Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44037 | 1 Apsystems | 2 Ecu-c, Ecu-c Firmware | 2024-02-28 | N/A | 8.8 HIGH |
| An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range. | |||||
| CVE-2022-3740 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 4.9 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys . | |||||
| CVE-2022-43533 | 2 Apple, Arubanetworks | 2 Macos, Clearpass Policy Manager | 2024-02-28 | N/A | 7.8 HIGH |
| A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2023-22622 | 1 Wordpress | 1 Wordpress | 2024-02-28 | N/A | 5.3 MEDIUM |
| WordPress through 6.1.1 depends on unpredictable client visits to cause wp-cron.php execution and the resulting security updates, and the source code describes "the scenario where a site may not receive enough visits to execute scheduled tasks in a timely manner," but neither the installation guide nor the security guide mentions this default behavior, or alerts the user about security risks on installations with very few visits. | |||||
| CVE-2022-23549 | 1 Discourse | 1 Discourse | 2024-02-28 | N/A | 6.5 MEDIUM |
| Discourse is an option source discussion platform. Prior to version 2.8.14 on the `stable` branch and version 2.9.0.beta16 on the `beta` and `tests-passed` branches, users can create posts with raw body longer than the `max_length` site setting by including html comments that are not counted toward the character limit. This issue is patched in versions 2.8.14 and 2.9.0.beta16. There are no known workarounds. | |||||
| CVE-2022-38355 | 1 Daikinlatam | 2 Svmpc1, Svmpc2 | 2024-02-28 | N/A | 5.5 MEDIUM |
| Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication. | |||||
| CVE-2023-23461 | 1 Libpeconv Project | 1 Libpeconv | 2024-02-28 | N/A | 9.8 CRITICAL |
| Libpeconv – access violation, before commit b076013 (30/11/2022). | |||||
| CVE-2022-32537 | 1 Medtronic | 56 Guardian Link 2 Transmitter Mmt-7730, Guardian Link 2 Transmitter Mmt-7730 Firmware, Guardian Link 2 Transmitter Mmt-7731 and 53 more | 2024-02-28 | N/A | 4.8 MEDIUM |
| A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance | |||||
| CVE-2021-30558 | 1 Google | 1 Chrome | 2024-02-28 | N/A | 8.8 HIGH |
| Insufficient policy enforcement in content security policy in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chrome security severity: Medium) | |||||
| CVE-2023-22316 | 1 Pixela | 2 Pix-rt100, Pix-rt100 Firmware | 2024-02-28 | N/A | 6.5 MEDIUM |
| Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services. | |||||
| CVE-2022-21810 | 1 Smartctl Project | 1 Smartctl | 2024-02-28 | N/A | 7.8 HIGH |
| All versions of the package smartctl are vulnerable to Command Injection via the info method due to improper input sanitization. | |||||
| CVE-2022-45097 | 1 Dell | 1 Emc Powerscale Onefs | 2024-02-28 | N/A | 8.8 HIGH |
| Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. | |||||
| CVE-2021-4105 | 1 Bg-tek | 16 Coslat Bx5s1d3, Coslat Bx5s1d3 Firmware, Coslat Bx5s1d4 and 13 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| Improper Handling of Parameters vulnerability in BG-TEK COSLAT Firewall allows Remote Code Inclusion.This issue affects COSLAT Firewall: from 5.24.0.R.20180630 before 5.24.0.R.20210727. | |||||
| CVE-2023-0821 | 1 Hashicorp | 1 Nomad | 2024-02-28 | N/A | 6.5 MEDIUM |
| HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4. | |||||
| CVE-2023-25821 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | N/A | 7.5 HIGH |
| Nextcloud is an Open Source private cloud software. Versions 24.0.4 and above, prior to 24.0.7, and 25.0.0 and above, prior to 25.0.1, contain Improper Access Control. Secure view for internal shares can be circumvented if reshare permissions are also given. This issue is patched in versions 24.0.7 and 25.0.1. No workaround is available. | |||||
| CVE-2022-45475 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2024-02-28 | N/A | 6.5 MEDIUM |
| Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control. | |||||
| CVE-2022-39070 | 1 Zte | 4 Zxa10 C300m, Zxa10 C300m Firmware, Zxa10 C350m and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. | |||||
| CVE-2023-21463 | 2 Google, Samsung | 2 Android, Myfiles | 2024-02-28 | N/A | 3.3 LOW |
| Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions. | |||||
| CVE-2023-0914 | 1 Pixelfed | 1 Pixelfed | 2024-02-28 | N/A | 5.3 MEDIUM |
| Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4. | |||||
| CVE-2022-34827 | 1 Carel | 2 Boss Mini, Boss Mini Firmware | 2024-02-28 | N/A | 9.9 CRITICAL |
| Carel Boss Mini 1.5.0 has Improper Access Control. | |||||