Total
28982 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27170 | 1 Intel | 1 Media Software Development Kit | 2024-02-28 | N/A | 7.8 HIGH |
| Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-3186 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2024-02-28 | N/A | 7.5 HIGH |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information. | |||||
| CVE-2023-22903 | 1 Librephotos Project | 1 Librephotos | 2024-02-28 | N/A | 9.8 CRITICAL |
| api/views/user.py in LibrePhotos before e19e539 has incorrect access control. | |||||
| CVE-2022-36278 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-02-28 | N/A | 7.8 HIGH |
| Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-0951 | 1 Devolutions | 1 Devolutions Server | 2024-02-28 | N/A | 8.8 HIGH |
| Improper access controls on some API endpoints in Devolutions Server 2022.3.12 and earlier could allow a standard privileged user to perform privileged actions. | |||||
| CVE-2022-39910 | 1 Samsung | 1 Pass | 2024-02-28 | N/A | 4.2 MEDIUM |
| Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view. | |||||
| CVE-2022-40282 | 1 Belden | 2 Hirschmann Bat-c2, Hirschmann Bat-c2 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
| The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21. | |||||
| CVE-2022-39911 | 1 Samsung | 1 Pass | 2024-02-28 | N/A | 6.8 MEDIUM |
| Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass. | |||||
| CVE-2022-45552 | 1 Zbt | 2 We1626, We1626 Firmware | 2024-02-28 | N/A | 7.5 HIGH |
| An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory. | |||||
| CVE-2021-44854 | 1 Mediawiki | 1 Mediawiki | 2024-02-28 | N/A | 5.3 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. | |||||
| CVE-2022-48079 | 1 Mengnai | 1 Aapanel Host System | 2024-02-28 | N/A | 9.8 CRITICAL |
| Monnai aaPanel host system v1.5 contains an access control issue which allows attackers to escalate privileges and execute arbitrary code via uploading a crafted PHP file to the virtual host directory of the system. | |||||
| CVE-2022-46892 | 1 Amperecomputing | 4 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 1 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| In Ampere AltraMax and Ampere Altra before 2.10c, improper access controls allows the OS to reinitialize a disabled root complex. | |||||
| CVE-2022-32623 | 2 Google, Mediatek | 9 Android, Mt6789, Mt6855 and 6 more | 2024-02-28 | N/A | 6.7 MEDIUM |
| In mdp, there is a possible out of bounds write due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342114; Issue ID: ALPS07342114. | |||||
| CVE-2022-41945 | 1 Super-xray Project | 1 Super-xray | 2024-02-28 | N/A | 9.8 CRITICAL |
| super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ??into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta. | |||||
| CVE-2022-38974 | 1 Wpml | 1 Wpml | 2024-02-28 | N/A | 4.3 MEDIUM |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. | |||||
| CVE-2022-3854 | 1 Redhat | 1 Ceph Storage | 2024-02-28 | N/A | 6.5 MEDIUM |
| A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service. | |||||
| CVE-2022-41505 | 1 Tp-link | 2 Tapo C200 V1, Tapo C200 V1 Firmware | 2024-02-28 | N/A | 6.4 MEDIUM |
| An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value. | |||||
| CVE-2022-25923 | 1 Exec-local-bin Project | 1 Exec-local-bin | 2024-02-28 | N/A | 9.8 CRITICAL |
| Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. | |||||
| CVE-2023-26303 | 1 Executablebooks | 1 Markdown-it-py | 2024-02-28 | N/A | 5.5 MEDIUM |
| Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted input. | |||||
| CVE-2021-4159 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2024-02-28 | N/A | 4.4 MEDIUM |
| A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. | |||||