deserialization of untrusted data through malicious JDBC URI which may result in remote code execution.

 
2022-04-12
Medium
CVE-2021-39795

Vendor: Google
Software: Android
 

 
In multiple locations of MediaProvider.java , there is a possible way to get read/write access to other app's dedicated, app-specific directory within external storage due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-201667614

 
Medium
CVE-2022-23448

Vendor: Siemens
Software: Simatic ener...
 

 
A vulnerability has been identified in SIMATIC Energy Manager Basic (All versions < V7.3 Update 1), SIMATIC Energy Manager PRO (All versions < V7.3 Update 1). Affected applications improperly assign permissions to critical directories and files used by the application processes. This could allow a local unprivileged attacker to achieve code execution with ADMINISTRATOR or even NT AUTHORITY/SYSTEM privileges.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top