Total
28988 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27426 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user. | |||||
| CVE-2022-1502 | 1 Octopus | 1 Server | 2024-02-28 | 3.5 LOW | 4.3 MEDIUM |
| Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions. | |||||
| CVE-2022-25831 | 1 Google | 1 Android | 2024-02-28 | 1.9 LOW | 4.6 MEDIUM |
| Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. | |||||
| CVE-2022-29201 | 1 Google | 1 Tensorflow | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-25197 | 1 Jenkins | 1 Hashicorp Vault | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins HashiCorp Vault Plugin 336.v182c0fbaaeb7 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2021-27770 | 1 Hcltech | 1 Sametime | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
| The vulnerability was discovered within the “FaviconService”. The service takes a base64-encoded URL which is then requested by the webserver. We assume this service is used by the “meetings”-function where users can specify an external URL where the online meeting will take place. | |||||
| CVE-2021-43442 | 1 I3international | 6 Ax46, Ax46 Firmware, Ax68 and 3 more | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
| A Logic Flaw vulnerability exists in i3 International Inc Annexxus Camera V5.2.0 build 150317 (Ax46), V5.0.9 build 151106 (Ax68), and V5.0.9 build 150615 (Ax78) due to a failure to allow the creation of more than one administrator account; however, this can be bypassed by parameter maniulation using PUT and DELETE and by calling the 'UserPermission' endpoint with the ID of created account and set it to 'admin' userType, successfully adding a second administrative account. | |||||
| CVE-2022-1740 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
| The tested version of Dominion Voting Systems ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An attacker could leverage this vulnerability to disguise malicious applications on a device. | |||||
| CVE-2022-25809 | 1 Amazon | 2 Echo Dot, Echo Dot Firmware | 2024-02-28 | 9.0 HIGH | 9.8 CRITICAL |
| Improper Neutralization of audio output from 3rd and 4th Generation Amazon Echo Dot devices allows arbitrary voice command execution on these devices via a malicious skill (in the case of remote attackers) or by pairing a malicious Bluetooth device (in the case of physically proximate attackers), aka an "Alexa versus Alexa (AvA)" attack. | |||||
| CVE-2022-1715 | 1 Facturascripts | 1 Facturascripts | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. | |||||
| CVE-2022-27337 | 3 Debian, Fedoraproject, Freedesktop | 3 Debian Linux, Fedora, Poppler | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||||
| CVE-2022-21153 | 1 Intel | 1 Capital Global Summit | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in the Intel(R) Capital Global Summit Android application may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-2105 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters. | |||||
| CVE-2021-31932 | 1 Nokia | 1 Bts Trs Web Console | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character. | |||||
| CVE-2022-30877 | 1 Keep Project | 1 Keep | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2. | |||||
| CVE-2020-13677 | 1 Drupal | 1 Drupal | 2024-02-28 | 4.3 MEDIUM | 7.5 HIGH |
| Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected. | |||||
| CVE-2022-22394 | 3 Ibm, Linux, Microsoft | 4 Aix, Spectrum Protect, Linux Kernel and 1 more | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server. | |||||
| CVE-2021-37791 | 1 Myadmin Project | 1 Myadmin | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
| MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin. | |||||
| CVE-2022-33879 | 1 Apache | 1 Tika | 2024-02-28 | 2.6 LOW | 3.3 LOW |
| The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. | |||||
| CVE-2021-39409 | 1 Online Student Rate System Project | 1 Online Student Rate System | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated. | |||||