Total
3371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36073 | 1 Rubygems | 1 Rubygems | 2024-11-21 | N/A | 8.3 HIGH |
| RubyGems.org is the Ruby community gem host. A bug in password & email change confirmation code allowed an attacker to change their RubyGems.org account's email to an unowned email address. Having access to an account whose email has been changed could enable an attacker to save API keys for that account, and when a legitimate user attempts to create an account with their email (and has to reset password to gain access) and is granted access to other gems, the attacker would then be able to publish and yank versions of those gems. Commit number 90c9e6aac2d91518b479c51d48275c57de492d4d contains a patch for this issue. | |||||
| CVE-2022-35898 | 1 Opentext | 1 Bizmanager | 2024-11-21 | N/A | 9.8 CRITICAL |
| OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. | |||||
| CVE-2022-35843 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 8.1 HIGH |
| An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. | |||||
| CVE-2022-35726 | 1 Yotuwp | 1 Video Gallery | 2024-11-21 | N/A | 4.3 MEDIUM |
| Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress. | |||||
| CVE-2022-35646 | 4 Ibm, Linux, Microsoft and 1 more | 5 Aix, Security Verify Governance, Linux Kernel and 2 more | 2024-11-21 | N/A | 5.9 MEDIUM |
| IBM Security Verify Governance, Identity Manager 10.0.1 software component could allow an authenticated user to modify or cancel any other user's access request using man-in-the-middle techniques. IBM X-Force ID: 231096. | |||||
| CVE-2022-35401 | 1 Asus | 2 Rt-ax82u, Rt-ax82u Firmware | 2024-11-21 | N/A | 8.1 HIGH |
| An authentication bypass vulnerability exists in the get_IFTTTTtoken.cgi functionality of Asus RT-AX82U 3.0.0.4.386_49674-ge182230. A specially-crafted HTTP request can lead to full administrative access to the device. An attacker would need to send a series of HTTP requests to exploit this vulnerability. | |||||
| CVE-2022-35248 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | N/A | 8.8 HIGH |
| A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login. | |||||
| CVE-2022-35203 | 1 Trendnet | 2 Tv-ip572pi, Tv-ip572pi Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information. | |||||
| CVE-2022-35198 | 1 Contract Management System Project | 1 Contract Managment System | 2024-11-21 | N/A | 7.5 HIGH |
| Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information. | |||||
| CVE-2022-35142 | 1 Raneto Project | 1 Raneto | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter. | |||||
| CVE-2022-35135 | 1 Boodskap | 1 Iot Platform | 2024-11-21 | N/A | 8.8 HIGH |
| Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request sent to /api/user/upsert/<uuid>. | |||||
| CVE-2022-34919 | 1 Zengenti | 1 Contensis | 2024-11-21 | N/A | 9.8 CRITICAL |
| The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands. | |||||
| CVE-2022-34908 | 1 Aremis | 1 Aremis 4 Nomads | 2024-11-21 | N/A | 8.2 HIGH |
| An issue was discovered in the A4N (Aremis 4 Nomad) application 1.5.0 for Android. It possesses an authentication mechanism; however, some features do not require any token or cookie in a request. Therefore, an attacker may send a simple HTTP request to the right endpoint, and obtain authorization to retrieve application data. | |||||
| CVE-2022-34887 | 1 Lenovo | 6 G263dns, G263dns Firmware, Gm265dn and 3 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password. | |||||
| CVE-2022-34575 | 1 Wavlink | 1 Wifi-repeater Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml. | |||||
| CVE-2022-34535 | 1 Dw | 2 Megapix, Megapix Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows unauthenticated attackers to view internal paths and scripts via web files. | |||||
| CVE-2022-34380 | 1 Dell | 1 Cloudlink | 2024-11-21 | N/A | 9.3 CRITICAL |
| Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. | |||||
| CVE-2022-34379 | 1 Dell | 1 Cloudlink | 2024-11-21 | N/A | 9.4 CRITICAL |
| Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system. | |||||
| CVE-2022-34372 | 1 Dell | 1 Powerprotect Cyber Recovery | 2024-11-21 | N/A | 9.8 CRITICAL |
| Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality | |||||
| CVE-2022-34331 | 1 Ibm | 1 Powervm Hypervisor | 2024-11-21 | N/A | 5.5 MEDIUM |
| After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695. | |||||