Total
28989 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-39409 | 1 Online Student Rate System Project | 1 Online Student Rate System | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated. | |||||
CVE-2021-0060 | 2 Intel, Netapp | 190 11th Generation Core Series Firmware, Atom C3000 Series Firmware, Atom C3308 and 187 more | 2024-02-28 | 7.2 HIGH | 6.6 MEDIUM |
Insufficient compartmentalization in HECI subsystem for the Intel(R) SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.309.0, SPS_02.04.00.101.0, SPS_SoC-A_05.00.03.114.0, SPS_SoC-X_04.00.04.326.0, SPS_SoC-X_03.00.03.117.0, IGN_E5_91.00.00.167.0, SPS_PHI_03.01.03.078.0 may allow an authenticated user to potentially enable escalation of privilege via physical access. | |||||
CVE-2022-27201 | 1 Jenkins | 2 Jenkins, Semantic Versioning | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | |||||
CVE-2022-22563 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
Dell EMC Powerscale OneFS 8.2.x - 9.2.x omit security-relevant information in /etc/master.passwd. A high-privileged user can exploit this vulnerability to not record information identifying the source of account information changes. | |||||
CVE-2022-24930 | 1 Samsung | 1 Wear Os | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission | |||||
CVE-2022-0803 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
CVE-2022-23654 | 1 Requarks | 1 Wiki.js | 2024-02-28 | 3.5 LOW | 6.5 MEDIUM |
Wiki.js is a wiki app built on Node.js. In affected versions an authenticated user with write access on a restricted set of paths can update a page outside the allowed paths by specifying a different target page ID while keeping the path intact. The access control incorrectly check the path access against the user-provided values instead of the actual path associated to the page ID. Commit https://github.com/Requarks/wiki/commit/411802ec2f654bb5ed1126c307575b81e2361c6b fixes this vulnerability by checking access control on the path associated with the page ID instead of the user-provided value. When the path is different than the current value, a second access control check is then performed on the user-provided path before the move operation. | |||||
CVE-2022-30707 | 1 Yokogawa | 11 B\/m9000 Vp, B\/m9000cs, Centum Cs 3000 and 8 more | 2024-02-28 | 5.4 MEDIUM | 8.8 HIGH |
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration. | |||||
CVE-2021-20320 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux kernel. In this flaw, a local attacker with special user privilege can circumvent the verifier and may lead to a confidentiality problem. | |||||
CVE-2021-36776 | 1 Rancher | 1 Rancher | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
A Improper Access Control vulnerability in SUSE Rancher allows remote attackers impersonate arbitrary users. This issue affects: SUSE Rancher Rancher versions prior to 2.5.10. | |||||
CVE-2021-3433 | 1 Zephyrproject | 1 Zephyr | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp | |||||
CVE-2022-27176 | 1 Jscom | 3 Revoworks Browser, Revoworks Desktop, Revoworks Scvx | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment. | |||||
CVE-2022-30556 | 3 Apache, Fedoraproject, Netapp | 3 Http Server, Fedora, Clustered Data Ontap | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | |||||
CVE-2021-33122 | 1 Intel | 466 Celeron N4000, Celeron N4000 Firmware, Celeron N4020 and 463 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
CVE-2022-30597 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. | |||||
CVE-2022-34061 | 1 Catly Translate Project | 1 Catly Translate | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
CVE-2022-23997 | 1 Samsung | 1 Wear Os | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission. | |||||
CVE-2021-30344 | 1 Qualcomm | 294 Apq8009w, Apq8009w Firmware, Apq8017 and 291 more | 2024-02-28 | 7.8 HIGH | 7.5 HIGH |
Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
CVE-2022-0895 | 1 Microweber | 1 Microweber | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
Static Code Injection in GitHub repository microweber/microweber prior to 1.3. | |||||
CVE-2021-33504 | 1 Couchbase | 1 Couchbase Server | 2024-02-28 | 4.0 MEDIUM | 4.9 MEDIUM |
Couchbase Server before 7.1.0 has Incorrect Access Control. |