Total
28988 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20949 | 1 Cisco | 1 Firepower Threat Defense | 2024-02-28 | N/A | 4.9 MEDIUM |
A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected device. An attacker could exploit this vulnerability by sending specific messages to the affected HTTPS handler. A successful exploit could allow the attacker to perform configuration changes on the affected system, which should be configured and managed only through Cisco Firepower Management Center (FMC) Software. | |||||
CVE-2022-36425 | 1 Fastlinemedia | 1 Beaver Builder | 2024-02-28 | N/A | 9.8 CRITICAL |
Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress. | |||||
CVE-2022-39857 | 1 Samsung | 1 Factorycamerafb | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege. | |||||
CVE-2022-37734 | 1 Graphql-java Project | 1 Graphql-java | 2024-02-28 | N/A | 7.5 HIGH |
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9. | |||||
CVE-2022-1857 | 1 Google | 1 Chrome | 2024-02-28 | N/A | 8.8 HIGH |
Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. | |||||
CVE-2022-3285 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 7.5 HIGH |
Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab | |||||
CVE-2022-34487 | 1 Oxilab | 1 Shortcode Addons | 2024-02-28 | N/A | 5.3 MEDIUM |
Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | |||||
CVE-2022-35523 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-02-28 | N/A | 9.8 CRITICAL |
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml. | |||||
CVE-2022-37151 | 1 Online Diagnostic Lab Management System Project | 1 Online Diagnostic Lab Management System | 2024-02-28 | N/A | 7.5 HIGH |
There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0. | |||||
CVE-2022-31687 | 1 Vmware | 1 Workspace One Assist | 2024-02-28 | N/A | 9.8 CRITICAL |
VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. | |||||
CVE-2022-21152 | 1 Intel | 1 Edge Insights For Industrial | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2022-30683 | 1 Adobe | 1 Experience Manager | 2024-02-28 | N/A | 5.3 MEDIUM |
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM. | |||||
CVE-2022-38769 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2024-02-28 | N/A | 7.5 HIGH |
The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request. | |||||
CVE-2022-33172 | 1 Bund | 1 De.fac2 | 2024-02-28 | N/A | 5.5 MEDIUM |
de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC. | |||||
CVE-2022-36852 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data. | |||||
CVE-2022-34313 | 1 Ibm | 1 Cics Tx | 2024-02-28 | N/A | 3.1 LOW |
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449. | |||||
CVE-2022-33731 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.1 HIGH |
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. | |||||
CVE-2022-3304 | 1 Google | 1 Chrome | 2024-02-28 | N/A | 8.8 HIGH |
Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||||
CVE-2022-36638 | 1 Garage Management System Project | 1 Garage Management System | 2024-02-28 | N/A | 5.3 MEDIUM |
An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. | |||||
CVE-2022-3047 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-28 | N/A | 6.5 MEDIUM |
Insufficient policy enforcement in Extensions API in Google Chrome prior to 105.0.5195.52 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. |