Search
Search Results (24 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27903 | 1 Openvpn | 1 Openvpn | 2024-11-21 | 9.8 Critical |
| OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service. | ||||
| CVE-2021-24501 | 1 Amentotech | 1 Workreap | 2024-11-21 | 8.1 High |
| The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objects. This allowed a logged in user to modify or delete objects belonging to other users on the site. | ||||
| CVE-2021-24500 | 1 Amentotech | 1 Workreap | 2024-11-21 | 8.1 High |
| Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an attacker to trick a logged in user to submit a POST request to the vulnerable site, potentially modifying or deleting arbitrary objects on the target site. | ||||
| CVE-2015-3147 | 1 Redhat | 8 Automatic Bug Reporting Tool, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2024-11-21 | 6.5 Medium |
| daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. | ||||