CWE:
 

Topic
Date
Author
Med.
SAP Solution Manager 7.2 Missing Authorization
15.06.2021
Pablo Artuso
Med.
URVE Software Build 24.03.2020 Missing Authorization
30.12.2020
Erik Steltzner
Low
1CRM 8.6.7 Insecure Direct Object Reference
17.09.2020
Andreas Sperber
Med.
WordPress DrcSystems EthicSolutions Jssor-Slider Library Plugin Arbitrary File Upload Vulnerability
21.06.2018
KingSkrupellos
High
Lenovo ShareIT Information Disclosure / Hardcoded Password
26.01.2016
CoreLabs
High
SAP Afaria 7 Missing Authorization Check
19.06.2015
Vahagn Vardanyan


CVEMAP Search Results

CVE
Details
Description
2021-10-19
Low
CVE-2021-30810

Vendor: Apple
Software: Ipados
 

 
An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

 
2021-10-18
Medium
CVE-2021-24677

Vendor: Find my blocks project
Software: Find my blocks
 

 
The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.

 
2021-10-15
Medium
CVE-2021-37738

Vendor: Arubanetworks
Software: Clearpass po...
 

 
A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.

 
Low
CVE-2021-38431

Vendor: Advantech
Software: Webaccess scada
 

 
An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.

 
2021-10-07
Medium
CVE-2021-32172

Vendor: Maianscriptworld
Software: Maian cart
 

 
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin.

 
2021-10-05
Medium
CVE-2021-39893

Vendor: Gitlab
Software: Gitlab
 

 
A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation.

 
2021-10-04
Low
CVE-2021-39347

Vendor: Paymentplugins
Software: Stripe for w...
 

 
The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts. This affects versions 3.0.0 - 3.3.9.

 
2021-09-30
Medium
CVE-2021-41729

Vendor: Baicloud-cms project
Software: Baicloud-cms
 

 
BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php.

 
2021-09-29
Waiting for details
CVE-2021-3653

Updating...
 

 
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.

 
Medium
CVE-2021-33924

Vendor: Confluent
Software: Ansible
 

 
Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information.

 

 


Copyright 2021, cxsecurity.com

 

Back to Top