| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It could also have a high impact on the integrity and availability of the application. |
| SAP KMC WPC allows an unauthenticated attacker to remotely retrieve usernames by a simple parameter query which could expose sensitive information causing low impact on confidentiality of the application. This has no effect on integrity and availability. |
| SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted. |
| Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access. |
| An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application. |
| The RFC enabled function module allows a low privileged user to perform denial of service on any user and also change or delete favourite nodes. By sending a crafted packet in the function module targeting specific parameters, the specific targeted user will no longer have access to any functionality of SAP GUI. There is low impact on integrity and availability of the application. |
| The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on the 'vayu_blocks_get_toggle_switch_values_callback' and 'vayu_blocks_save_toggle_switch_callback' function in versions 1.0.4 to 1.2.1. This makes it possible for unauthenticated attackers to read plugin options and update any option with a key name ending in '_value'. |
| Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin interface in SAP Production and Revenue Accounting allows unauthorized access that could lead to disclosure of highly sensitive data. There is no impact on integrity or availability. |
| Missing Authorization vulnerability in Marketing Fire LLC LoginWP - Pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LoginWP - Pro: from n/a through 4.0.8.5. |
| When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated tables. When pglogical runs it should verify it is running on a replication connection but does not perform this check. This vulnerability was introduced in the pglogical 3.x codebase, which is proprietary to EDB. The same code base has been integrated into BDR/PGD 4 and 5.
To exploit the vulnerability the attacker needs at least CONNECT permissions to a database configured for replication and must understand a number of pglogical3/BDR specific commands and be able to decode the binary protocol. |
| A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects:
- AOS-CX 10.14.xxxx : All patches
- AOS-CX 10.15.xxxx : 10.15.1000 and below
The vulnerability is specific to traffic originated by the CX 9300 switch platform and could allow an attacker to bypass ACL rules applied to routed ports on egress. As a result, port ACLs are not correctly enforced, which could lead to unauthorized traffic flow and violations of security policies. Egress VLAN ACLs and Routed VLAN ACLs are not affected by this vulnerability. |
| Missing Authorization vulnerability in whassan KI Live Video Conferences ki-live-video-conferences allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KI Live Video Conferences: from n/a through <= 5.5.15. |
| Missing Authorization vulnerability in flymke Mark Posts mark-posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through <= 2.2.4. |
| Missing Authorization vulnerability in jjtrabucco Goldstar goldstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Goldstar: from n/a through <= 2.1.1. |
| Missing Authorization vulnerability in surdotly Sur.ly surly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sur.ly: from n/a through <= 3.0.3. |
| Missing Authorization vulnerability in Christiaan Pieterse MaxiBlocks maxi-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MaxiBlocks: from n/a through <= 2.1.3. |
| Missing Authorization vulnerability in paypalmuse PayPal Marketing Solutions paypal-promotions-and-insights allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through <= 1.2. |
| NVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering. |
| Missing Authorization vulnerability in POSIMYTH Sticky Header Effects for Elementor sticky-header-effects-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sticky Header Effects for Elementor: from n/a through <= 2.1.2. |
| Missing Authorization vulnerability in templateinvaders TI WooCommerce Wishlist ti-woocommerce-wishlist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TI WooCommerce Wishlist: from n/a through <= 2.10.0. |
