Total
5466 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-24573 | 1 Dell | 1 Command \| Monitor | 2024-11-21 | N/A | 4.7 MEDIUM |
| Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion. | |||||
| CVE-2023-22633 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | N/A | 7.5 HIGH |
| An improper permissions, privileges, and access controls vulnerability [CWE-264] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions 8.7.0 all versions may allow an unauthenticated attacker to perform a DoS attack on the device via client-secure renegotiation. | |||||
| CVE-2023-21641 | 1 Qualcomm | 30 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 27 more | 2024-11-21 | N/A | 6.6 MEDIUM |
| An app with non-privileged access can change global system brightness and cause undesired system behavior. | |||||
| CVE-2023-20190 | 1 Cisco | 1 Ios Xr | 2024-11-21 | N/A | 5.8 MEDIUM |
| A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. There are workarounds that address this vulnerability. This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication . | |||||
| CVE-2022-48508 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity. | |||||
| CVE-2022-45369 | 1 Richplugins | 1 Plugin For Google Reviews | 2024-11-21 | N/A | 4.3 MEDIUM |
| Auth. (subscriber+) Broken Access Control vulnerability in Plugin for Google Reviews plugin <= 2.2.2 on WordPress. | |||||
| CVE-2022-45069 | 1 Automattic | 1 Crowdsignal Dashboard | 2024-11-21 | N/A | 6.3 MEDIUM |
| Auth. (contributor+) Privilege Escalation vulnerability in Crowdsignal Dashboard plugin <= 3.0.9 on WordPress. | |||||
| CVE-2022-45066 | 1 Thriveweb | 1 Wooswipe Woocommerce Gallery | 2024-11-21 | N/A | 5.4 MEDIUM |
| Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress. | |||||
| CVE-2022-42461 | 1 Miniorange | 1 Google Authenticator | 2024-11-21 | N/A | 5.4 MEDIUM |
| Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. | |||||
| CVE-2022-42460 | 1 Sedlex | 1 Traffic Manager | 2024-11-21 | N/A | 6.5 MEDIUM |
| Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. | |||||
| CVE-2022-42459 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2024-11-21 | N/A | 7.2 HIGH |
| Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress. | |||||
| CVE-2022-41978 | 1 Zohocorp | 1 Zoho Crm Lead Magnet | 2024-11-21 | N/A | 8.8 HIGH |
| Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress. | |||||
| CVE-2022-41839 | 1 Wpbrigade | 1 Loginpress | 2024-11-21 | N/A | 5.3 MEDIUM |
| Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. | |||||
| CVE-2022-41781 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2024-11-21 | N/A | 6.5 MEDIUM |
| Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. | |||||
| CVE-2022-41132 | 1 Ezoic | 1 Ezoic | 2024-11-21 | N/A | 6.1 MEDIUM |
| Unauthenticated Plugin Settings Change Leading To Stored XSS Vulnerability in Ezoic plugin <= 2.8.8 on WordPress. | |||||
| CVE-2022-3421 | 2 Apple, Google | 2 Macos, Drive | 2024-11-21 | N/A | 5.6 MEDIUM |
| An attacker can pre-create the `/Applications/Google\ Drive.app/Contents/MacOS` directory which is expected to be owned by root to be owned by a non-root user. When the Drive for Desktop installer is run for the first time, it will place a binary in that directory with execute permissions and set its setuid bit. Since the attacker owns the directory, the attacker can replace the binary with a symlink, causing the installer to set the setuid bit on the symlink. When the symlink is executed, it will run with root permissions. We recommend upgrading past version 64.0 | |||||
| CVE-2022-38974 | 1 Wpml | 1 Wpml | 2024-11-21 | N/A | 4.3 MEDIUM |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. | |||||
| CVE-2022-38461 | 1 Wpml | 1 Wpml | 2024-11-21 | N/A | 5.4 MEDIUM |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content). | |||||
| CVE-2022-38135 | 1 Photospace Gallery Project | 1 Photospace Gallery | 2024-11-21 | N/A | 5.4 MEDIUM |
| Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings. | |||||
| CVE-2022-38134 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
| Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | |||||