Total
28986 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-42788 | 1 Apple | 1 Macos | 2024-02-28 | N/A | 5.5 MEDIUM |
A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information. | |||||
CVE-2022-33925 | 1 Dell | 1 Wyse Management Suite | 2024-02-28 | N/A | 6.5 MEDIUM |
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information. | |||||
CVE-2022-33721 | 1 Google | 1 Android | 2024-02-28 | N/A | 5.5 MEDIUM |
A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. | |||||
CVE-2022-33702 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. | |||||
CVE-2022-39873 | 1 Samsung | 1 Internet | 2024-02-28 | N/A | 4.6 MEDIUM |
Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. | |||||
CVE-2022-37843 | 1 Totolink | 2 A860r, A860r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
In TOTOLINK A860R V4.1.2cu.5182_B20201027 in cstecgi.cgi, the acquired parameters are directly put into the system for execution without filtering, resulting in a command injection vulnerability. | |||||
CVE-2022-43410 | 1 Jenkins | 1 Mercurial | 2024-02-28 | N/A | 5.3 MEDIUM |
Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access. | |||||
CVE-2022-39865 | 1 Samsung | 1 Smartthings | 2024-02-28 | N/A | 7.5 HIGH |
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | |||||
CVE-2022-43435 | 1 Jenkins | 1 360 Fireline | 2024-02-28 | N/A | 5.3 MEDIUM |
Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
CVE-2021-28511 | 1 Arista | 16 7050cx3-32s, 7050cx3m-32s, 7050sx3-48c8 and 13 more | 2024-02-28 | N/A | 6.5 MEDIUM |
This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass. | |||||
CVE-2022-2052 | 1 Trumpf | 5 Job Order Interface, Oseon, Trutops Boost and 2 more | 2024-02-28 | N/A | 9.8 CRITICAL |
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system. | |||||
CVE-2022-36899 | 1 Jenkins | 2 Compuware Ispw Operations, Jenkins | 2024-02-28 | N/A | 8.2 HIGH |
Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | |||||
CVE-2022-22224 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-02-28 | N/A | 6.5 MEDIUM |
An Improper Check or Handling of Exceptional Conditions vulnerability in the processing of a malformed OSPF TLV in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause the periodic packet management daemon (PPMD) process to go into an infinite loop, which in turn can cause protocols and functions reliant on PPMD such as OSPF neighbor reachability to be impacted, resulting in a sustained Denial of Service (DoS) condition. The DoS condition persists until the PPMD process is manually restarted. This issue affects: Juniper Networks Junos OS: All versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S3; 19.4 versions prior to 19.4R3-S9; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S3-EVO; 21.1 versions prior to 21.1R2-EVO. | |||||
CVE-2022-26023 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-28 | N/A | 6.5 MEDIUM |
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
CVE-2022-26307 | 2 Debian, Libreoffice | 2 Debian Linux, Libreoffice | 2024-02-28 | N/A | 8.8 HIGH |
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3. | |||||
CVE-2022-26352 | 1 Dotcms | 1 Dotcms | 2024-02-28 | 6.8 MEDIUM | 9.8 CRITICAL |
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose filename is not initially sanitized. This allows directory traversal, in which the file is saved outside of the intended storage location. If anonymous content creation is enabled, this allows an unauthenticated attacker to upload an executable file, such as a .jsp file, that can lead to remote code execution. | |||||
CVE-2022-33718 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. | |||||
CVE-2022-39856 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information. | |||||
CVE-2022-38135 | 1 Photospace Gallery Project | 1 Photospace Gallery | 2024-02-28 | N/A | 4.3 MEDIUM |
Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings. | |||||
CVE-2022-38999 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 9.8 CRITICAL |
The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability. |