Total
28989 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4106 | 1 Snowsoftware | 1 Snow Inventory Java Scanner | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0 | |||||
| CVE-2022-28165 | 1 Broadcom | 1 Sannav | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests. | |||||
| CVE-2021-26258 | 1 Intel | 1 Killer Control Center | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control for the Intel(R) Killer(TM) Control Center software before version 2.4.3337.0 may allow an authorized user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-25331 | 2 Microsoft, Trendmicro | 4 Windows, Serverprotect, Serverprotect For Network Appliance Filer and 1 more | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. | |||||
| CVE-2022-25214 | 1 Phicomm | 10 K2, K2 Firmware, K2g and 7 more | 2024-02-28 | 5.8 MEDIUM | 7.4 HIGH |
| Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN. | |||||
| CVE-2022-21157 | 1 Intel | 1 Smart Campus | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-29948 | 1 Lepin Ep-kp001 Project | 2 Lepin Ep-kp001, Lepinep-kp001 Firmware | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
| Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode is known, it is possible to successfully unlock the target device and read the stored data in cleartext. | |||||
| CVE-2022-30584 | 1 Rsa | 1 Archer | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. | |||||
| CVE-2022-0746 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2022-0541 | 1 Flothemes | 1 Flo-launch | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value. | |||||
| CVE-2022-20764 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
| Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-33061 | 1 Intel | 6 82599eb, 82599eb Firmware, 82599en and 3 more | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-34298 | 1 Openidentityplatform | 1 Openam | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack." | |||||
| CVE-2022-25226 | 1 Cybelsoft | 1 Thinvnc | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
| ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the server. | |||||
| CVE-2022-23708 | 1 Elastic | 1 Elasticsearch | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. | |||||
| CVE-2021-0103 | 2 Intel, Netapp | 681 Atom C3308, Atom C3336, Atom C3338 and 678 more | 2024-02-28 | 4.6 MEDIUM | 6.7 MEDIUM |
| Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | |||||
| CVE-2022-28093 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a local file inclusion vulnerability which allow attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-24932 | 2 Google, Samsung | 2 Android, Cloud | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
| Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. | |||||
| CVE-2021-3967 | 1 Zulip | 1 Zulip | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Access Control in GitHub repository zulip/zulip prior to 4.10. | |||||
| CVE-2022-0764 | 1 Strapi | 1 Strapi | 2024-02-28 | 7.2 HIGH | 6.7 MEDIUM |
| Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. | |||||