Total
1752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-33243 | 1 Qualcomm | 314 Apq8096au, Apq8096au Firmware, Aqt1000 and 311 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption due to improper access control in Qualcomm IPC. | |||||
| CVE-2022-32507 | 2024-11-21 | N/A | 8.8 HIGH | ||
| An issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from privileged accounts, could also be called from unprivileged accounts. This demonstrates that no access controls were implemented for the different BLE commands across the different accounts. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4. | |||||
| CVE-2022-32257 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution. | |||||
| CVE-2022-31024 | 1 Nextcloud | 1 Richdocuments | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available. | |||||
| CVE-2022-2702 | 1 Company Website\/cms Project | 1 Company Website\/cms | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205826 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2631 | 1 Tooljet | 1 Tooljet | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. | |||||
| CVE-2022-2578 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-29871 | 1 Intel | 431 Atom X5-e3930, Atom X5-e3940, Atom X6200fe and 428 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-27805 | 1 Goabode | 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability exists in the GHOME control functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted network request can lead to arbitrary XCMD execution. An attacker can send a malicious XML payload to trigger this vulnerability. | |||||
| CVE-2022-25481 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode. | |||||
| CVE-2022-24038 | 1 Karmasis | 1 Infraskope Siem\+ | 2024-11-21 | N/A | 6.5 MEDIUM |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to damage the page where the agents are listed. | |||||
| CVE-2022-24036 | 1 Karmasis | 1 Infraskope Siem\+ | 2024-11-21 | N/A | 8.6 HIGH |
| Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to modificate logs. | |||||
| CVE-2022-23829 | 2024-11-21 | N/A | 8.2 HIGH | ||
| A potential weakness in AMD SPI protection features may allow a malicious attacker with Ring0 (kernel mode) access to bypass the native System Management Mode (SMM) ROM protections. | |||||
| CVE-2022-23513 | 1 Pi-hole | 1 Adminlte | 2024-11-21 | N/A | 5.3 MEDIUM |
| Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: `/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists. | |||||
| CVE-2022-21950 | 2 Opensuse, Suse | 4 Backports Sle, Canna, Factory and 1 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there. | |||||
| CVE-2022-21586 | 1 Oracle | 1 Banking Trade Finance | 2024-11-21 | N/A | 6.4 MEDIUM |
| Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). The supported version that is affected is 14.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Trade Finance. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Banking Trade Finance accessible data as well as unauthorized access to critical data or complete access to all Oracle Banking Trade Finance accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N). | |||||
| CVE-2022-1958 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 4.0 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960. | |||||
| CVE-2022-0824 | 1 Webmin | 1 Webmin | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | |||||
| CVE-2022-0405 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16. | |||||
| CVE-2022-0273 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. | |||||