| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass E-mail verification which is required for OAuth Flow. |
| In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control was used on the Applications page |
| For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access. |
| In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). |
| Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials. |
| Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server. |
| In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous user that obtains a valid public link can get the associated hidden account username and password and proceed to login to the web application. Once logged into the web application with the hidden user account, some actions that were not available with the public share link can now be performed. |
| ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an external web server. To create submittable forms, ODF implements the XForms W3C standard, which allows data to be submitted without the need for macros or other active scripting Prior to version 6.4.4 LibreOffice allowed forms to be submitted to any URI, including file: URIs, enabling form submissions to overwrite local files. User-interaction is required to submit the form, but to avoid the possibility of malicious documents engineered to maximize the possibility of inadvertent user submission this feature has now been limited to http[s] URIs, removing the possibility to overwrite local files. This issue affects: The Document Foundation LibreOffice versions prior to 6.4.4. |
| An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption. |
| An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device without access control via network. A malicious user could use this vulnerability to get access to the device and disturb operations with connected devices. |
| The attacker can access the sensitive information stored within the jovi Smart Scene module by entering carefully constructed commands without requesting permission. |
| The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. |
| The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76. |
| Improper permissions in the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable denial of service via network access. |
| Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. |
| Improper permissions in the installer for the Intel(R) Data Center Manager Console before version 3.6.2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper permissions in the installer for the Intel(R) Processor Identification Utility before version 6.4.0603 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper permissions in the installer for the Intel(R) Advisor tools before version 2020 Update 2 may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper permissions in the installer for the Intel(R) HID Event Filter Driver, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. |
| Improper permissions in the installer for the Intel(R) Falcon 8+ UAS AscTec Thermal Viewer, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. |
