Total
28984 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36565 | 1 Wampserver | 1 Wampserver | 2024-02-28 | N/A | 8.8 HIGH |
| Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-35536 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-02-28 | N/A | 9.8 CRITICAL |
| WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml. | |||||
| CVE-2021-4234 | 1 Openvpn | 1 Openvpn Access Server | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack. | |||||
| CVE-2022-25357 | 1 Pexip | 1 Pexip Infinity | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pexip Infinity 27.x before 27.2 has Improper Access Control. An attacker can sometimes join a conference (call join) if it has a lock but not a PIN. | |||||
| CVE-2022-35246 | 1 Rocket.chat | 1 Rocket.chat | 2024-02-28 | N/A | 4.3 MEDIUM |
| A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access. | |||||
| CVE-2022-21812 | 1 Intel | 1 Hardware Accelerated Execution Manager | 2024-02-28 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-37344 | 1 Accommodation-system Project | 1 Accommodation-system | 2024-02-28 | N/A | 9.8 CRITICAL |
| Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at WordPress. | |||||
| CVE-2022-33706 | 1 Samsung | 1 Samsung Gallery | 2024-02-28 | 2.1 LOW | 2.4 LOW |
| Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture. | |||||
| CVE-2022-38184 | 1 Esri | 1 Portal For Arcgis | 2024-02-28 | N/A | 7.5 HIGH |
| There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs. | |||||
| CVE-2022-38880 | 1 Democritus Urls Project | 1 Democritus Urls | 2024-02-28 | N/A | 9.8 CRITICAL |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0. | |||||
| CVE-2021-44776 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-02-28 | N/A | 5.3 MEDIUM |
| A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | |||||
| CVE-2022-34256 | 2 Adobe, Magento | 2 Commerce, Magento | 2024-02-28 | N/A | 9.8 CRITICAL |
| Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction. | |||||
| CVE-2022-41235 | 1 Jenkins | 1 Wildfly Deployer | 2024-02-28 | N/A | 5.3 MEDIUM |
| Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2022-22213 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-02-28 | N/A | 5.9 MEDIUM |
| A vulnerability in Handling of Undefined Values in the routing protocol daemon (RPD) process of Juniper Networks Junos OS and Junos OS Evolved may allow an unauthenticated network-based attacker to crash the RPD process by sending a specific BGP update while the system is under heavy load, leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Malicious exploitation of this issue requires a very specific combination of load, timing, and configuration of the vulnerable system which is beyond the direct control of the attacker. Internal reproduction has only been possible through artificially created load and specially instrumented source code. Systems are only vulnerable to this issue if BGP multipath is enabled. Routers not configured for BGP multipath are not vulnerable to this issue. This issue affects: Juniper Networks Junos OS: 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved: 21.1 versions prior to 21.1R3-S1-EVO; 21.2 version 21.2R1-EVO and later versions; 21.3 versions prior to 21.3R3-EVO; 21.4 versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect: Juniper Networks Junos OS versions prior to 21.1. Juniper Networks Junos OS Evolved versions prior to 21.1-EVO. | |||||
| CVE-2022-2512 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs. | |||||
| CVE-2022-39057 | 1 Changingtec | 1 Rava Certificate Validation System | 2024-02-28 | N/A | 7.2 HIGH |
| RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service. | |||||
| CVE-2022-1867 | 1 Google | 1 Chrome | 2024-02-28 | N/A | 6.5 MEDIUM |
| Insufficient validation of untrusted input in Data Transfer in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass same origin policy via a crafted clipboard content. | |||||
| CVE-2022-3496 | 1 Oretnom23 | 1 Human Resource Management System | 2024-02-28 | N/A | 8.8 HIGH |
| A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability. | |||||
| CVE-2022-0028 | 1 Paloaltonetworks | 1 Pan-os | 2024-02-28 | N/A | 8.6 HIGH |
| A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. If exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. We have taken prompt action to address this issue in our PAN-OS software. All software updates for this issue are expected to be released no later than the week of August 15, 2022. This issue does not impact Panorama M-Series or Panorama virtual appliances. This issue has been resolved for all Cloud NGFW and Prisma Access customers and no additional action is required from them. | |||||
| CVE-2020-35168 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. | |||||