Total
2323 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0309 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | ||||
| CVE-2022-0273 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 6.5 Medium |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. | ||||
| CVE-2022-0117 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2021-4334 | 1 Radykal | 1 Fancy Product Designer | 2024-11-21 | 8.8 High |
| The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. This makes it possible for authenticated attackers with subscriber-level permissions to modify site options, including setting the default role to administrator which can allow privilege escalation. | ||||
| CVE-2021-4194 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 6.5 Medium |
| bookstack is vulnerable to Improper Access Control | ||||
| CVE-2021-4133 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Rhosemc | 2024-11-21 | 8.8 High |
| A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled. | ||||
| CVE-2021-4026 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 4.3 Medium |
| bookstack is vulnerable to Improper Access Control | ||||
| CVE-2021-46891 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | ||||
| CVE-2021-46890 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 9.8 Critical |
| Vulnerability of incomplete read and write permission verification in the GPU module. Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | ||||
| CVE-2021-46561 | 1 Mitre | 1 Cve Services | 2024-11-21 | 7.2 High |
| controller/org.controller/org.controller.js in the CVE Services API 1.1.1 before 5c50baf3bda28133a3bc90b854765a64fb538304 allows an organizational administrator to transfer a user account to an arbitrary new organization, and thereby achieve unintended access within the context of that new organization. | ||||
| CVE-2021-45471 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 5.3 Medium |
| In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. | ||||
| CVE-2021-45457 | 1 Apache | 1 Kylin | 2024-11-21 | 7.5 High |
| In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. | ||||
| CVE-2021-45339 | 1 Avast | 1 Antivirus | 2024-11-21 | 7.8 High |
| Privilege escalation vulnerability in Avast Antivirus prior to 20.4 allows a local user to gain elevated privileges by "hollowing" trusted process which could lead to the bypassing of Avast self-defense. | ||||
| CVE-2021-45102 | 1 Wisc | 1 Htcondor | 2024-11-21 | 8.8 High |
| An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When authenticating to an HTCondor daemon using a SciToken, a user may be granted authorizations beyond what the token should allow. | ||||
| CVE-2021-43858 | 2 Minio, Redhat | 2 Minio, Acm | 2024-11-21 | 8.8 High |
| MinIO is a Kubernetes native application for cloud storage. Prior to version `RELEASE.2021-12-27T07-23-18Z`, a malicious client can hand-craft an HTTP API call that allows for updating policy for a user and gaining higher privileges. The patch in version `RELEASE.2021-12-27T07-23-18Z` changes the accepted request body type and removes the ability to apply policy changes through this API. There is a workaround for this vulnerability: Changing passwords can be disabled by adding an explicit `Deny` rule to disable the API for users. | ||||
| CVE-2021-43781 | 1 Inveniosoftware | 1 Invenio-drafts-resources | 2024-11-21 | 6.4 Medium |
| Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. Invenio-Drafts-Resources prior to versions 0.13.7 and 0.14.6 does not properly check permissions when a record is published. The vulnerability is exploitable in a default installation of InvenioRDM. An authenticated a user is able via REST API calls to publish draft records of other users if they know the record identifier and the draft validates (e.g. all require fields filled out). An attacker is not able to modify the data in the record, and thus e.g. *cannot* change a record from restricted to public. The problem is patched in Invenio-Drafts-Resources v0.13.7 and 0.14.6, which is part of InvenioRDM v6.0.1 and InvenioRDM v7.0 respectively. | ||||
| CVE-2021-43560 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 5.3 Medium |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. | ||||
| CVE-2021-43553 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 3.1 Low |
| PI Vision could disclose information to a user with insufficient privileges for an AF attribute that is the child of another attribute and is configured as a Limits property. | ||||
| CVE-2021-42758 | 1 Fortinet | 1 Fortiwlc | 2024-11-21 | 8.8 High |
| An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions. | ||||
| CVE-2021-42192 | 1 Konga Project | 1 Konga | 2024-11-21 | 8.8 High |
| Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation. | ||||