Total
28990 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28054 | 2 Microsoft, Vandyke | 2 Windows, Vshell | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value. | |||||
| CVE-2020-25160 | 1 Bbraun | 2 Datamodule Compactplus, Spacecom | 2024-02-28 | 4.6 MEDIUM | 6.3 MEDIUM |
| Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 enables attackers to extract and tamper with the devices network configuration. | |||||
| CVE-2022-25995 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
| A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-1665 | 1 Redhat | 1 Enterprise Linux | 2024-02-28 | 4.6 MEDIUM | 8.2 HIGH |
| A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code. | |||||
| CVE-2021-43948 | 1 Atlassian | 1 Jira Service Management | 2024-02-28 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view the names of private objects via an Improper Authorization vulnerability in the "Move objects" feature. The affected versions are before version 4.21.0. | |||||
| CVE-2021-0124 | 2 Intel, Netapp | 1360 Atom C3308, Atom C3308 Firmware, Atom C3336 and 1357 more | 2024-02-28 | 4.6 MEDIUM | 6.6 MEDIUM |
| Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2022-2037 | 1 Tooljet | 1 Tooljet | 2024-02-28 | 6.0 MEDIUM | 8.0 HIGH |
| Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. | |||||
| CVE-2022-2229 | 1 Gitlab | 1 Gitlab | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of. | |||||
| CVE-2022-1741 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
| The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code. | |||||
| CVE-2022-30729 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 4.6 MEDIUM |
| Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. | |||||
| CVE-2020-23349 | 1 Weibo | 1 Android Software Development Kit | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity. | |||||
| CVE-2022-1279 | 1 Ebics Java Project | 1 Ebics Java | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2. | |||||
| CVE-2022-21182 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-26703 | 1 Apple | 2 Ipados, Iphone Os | 2024-02-28 | 2.1 LOW | 2.4 LOW |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be able to access photos from the lock screen. | |||||
| CVE-2022-22934 | 1 Saltstack | 1 Salt | 2024-02-28 | 5.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Salt Masters do not sign pillar data with the minion’s public key, which can result in attackers substituting arbitrary pillar data. | |||||
| CVE-2021-41834 | 1 Jfrog | 1 Artifactory | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. | |||||
| CVE-2022-0821 | 1 Orchardcore | 1 Orchardcore | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. | |||||
| CVE-2021-36775 | 1 Rancher | 1 Rancher | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| a Improper Access Control vulnerability in SUSE Rancher allows users to keep privileges that should have been revoked. This issue affects: SUSE Rancher Rancher versions prior to 2.4.18; Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3. | |||||
| CVE-2022-25237 | 1 Bonitasoft | 1 Bonita Web | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions. | |||||
| CVE-2021-43129 | 1 D2l | 1 Brightspace | 2024-02-28 | 5.8 MEDIUM | 6.5 MEDIUM |
| A bypass exists for Desire2Learn/D2L Brightspace’s “Disable Right Click” option in the quizzing feature, which allows a quiz-taker to access print and copy functionality via the browser’s right click menu even when “Disable Right Click” is enabled on the quiz. | |||||