Vulnerabilities (CVE)

Filtered by CWE-863
Total 1628 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1417 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs
CVE-2022-1401 1 Device42 1 Cmdb 2024-11-21 N/A 6.9 MEDIUM
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00.
CVE-2022-1365 1 Cross-fetch Project 1 Cross-fetch 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.
CVE-2022-1309 1 Google 1 Chrome 2024-11-21 N/A 9.6 CRITICAL
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
CVE-2022-1224 1 Phpipam 1 Phpipam 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
CVE-2022-1223 1 Phpipam 1 Phpipam 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
CVE-2022-1193 1 Gitlab 1 Gitlab 2024-11-21 3.5 LOW 4.3 MEDIUM
Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances
CVE-2022-1177 1 Open-emr 1 Openemr 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.
CVE-2022-1132 1 Google 2 Chrome, Chrome Os 2024-11-21 N/A 6.1 MEDIUM
Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.
CVE-2022-1124 1 Gitlab 1 Gitlab 2024-11-21 3.5 LOW 4.3 MEDIUM
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
CVE-2022-0985 1 Moodle 1 Moodle 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.
CVE-2022-0984 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
CVE-2022-0981 1 Quarkus 1 Quarkus 2024-11-21 6.5 MEDIUM 8.8 HIGH
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.
CVE-2022-0920 1 Salonbookingsystem 1 Salon Booking System 2024-11-21 5.0 MEDIUM 7.5 HIGH
The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data
CVE-2022-0866 1 Redhat 3 Jboss Enterprise Application Platform, Openstack Platform, Wildfly 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it's also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.
CVE-2022-0825 1 Tms-outsource 1 Amelia 2024-11-21 5.5 MEDIUM 5.4 MEDIUM
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
CVE-2022-0775 1 Woocommerce 1 Woocommerce 2024-11-21 N/A 4.3 MEDIUM
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment
CVE-2022-0762 1 Microweber 1 Microweber 2024-11-21 4.0 MEDIUM 5.5 MEDIUM
Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.
CVE-2022-0740 1 Gitlab 1 Gitlab 2024-11-21 4.0 MEDIUM 3.1 LOW
Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches.
CVE-2022-0727 1 Framasoft 1 Peertube 2024-11-21 5.5 MEDIUM 5.4 MEDIUM
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.