Total
28988 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28776 | 1 Samsung | 1 Galaxy Store | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | |||||
| CVE-2022-22183 | 1 Juniper | 1 Junos Os Evolved | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
| An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS. | |||||
| CVE-2022-22562 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Dell PowerScale OneFS, versions 8.2.0-9.3.0, contain a improper handling of missing values exploit. An unauthenticated network attacker could potentially exploit this denial-of-service vulnerability. | |||||
| CVE-2021-41020 | 1 Fortinet | 1 Fortiisolator | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. | |||||
| CVE-2022-21230 | 1 Nanohttpd | 1 Nanohttpd | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. **Workaround:** Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue. | |||||
| CVE-2022-26318 | 1 Watchguard | 1 Fireware | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | |||||
| CVE-2022-24891 | 3 Netapp, Oracle, Owasp | 4 Active Iq Unified Manager, Oncommand Workflow Automation, Weblogic Server and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| ESAPI (The OWASP Enterprise Security API) is a free, open source, web application security control library. Prior to version 2.3.0.0, there is a potential for a cross-site scripting vulnerability in ESAPI caused by a incorrect regular expression for "onsiteURL" in the **antisamy-esapi.xml** configuration file that can cause "javascript:" URLs to fail to be correctly sanitized. This issue is patched in ESAPI 2.3.0.0. As a workaround, manually edit the **antisamy-esapi.xml** configuration files to change the "onsiteURL" regular expression. More information about remediation of the vulnerability, including the workaround, is available in the maintainers' release notes and security bulletin. | |||||
| CVE-2021-33123 | 1 Intel | 1346 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 1343 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2022-26198 | 1 Notable | 1 Notable | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field. | |||||
| CVE-2021-23556 | 1 Guake-project | 1 Guake | 2024-02-28 | 6.0 MEDIUM | 8.0 HIGH |
| The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. **Note:** Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands. | |||||
| CVE-2022-23730 | 1 Lg | 1 Webos | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The public API error causes for the attacker to be able to bypass API access control. | |||||
| CVE-2021-36777 | 1 Opensuse | 1 Open Build Service | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| A Reliance on Untrusted Inputs in a Security Decision vulnerability in the login proxy of the openSUSE Build service allowed attackers to present users with a expected login form that then sends the clear text credentials to an attacker specified server. This issue affects: openSUSE Build service login-proxy-scripts versions prior to dc000cdfe9b9b715fb92195b1a57559362f689ef. | |||||
| CVE-2021-27444 | 1 Weintek | 32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator. | |||||
| CVE-2022-29633 | 1 Linglong Project | 1 Linglong | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie. | |||||
| CVE-2022-21151 | 3 Debian, Intel, Netapp | 796 Debian Linux, Celeron J1750, Celeron J1750 Firmware and 793 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-22660 | 1 Apple | 1 Macos | 2024-02-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI. | |||||
| CVE-2016-20014 | 1 Pam Tacplus Project | 1 Pam Tacplus | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure. | |||||
| CVE-2022-30748 | 1 Samsung | 1 Members | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. | |||||
| CVE-2022-20145 | 1 Google | 1 Android | 2024-02-28 | 10.0 HIGH | 9.8 CRITICAL |
| In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack. This could lead to remote escalation of privilege if a malicious Wi-Fi AP is used, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-201660636 | |||||
| CVE-2022-29581 | 4 Canonical, Debian, Linux and 1 more | 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. | |||||