CWE:

	Topic	Date	Author
Med.	SAP Solution Manager 7.2 Missing Authorization	15.06.2021	Pablo Artuso
Med.	URVE Software Build 24.03.2020 Missing Authorization	30.12.2020	Erik Steltzner
Low	1CRM 8.6.7 Insecure Direct Object Reference	17.09.2020	Andreas Sperber
Med.	WordPress DrcSystems EthicSolutions Jssor-Slider Library Plugin Arbitrary File Upload Vulnerability	21.06.2018	KingSkrupellos
High	Lenovo ShareIT Information Disclosure / Hardcoded Password	26.01.2016	CoreLabs
High	SAP Afaria 7 Missing Authorization Check	19.06.2015	Vahagn Vardanyan

---

CVEMAP Search Results

CVE

Details

Description

2021-10-19

Low

CVE-2021-30810

Vendor: Apple Software: Ipados

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

2021-10-18

Medium

CVE-2021-24677

Vendor: Find my blocks project Software: Find my blocks

The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles.

2021-10-15

Medium	CVE-2021-37738	Vendor: Arubanetworks Software: Clearpass po...	A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for ClearPass Policy Manager that address this security vulnerability.
Low	CVE-2021-38431	Vendor: Advantech Software: Webaccess scada	An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users.

2021-10-07

Medium

CVE-2021-32172

Vendor: Maianscriptworld Software: Maian cart

Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin.

2021-10-05

Medium

CVE-2021-39893

Vendor: Gitlab Software: Gitlab

A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation.

2021-10-04

Low

CVE-2021-39347

Vendor: Paymentplugins Software: Stripe for w...

The Stripe for WooCommerce WordPress plugin is missing a capability check on the save() function found in the ~/includes/admin/class-wc-stripe-admin-user-edit.php file that makes it possible for attackers to configure their account to use other site users unique STRIPE identifier and make purchases with their payment accounts. This affects versions 3.0.0 - 3.3.9.

2021-09-30

Medium

CVE-2021-41729

Vendor: Baicloud-cms project Software: Baicloud-cms

BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php.

2021-09-29

	CVE-2021-3653	Updating...	A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.
Medium	CVE-2021-33924	Vendor: Confluent Software: Ansible	Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect Access Control via its auxiliary component that allows remote attackers to access sensitive information.

 

---

Copyright 2021, cxsecurity.com