CWE:
 

Tytuł
Data
Autor
Med.
Transposh WordPress Translation 1.0.8.1 Incorrect Authorization
20.08.2022
Julien Ahrens
Med.
Transposh WordPress Translation 1.0.7 Incorrect Authorization
01.08.2022
Julien Ahrens
Med.
Easy Appointments 1.4.2 Information Disclosure
23.04.2022
Anonymous
Low
Easy!Appointments Information Disclosure
15.04.2022
Alexandre Zanni
Med.
Revive Adserver 5.0.4 Security Bypass / Open Redirect
14.03.2020
Matteo Beccati


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-09-21
Waiting for details
CVE-2022-41230

Updating...
 

 
Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.

 
2022-09-09
Waiting for details
CVE-2022-36109

Updating...
 

 
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly.

 
2022-09-05
Waiting for details
CVE-2022-2597

Updating...
 

 
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts

 
2022-08-19
Waiting for details
CVE-2022-36009

Updating...
 

 
gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the `"events_default"` key of the `m.room.power_levels` event, defaulting the event default power level to zero in all cases. Power levels are the matrix terminology for user access level. In rooms where the `"events_default"` power level had been changed, this could result in events either being incorrectly authorised or rejected by Dendrite servers. gomatrixserverlib contains a fix as of commit `723fd49` and Dendrite 0.9.3 has been updated accordingly. Matrix rooms where the `"events_default"` power level has not been changed from the default of zero are not vulnerable. Users are advised to upgrade. There are no known workarounds for this issue.

 
2022-08-01
Waiting for details
CVE-2022-31155

Updating...
 

 

 
Waiting for details
CVE-2022-31154

Updating...
 

 
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able to read contents of existing code monitors, only override the data. The issue is fixed in Sourcegraph 3.42. There are no workaround for the issue and patching is highly recommended.

 
2022-07-18
Waiting for details
CVE-2022-2108

Updating...
 

 

 
2022-07-12
Low
CVE-2022-33705

Vendor: Samsung
Software: Calendar
 

 
Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission.

 
Low
CVE-2022-33702

Vendor: Google
Software: Android
 

 
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.

 
Low
CVE-2022-30757

Vendor: Google
Software: Android
 

 
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top