Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26284 | 1 Ibm | 1 Mq Certified Container | 2024-02-28 | N/A | 8.8 HIGH |
| IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417. | |||||
| CVE-2023-26055 | 1 Xwiki | 1 Commons | 2024-02-28 | N/A | 9.9 CRITICAL |
| XWiki Commons are technical libraries common to several other top level XWiki projects. Starting in version 3.1-milestone-1, any user can edit their own profile and inject code, which is going to be executed with programming right. The same vulnerability can also be exploited in all other places where short text properties are displayed, e.g., in apps created using Apps Within Minutes that use a short text field. The problem has been patched on versions 13.10.9, 14.4.4, 14.7RC1. | |||||
| CVE-2022-4701 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2024-02-28 | N/A | 8.8 HIGH |
| The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_plugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'contact-form-7', 'media-library-assistant', or 'woocommerce' plugins if they are installed on the site. | |||||
| CVE-2022-31708 | 1 Vmware | 1 Vrealize Operations | 2024-02-28 | N/A | 4.9 MEDIUM |
| vRealize Operations (vROps) contains a broken access control vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.4. | |||||
| CVE-2022-34458 | 1 Dell | 3 Alienware Update, Command Update, Update | 2024-02-28 | N/A | 5.5 MEDIUM |
| Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. | |||||
| CVE-2022-37917 | 1 Arubanetworks | 1 Airwave | 2024-02-28 | N/A | 8.1 HIGH |
| Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network configurations with privileges at a higher effective level in Aruba AirWave Management Platform version(s): 8.2.15.0 and below. | |||||
| CVE-2022-48341 | 1 Thingsboard | 1 Thingsboard | 2024-02-28 | N/A | 8.8 HIGH |
| ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter. | |||||
| CVE-2022-3383 | 1 Ultimatemember | 1 Ultimate Member | 2024-02-28 | N/A | 7.2 HIGH |
| The Ultimate Member plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.5.0 via the get_option_value_from_callback function that accepts user supplied input and passes it through call_user_func(). This makes it possible for authenticated attackers, with administrative capabilities, to execute code on the server. | |||||
| CVE-2022-27808 | 2 Intel, Microsoft | 2 Administrative Tools For Intel Network Adapters, Windows | 2024-02-28 | N/A | 7.8 HIGH |
| Insufficient control flow management in some Intel(R) Ethernet Controller Administrative Tools drivers for Windows before version 1.5.0.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-22339 | 1 Contec | 1 Conprosys Hmi System | 2024-02-28 | N/A | 7.5 HIGH |
| Improper access control vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to bypass access restriction and obtain the server certificate including the private key of the product. | |||||
| CVE-2022-39895 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
| Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent. | |||||
| CVE-2019-9579 | 3 Illumos, Nexenta, Oracle | 3 Illumos, Nexentastor, Solaris | 2024-02-28 | N/A | 8.1 HIGH |
| An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream). | |||||
| CVE-2022-44938 | 1 Seeddms | 1 Seeddms | 2024-02-28 | N/A | 9.8 CRITICAL |
| Weak reset token generation in SeedDMS v6.0.20 and v5.1.7 allows attackers to execute a full account takeover via a brute force attack. | |||||
| CVE-2022-44565 | 1 Ui | 12 Airfiber 60, Airfiber 60-hd, Airfiber 60-hd Firmware and 9 more | 2024-02-28 | N/A | 5.3 MEDIUM |
| An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device. | |||||
| CVE-2022-47934 | 1 Brave | 1 Brave | 2024-02-28 | N/A | 6.5 MEDIUM |
| Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934. | |||||
| CVE-2023-22335 | 1 Dos-osaka | 2 Rakuraku Pc Cloud Agent, Ss1 | 2024-02-28 | N/A | 7.5 HIGH |
| Improper access control vulnerability in SS1 Ver.13.0.0.40 and earlier and Rakuraku PC Cloud Agent Ver.2.1.8 and earlier allows a remote attacker to bypass access restriction and download an arbitrary file of the directory where the product runs. As a result of exploiting this vulnerability with CVE-2023-22336 and CVE-2023-22344 vulnerabilities together, it may allow a remote attacker to execute an arbitrary code with SYSTEM privileges by sending a specially crafted script to the affected device. | |||||
| CVE-2022-47410 | 1 Fp Newsletter Project | 1 Fp Newsletter | 2024-02-28 | N/A | 7.5 HIGH |
| An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension before 1.1.1, 1.2.0, 2.x before 2.1.2, 2.2.1 through 2.4.0, and 3.x before 3.2.6 for TYPO3. Data about subscribers may be obtained via createAction operations. | |||||
| CVE-2022-4170 | 2 Fedoraproject, Rxvt-unicode Project | 3 Extra Packages For Enterprise Linux, Fedora, Rxvt-unicode | 2024-02-28 | N/A | 9.8 CRITICAL |
| The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. | |||||
| CVE-2022-25890 | 1 Wifey Project | 1 Wifey | 2024-02-28 | N/A | 9.8 CRITICAL |
| All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization. | |||||
| CVE-2022-41261 | 2 Microsoft, Sap | 2 Windows, Solution Manager | 2024-02-28 | N/A | 5.5 MEDIUM |
| SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized. | |||||