Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43380 | 1 Ibm | 2 Aix, Vios | 2024-02-28 | N/A | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. IBM X-Force ID: 238640. | |||||
| CVE-2023-0697 | 1 Google | 2 Android, Chrome | 2024-02-28 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-44801 | 1 Dlink | 2 Dir-878, Dir-878 Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
| D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. | |||||
| CVE-2022-4711 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-02-28 | N/A | 4.3 MEDIUM |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_save_mega_menu_settings' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to enable and modify Mega Menu settings for any menu item. | |||||
| CVE-2023-0700 | 1 Google | 1 Chrome | 2024-02-28 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-48165 | 1 Wavlink | 2 Wl-wn530h4, Wl-wn530h4 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
| An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | |||||
| CVE-2022-41781 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2024-02-28 | N/A | 9.8 CRITICAL |
| Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. | |||||
| CVE-2022-47003 | 1 Murasoftware | 1 Mura Cms | 2024-02-28 | N/A | 9.8 CRITICAL |
| A vulnerability in the Remember Me function of Mura CMS before v10.0.580 allows attackers to bypass authentication via a crafted web request. | |||||
| CVE-2022-4390 | 1 Netgear | 2 Ax2400, Ax2400 Firmware | 2024-02-28 | N/A | 10.0 CRITICAL |
| A network misconfiguration is present in versions prior to 1.0.9.90 of the NETGEAR RAX30 AX2400 series of routers. IPv6 is enabled for the WAN interface by default on these devices. While there are firewall restrictions in place that define access restrictions for IPv4 traffic, these restrictions do not appear to be applied to the WAN interface for IPv6. This allows arbitrary access to any services running on the device that may be inadvertently listening via IPv6, such as the SSH and Telnet servers spawned on ports 22 and 23 by default. This misconfiguration could allow an attacker to interact with services only intended to be accessible by clients on the local network. | |||||
| CVE-2023-0435 | 1 Pyload | 1 Pyload | 2024-02-28 | N/A | 9.8 CRITICAL |
| Excessive Attack Surface in GitHub repository pyload/pyload prior to 0.5.0b3.dev41. | |||||
| CVE-2022-40036 | 1 Blog-ssm Project | 1 Blog-ssm | 2024-02-28 | N/A | 6.5 MEDIUM |
| An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component. | |||||
| CVE-2022-45167 | 1 Archibus | 1 Archibus Web Central | 2024-02-28 | N/A | 4.3 MEDIUM |
| An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users. | |||||
| CVE-2022-41935 | 1 Xwiki | 1 Xwiki | 2024-02-28 | N/A | 4.3 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue. | |||||
| CVE-2023-26302 | 1 Executablebooks | 1 Markdown-it-py | 2024-02-28 | N/A | 5.5 MEDIUM |
| Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as input. | |||||
| CVE-2022-38715 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-02-28 | N/A | 8.8 HIGH |
| A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-48023 | 1 Zammad | 1 Zammad | 2024-02-28 | N/A | 4.3 MEDIUM |
| Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags. | |||||
| CVE-2022-46676 | 1 Dell | 1 Wyse Management Suite | 2024-02-28 | N/A | 4.9 MEDIUM |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized. | |||||
| CVE-2021-4221 | 2 Google, Mozilla | 2 Android, Firefox | 2024-02-28 | N/A | 4.3 MEDIUM |
| If a domain name contained a RTL character, it would cause the domain to be rendered to the right of the path. This could lead to user confusion and spoofing attacks. <br>*This bug only affects Firefox for Android. Other operating systems are unaffected.*<br>*Note*: Due to a clerical error this advisory was not included in the original announcement, and was added in Feburary 2022. This vulnerability affects Firefox < 92. | |||||
| CVE-2023-26478 | 1 Xwiki | 1 Xwiki | 2024-02-28 | N/A | 8.1 HIGH |
| XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, `org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment` returns an instance of `com.xpn.xwiki.doc.XWikiAttachment`. This class is not supported to be exposed to users without the `programing` right. `com.xpn.xwiki.api.Attachment` should be used instead and takes case of checking the user's rights before performing dangerous operations. This has been patched in versions 14.9-rc-1 and 14.4.6. There are no known workarounds for this issue. | |||||
| CVE-2022-41446 | 1 Record Management System Project | 1 Record Management System | 2024-02-28 | N/A | 5.4 MEDIUM |
| An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data. | |||||