Total
28988 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15334 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-02-28 | N/A | 5.3 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file. | |||||
| CVE-2022-36789 | 1 Intel | 52 Nuc 10 Performance Kit Nuc10i3fnh, Nuc 10 Performance Kit Nuc10i3fnh Firmware, Nuc 10 Performance Kit Nuc10i3fnhf and 49 more | 2024-02-28 | N/A | 7.8 HIGH |
| Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-26861 | 1 Dell | 798 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3980 and 795 more | 2024-02-28 | N/A | 7.8 HIGH |
| Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM. | |||||
| CVE-2022-33932 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | N/A | 5.3 MEDIUM |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services. | |||||
| CVE-2022-36866 | 2 Google, Samsung | 2 Android, Group Sharing | 2024-02-28 | N/A | 3.3 LOW |
| Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | |||||
| CVE-2022-20956 | 1 Cisco | 1 Identity Services Engine | 2024-02-28 | N/A | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx"] | |||||
| CVE-2022-38380 | 1 Fortinet | 1 Fortios | 2024-02-28 | N/A | 4.3 MEDIUM |
| An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API. | |||||
| CVE-2022-39866 | 1 Samsung | 1 Smartthings | 2024-02-28 | N/A | 7.5 HIGH |
| Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | |||||
| CVE-2022-2860 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-28 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.101 allowed a remote attacker to bypass cookie prefix restrictions via a crafted HTML page. | |||||
| CVE-2022-35519 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml. | |||||
| CVE-2022-39887 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
| Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting. | |||||
| CVE-2022-31257 | 1 Mendix | 1 Mendix | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords. | |||||
| CVE-2022-27661 | 1 Cybozu | 1 Garoon | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow. | |||||
| CVE-2022-22442 | 3 Ibm, Linux, Microsoft | 5 Aix, Infosphere Information Server, Infosphere Information Server On Cloud and 2 more | 2024-02-28 | N/A | 6.5 MEDIUM |
| "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427." | |||||
| CVE-2022-26310 | 1 Pandorafms | 1 Pandora Fms | 2024-02-28 | N/A | 8.8 HIGH |
| Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user. | |||||
| CVE-2022-38582 | 1 Watchdog | 1 Anti-virus | 2024-02-28 | N/A | 6.5 MEDIUM |
| Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files. | |||||
| CVE-2022-33715 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
| Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. | |||||
| CVE-2022-44560 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 5.3 MEDIUM |
| The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified. | |||||
| CVE-2022-40809 | 1 Democritus Dicts Project | 1 Democritus Dicts | 2024-02-28 | N/A | 9.8 CRITICAL |
| The d8s-dicts for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0 | |||||
| CVE-2022-36869 | 1 Samsung | 1 Contacts Provider | 2024-02-28 | N/A | 6.1 MEDIUM |
| Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission. | |||||