CWE:
 

Tytuł
Data
Autor
High
Wordpress Plugin XCloner 4.2.12 Remote Code Execution (Authenticated)
07.07.2021
Ron Jost
High
WordPress XCloner 4.2.12 Remote Code Execution
02.07.2021
Ron Jost
Med.
BarracudaDrive v6.5 Insecure Folder Permissions
04.09.2020
Bobby Cooke
Low
Sierra Wireless AirLink ES450 ACEManager Embedded_Ace_Set_Task.cgi Permission Assignment
28.04.2019
Cisco Talos
High
aws-cfn-bootstrap Local Code Execution
04.12.2017
Harry Sintonen
Med.
SAP HANA SPS09 1.00.091.00.1418659308 EXPORT Information Disclosure
22.08.2016
Multiple
Low
Samsung SNS Provider Application For Android Access Theft
13.03.2015
Sadosky


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-01-18
Medium
CVE-2022-21694

Vendor: Onionshare
Software: Onionshare
 

 
OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. The website mode of the onionshare allows to use a hardened CSP, which will block any scripts and external resources. It is not possible to configure this CSP for individual pages and therefore the security enhancement cannot be used for websites using javascript or external resources like fonts or images.

 
2022-01-13
Medium
CVE-2022-22988

Vendor: Westerndigital
Software: Edgerover
 

 
File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources.

 
Medium
CVE-2022-23132

Vendor: Zabbix
Software: Zabbix
 

 
During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder. In this case, Zabbix Proxy or Server processes can bypass file read, write and execute permissions check on the file system level

 
2022-01-12
Low
CVE-2022-20616

Vendor: Jenkins
Software: Credentials ...
 

 
Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.

 
Medium
CVE-2021-42562

Vendor: Mitre
Software: Caldera
 

 
An issue was discovered in CALDERA 2.8.1. It does not properly segregate user privileges, resulting in non-admin users having access to read and modify configuration or other components that should only be accessible by admin users.

 
Low
CVE-2022-20614

Vendor: Jenkins
Software: Mailer
 

 
A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

 
Low
CVE-2022-20618

Vendor: Jenkins
Software: Bitbucket br...
 

 
A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.

 
2021-12-15
Medium
CVE-2021-0931

Vendor: Google
Software: Android
 

 
In getAlias of BluetoothDevice.java, there is a possible way to create misleading permission dialogs due to missing data filtering. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-180747689

 
2021-12-09
Medium
CVE-2021-43065

Vendor: Fortinet
Software: Fortinac
 

 
A incorrect permission assignment for critical resource in Fortinet FortiNAC version 9.2.0, version 9.1.3 and below, version 8.8.9 and below allows attacker to gain higher privileges via the access to sensitive system data.

 
Medium
CVE-2021-22565

Vendor: Google
Software: Exposure not...
 

 
An attacker could prematurely expire a verification code, making it unusable by the patient, making the patient unable to upload their TEKs to generate exposure notifications. We recommend upgrading the Exposure Notification server to V1.1.2 or greater.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top