Total
28982 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20287 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-204082784 | |||||
CVE-2022-35524 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-02-28 | N/A | 9.8 CRITICAL |
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml. | |||||
CVE-2022-35692 | 1 Adobe | 2 Commerce, Magento Commerce | 2024-02-28 | N/A | 5.3 MEDIUM |
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user's account detials. Exploitation of this issue does not require user interaction. | |||||
CVE-2022-36563 | 1 Rubyinstaller | 1 Rubyinstaller2 | 2024-02-28 | N/A | 8.8 HIGH |
Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
CVE-2022-35535 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-02-28 | N/A | 9.8 CRITICAL |
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml. | |||||
CVE-2022-40785 | 1 Mipcm | 2 Mipc Camera, Mipc Camera Firmware | 2024-02-28 | N/A | 8.8 HIGH |
Unsanitized input when setting a locale file leads to shell injection in mIPC camera firmware 5.3.1.2003161406. This allows an attacker to gain remote code execution on cameras running the firmware when a victim logs into a specially crafted mobile app. | |||||
CVE-2022-27235 | 1 Supsystic | 1 Social Share Buttons | 2024-02-28 | N/A | 8.8 HIGH |
Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. | |||||
CVE-2022-37458 | 1 Discourse | 1 Discourse | 2024-02-28 | N/A | 7.2 HIGH |
Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate. | |||||
CVE-2022-31120 | 1 Nextcloud | 1 Nextcloud Server | 2024-02-28 | N/A | 2.7 LOW |
Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available. | |||||
CVE-2022-35537 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-02-28 | N/A | 9.8 CRITICAL |
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml. | |||||
CVE-2022-3382 | 1 Hiwin | 1 Robot System Software | 2024-02-28 | N/A | 7.5 HIGH |
HIWIN Robot System Software version 3.3.21.9869 does not properly address the terminated command source. As a result, an attacker could craft code to disconnect HRSS and the controller and cause a denial-of-service condition. | |||||
CVE-2022-36876 | 1 Samsung | 1 Samsung Pass | 2024-02-28 | N/A | 2.4 LOW |
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication. | |||||
CVE-2022-36900 | 1 Jenkins | 2 Compuware Zadviser Api, Jenkins | 2024-02-28 | N/A | 8.2 HIGH |
Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | |||||
CVE-2022-36565 | 1 Wampserver | 1 Wampserver | 2024-02-28 | N/A | 8.8 HIGH |
Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
CVE-2022-35536 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-02-28 | N/A | 9.8 CRITICAL |
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml. | |||||
CVE-2021-4234 | 1 Openvpn | 1 Openvpn Access Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack. | |||||
CVE-2022-25357 | 1 Pexip | 1 Pexip Infinity | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN. | |||||
CVE-2022-35246 | 1 Rocket.chat | 1 Rocket.chat | 2024-02-28 | N/A | 4.3 MEDIUM |
A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access. | |||||
CVE-2022-21812 | 1 Intel | 1 Hardware Accelerated Execution Manager | 2024-02-28 | N/A | 7.8 HIGH |
Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-37344 | 1 Accommodation-system Project | 1 Accommodation-system | 2024-02-28 | N/A | 9.8 CRITICAL |
Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress. |