Total
28990 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-25402 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify all PHP files. | |||||
CVE-2022-22127 | 1 Tableau | 1 Tableau Server | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable. | |||||
CVE-2022-2088 | 1 Smartics | 1 Smartics | 2024-02-28 | 6.8 MEDIUM | 4.9 MEDIUM |
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. | |||||
CVE-2022-29855 | 1 Mitel | 18 6865i Sip, 6865i Sip Firmware, 6867i Sip and 15 more | 2024-02-28 | 7.2 HIGH | 6.8 MEDIUM |
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. | |||||
CVE-2022-0736 | 1 Lfprojects | 1 Mlflow | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. | |||||
CVE-2022-29501 | 3 Debian, Fedoraproject, Schedmd | 3 Debian Linux, Fedora, Slurm | 2024-02-28 | 9.0 HIGH | 8.8 HIGH |
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. | |||||
CVE-2022-31876 | 1 Netgear | 2 Wnap320, Wnap320 Firmware | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. | |||||
CVE-2020-35501 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-02-28 | 3.6 LOW | 3.4 LOW |
A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the audit subsystem | |||||
CVE-2022-23775 | 1 Truestack | 1 Direct Connect | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
TrueStack Direct Connect 1.4.7 has Incorrect Access Control. | |||||
CVE-2022-28096 | 1 Skycaiji | 1 Skycaiji | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. | |||||
CVE-2022-28778 | 1 Samsung | 1 Samsung Security Supporter | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission | |||||
CVE-2022-20747 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in the History API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected system. This vulnerability is due to insufficient API authorization checking on the underlying operating system. An attacker could exploit this vulnerability by sending a crafted API request to Cisco vManage as a lower-privileged user and gaining access to sensitive information that they would not normally be authorized to access. | |||||
CVE-2022-22291 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device. | |||||
CVE-2022-27511 | 1 Citrix | 1 Application Delivery Management | 2024-02-28 | 7.8 HIGH | 8.1 HIGH |
Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted. | |||||
CVE-2022-0689 | 1 Microweber | 1 Microweber | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. | |||||
CVE-2022-20680 | 1 Cisco | 1 Prime Service Catalog | 2024-02-28 | 4.0 MEDIUM | 6.5 MEDIUM |
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive data. An attacker with read-only Administrator access to the web-based management interface could exploit this vulnerability by sending a malicious HTTP request to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information about users of the system and orders that have been placed using the application. | |||||
CVE-2021-46167 | 1 Wizplat | 2 Pd065, Pd065 Firmware | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An access control issue in the authentication module of wizplat PD065 v1.19 allows attackers to access sensitive data and cause a Denial of Service (DoS). | |||||
CVE-2022-22282 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. | |||||
CVE-2022-1243 | 1 Uri.js Project | 1 Uri.js | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11. | |||||
CVE-2022-21825 | 1 Citrix | 1 Workspace | 2024-02-28 | 4.6 MEDIUM | 7.8 HIGH |
An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111 with App Protection installed that can allow an attacker to perform local privilege escalation. |