Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-47524 | 1 F-secure | 1 Safe | 2024-02-28 | N/A | 5.4 MEDIUM |
F-Secure SAFE Browser 19.1 before 19.2 for Android allows an IDN homograph attack. | |||||
CVE-2022-25908 | 1 Create-choo-electron Project | 1 Create-choo-electron | 2024-02-28 | N/A | 9.8 CRITICAL |
All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | |||||
CVE-2022-30530 | 1 Intel | 1 Driver \& Support Assistant | 2024-02-28 | N/A | 7.8 HIGH |
Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2023-23698 | 1 Dell | 2 Alienware Update, Command Update | 2024-02-28 | N/A | 7.1 HIGH |
Dell Command | Update, Dell Update, and Alienware Update versions before 4.6.0 and 4.7.1 contain Insecure Operation on Windows Junction in the installer component. A local malicious user may potentially exploit this vulnerability leading to arbitrary file delete. | |||||
CVE-2022-45166 | 1 Archibus | 1 Archibus Web Central | 2024-02-28 | N/A | 4.3 MEDIUM |
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application accepts a set of user-controlled parameters that are used to act on the data returned to the user. It allows a basic user to access data unrelated to their role. | |||||
CVE-2022-46755 | 1 Dell | 1 Wyse Management Suite | 2024-02-28 | N/A | 4.9 MEDIUM |
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. | |||||
CVE-2022-43534 | 2 Arubanetworks, Linux | 2 Clearpass Policy Manager, Linux Kernel | 2024-02-28 | N/A | 7.8 HIGH |
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the Linux instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
CVE-2022-23523 | 1 Linux-loader Project | 1 Linux-loader | 2024-02-28 | N/A | 5.5 MEDIUM |
In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file. | |||||
CVE-2022-39894 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. | |||||
CVE-2022-26843 | 1 Intel | 2 Oneapi Dpc\+\+\/c\+\+ Compiler, Oneapi Toolkits | 2024-02-28 | N/A | 9.8 CRITICAL |
Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
CVE-2022-43977 | 1 Ge | 2 Ms 3000, Ms 3000 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
An issue was discovered on GE Grid Solutions MS3000 devices before 3.7.6.25p0_3.2.2.17p0_4.7p0. The debug port accessible via TCP (a qconn service) lacks access control. | |||||
CVE-2021-33104 | 1 Intel | 1 One Boot Flash Update | 2024-02-28 | N/A | 5.5 MEDIUM |
Improper access control in the Intel(R) OFU software before version 14.1.28 may allow an authenticated user to potentially enable denial of service via local access. | |||||
CVE-2023-24021 | 2 Debian, Trustwave | 2 Debian Linux, Modsecurity | 2024-02-28 | N/A | 7.5 HIGH |
Incorrect handling of '\0' bytes in file uploads in ModSecurity before 2.9.7 may allow for Web Application Firewall bypasses and buffer over-reads on the Web Application Firewall when executing rules that read the FILES_TMP_CONTENT collection. | |||||
CVE-2022-40224 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2024-02-28 | N/A | 7.5 HIGH |
A denial of service vulnerability exists in the web server functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP message header can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-45404 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-02-28 | N/A | 6.5 MEDIUM |
Through a series of popup and <code>window.print()</code> calls, an attacker can cause a window to go fullscreen without the user seeing the notification prompt, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107. | |||||
CVE-2022-38377 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-02-28 | N/A | 2.7 LOW |
An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. | |||||
CVE-2022-3820 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 6.5 MEDIUM |
An issue has been discovered in GitLab affecting all versions starting from 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions were configured, allowing an attacker already in possession of a valid Deploy Token to misuse it from any location. | |||||
CVE-2021-24942 | 1 Menu Item Visibility Control Project | 1 Menu Item Visibility Control | 2024-02-28 | N/A | 7.2 HIGH |
The Menu Item Visibility Control WordPress plugin through 0.5 doesn't sanitize and validate the "Visibility logic" option for WordPress menu items, which could allow highly privileged users to execute arbitrary PHP code even in a hardened environment. | |||||
CVE-2022-44654 | 1 Trendmicro | 1 Apex One | 2024-02-28 | N/A | 7.5 HIGH |
Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance product security. | |||||
CVE-2023-24038 | 2 Debian, Html-stripscripts Project | 2 Debian Linux, Html-stripscripts | 2024-02-28 | N/A | 7.5 HIGH |
The HTML-StripScripts module through 1.06 for Perl allows _hss_attval_style ReDoS because of catastrophic backtracking for HTML content with certain style attributes. |