CWE:
 

Tytuł
Data
Autor
Med.
Easy Appointments 1.4.2 Information Disclosure
23.04.2022
Anonymous
Low
Easy!Appointments Information Disclosure
15.04.2022
Alexandre Zanni
Med.
Revive Adserver 5.0.4 Security Bypass / Open Redirect
14.03.2020
Matteo Beccati


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2022-05-06
Medium
CVE-2022-29423

Vendor: Edmonsoft
Software: Countdown bu...
 

 
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.

 
2022-05-04
Low
CVE-2022-1502

Vendor: Octopus
Software: Server
 

 
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.

 
High
CVE-2021-42192

Vendor: Konga project
Software: Konga
 

 
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation.

 
Medium
CVE-2022-28067

Vendor: Sandboxie
Software: Sandboxie
 

 
An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable.

 
High
CVE-2022-20777

Vendor: Cisco
Software: Enterprise n...
 

 
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory.

 
2022-05-03
Low
CVE-2022-28782

Vendor: Google
Software: Android
 

 
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.

 
2022-04-28
Low
CVE-2022-1511

Vendor: Snipeitapp
Software: Snipe-it
 

 
Improper Access Control in GitHub repository snipe/snipe-it prior to 5.4.4.

 
2022-04-19
Medium
CVE-2022-27055

Vendor: Ecjia
Software: Daojia
 

 
** DISPUTED ** ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor disputes this because the environment file is in the data directory, which is not intended for access by website visitors (only the statics directory can be accessed by website visitors).

 
2022-04-18
Low
CVE-2020-25167

Vendor: Osisoft
Software: Pi vision
 

 
OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with insufficient privileges for an AF attribute.

 
2022-04-14
Low
CVE-2022-22190

Vendor: Juniper
Software: Paragon acti...
 

 
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows users to selective share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance version 3.1.0.

 

 


Copyright 2022, cxsecurity.com

 

Back to Top