Total
3371 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30995 | 3 Acronis, Linux, Microsoft | 4 Cyber Backup, Cyber Protect, Linux Kernel and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. | |||||
| CVE-2022-30755 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
| Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent. | |||||
| CVE-2022-30749 | 1 Samsung | 1 Smartthings | 2024-11-21 | 4.6 MEDIUM | 3.3 LOW |
| Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity. | |||||
| CVE-2022-30624 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| Browsing the admin.html page allows the user to reset the admin password. Also appears in the JS code for the password. | |||||
| CVE-2022-30623 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | N/A | 5.9 MEDIUM |
| The server checks the user's cookie in a non-standard way, and a value is entered in the cookie value name of the status and its value is set to true to bypass the identification with the system using a username and password. | |||||
| CVE-2022-30550 | 2 Debian, Dovecot | 2 Debian Linux, Dovecot | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user. | |||||
| CVE-2022-30421 | 1 Toshiba | 1 Storage Security Software | 2024-11-21 | N/A | 7.8 HIGH |
| Improper Authentication vulnerability in Toshiba Storage Security Software V1.2.0.7413 is that allows for sensitive information to be obtained via(local) password authentication module. | |||||
| CVE-2022-30270 | 1 Motorola | 2 Ace1000, Ace1000 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Motorola ACE1000 RTU through 2022-05-02 has default credentials. It exposes an SSH interface on port 22/TCP. This interface is used for remote maintenance and for SFTP file-transfer operations that are part of engineering software functionality. Access to this interface is controlled by 5 preconfigured accounts (root, abuilder, acelogin, cappl, ace), all of which come with default credentials. Although the ACE1000 documentation mentions the root, abuilder and acelogin accounts and instructs users to change the default credentials, the cappl and ace accounts remain undocumented and thus are unlikely to have their credentials changed. | |||||
| CVE-2022-30238 | 1 Schneider-electric | 4 Wiser Smart Eer21000, Wiser Smart Eer21000 Firmware, Wiser Smart Eer21001 and 1 more | 2024-11-21 | 7.5 HIGH | 8.3 HIGH |
| A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | |||||
| CVE-2022-30229 | 1 Siemens | 1 Sicam Gridedge Essential | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of an user, such as credentials, in case that user's id is known. | |||||
| CVE-2022-30150 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability | |||||
| CVE-2022-30124 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | N/A | 6.8 MEDIUM |
| An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code). | |||||
| CVE-2022-30034 | 1 Flower Project | 1 Flower | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. | |||||
| CVE-2022-2757 | 1 Kingspan | 2 Tms300 Cs, Tms300 Cs Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Due to the lack of adequately implemented access-control rules, all versions Kingspan TMS300 CS are vulnerable to an attacker viewing and modifying the application settings without authenticating by accessing a specific uniform resource locator (URL) on the webserver. | |||||
| CVE-2022-2752 | 1 Secomea | 1 Gatemanager | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability in the web server of Secomea GateManager allows a local user to impersonate as the previous user under some failed login conditions. This issue affects: Secomea GateManager versions from 9.4 through 9.7. | |||||
| CVE-2022-2664 | 1 Private Cloud Management Platform Project | 1 Private Cloud Management Platform | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file /management/api/rcx_management/global_config_query of the component POST Request Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. VDB-205614 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-2662 | 1 Sequi | 2 Portbloque S, Portbloque S Firmware | 2024-11-21 | N/A | 9.6 CRITICAL |
| Sequi PortBloque S has a improper authentication issues which may allow an attacker to bypass the authentication process and gain user-level access to the device. | |||||
| CVE-2022-2572 | 1 Octopus | 1 Octopus Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. | |||||
| CVE-2022-2553 | 3 Clusterlabs, Debian, Fedoraproject | 3 Booth, Debian Linux, Fedora | 2024-11-21 | N/A | 6.5 MEDIUM |
| The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. | |||||
| CVE-2022-2533 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. | |||||