Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-45066 | 1 Thriveweb | 1 Wooswipe Woocommerce Gallery | 2024-02-28 | N/A | 8.8 HIGH |
Auth. (subscriber+) Broken Access Control vulnerability in WooSwipe WooCommerce Gallery plugin <= 2.0.1 on WordPress. | |||||
CVE-2022-40216 | 1 Wordplus | 1 Better Messages | 2024-02-28 | N/A | 6.5 MEDIUM |
Auth. (subscriber+) Messaging Block Bypass vulnerability in Better Messages plugin <= 1.9.10.69 on WordPress. | |||||
CVE-2022-20475 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
In test of ResetTargetTaskHelper.java, there is a possible hijacking of any app which sets allowTaskReparenting="true" due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-240663194 | |||||
CVE-2023-21464 | 2 Google, Samsung | 2 Android, Calendar | 2024-02-28 | N/A | 3.3 LOW |
Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status. | |||||
CVE-2022-22297 | 1 Fortinet | 2 Fortirecorder Firmware, Fortiweb | 2024-02-28 | N/A | 5.5 MEDIUM |
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiWeb version 6.4.0 through 6.4.1, FortiWeb version 6.3.0 through 6.3.17, FortiWeb all versions 6.2, FortiWeb all versions 6.1, FortiWeb all versions 6.0, FortiRecorder version 6.4.0 through 6.4.3, FortiRecorder all versions 6.0, FortiRecorder all versions 2.7 may allow an authenticated user to read arbitrary files via specially crafted command arguments. | |||||
CVE-2022-25926 | 1 Window-control Project | 1 Window-control | 2024-02-28 | N/A | 7.8 HIGH |
Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization. | |||||
CVE-2023-24320 | 1 Axcora | 1 Axcora | 2024-02-28 | N/A | 9.8 CRITICAL |
An access control issue in Axcora POS #0~gitf77ec09 allows unauthenticated attackers to execute arbitrary commands via unspecified vectors. | |||||
CVE-2022-45778 | 1 Hillstonenet | 8 Sc-6000-wv02, Sc-6000-wv02 Firmware, Sc-6000-wv04 and 5 more | 2024-02-28 | N/A | 9.8 CRITICAL |
https://www.hillstonenet.com.cn/ Hillstone Firewall SG-6000 <= 5.0.4.0 is vulnerable to Incorrect Access Control. There is a permission bypass vulnerability in the Hillstone WEB application firewall. An attacker can enter the background of the firewall with super administrator privileges through a configuration error in report.m. | |||||
CVE-2022-37916 | 1 Arubanetworks | 1 Airwave | 2024-02-28 | N/A | 8.1 HIGH |
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | |||||
CVE-2022-40231 | 3 Ibm, Linux, Microsoft | 4 Aix, Sterling B2b Integrator, Linux Kernel and 1 more | 2024-02-28 | N/A | 8.8 HIGH |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.0 could allow an authenticated user to perform unauthorized actions due to improper access controls. IBM X-Force ID: 235533. | |||||
CVE-2022-47932 | 1 Brave | 1 Brave | 2024-02-28 | N/A | 6.5 MEDIUM |
Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933. | |||||
CVE-2022-44929 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. | |||||
CVE-2022-25350 | 1 Helecloud | 1 Puppet-facter | 2024-02-28 | N/A | 7.8 HIGH |
All versions of the package puppet-facter are vulnerable to Command Injection via the getFact function due to improper input sanitization. | |||||
CVE-2022-40691 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2024-02-28 | N/A | 5.3 MEDIUM |
An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-4136 | 1 Leadshop | 1 Leadshop | 2024-02-28 | N/A | 9.8 CRITICAL |
Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method. | |||||
CVE-2023-25144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-02-28 | N/A | 7.8 HIGH |
An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. | |||||
CVE-2022-41326 | 1 Mitel | 1 Micollab | 2024-02-28 | N/A | 9.8 CRITICAL |
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. | |||||
CVE-2022-39906 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information. | |||||
CVE-2022-34672 | 2 Microsoft, Nvidia | 3 Windows, Cloud Gaming, Virtual Gpu | 2024-02-28 | N/A | 7.8 HIGH |
NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands. | |||||
CVE-2023-21461 | 1 Samsung | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. |