Total
28988 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-34868 | 1 Yookassa | 1 Yukassa For Woocommerce | 2024-02-28 | N/A | 6.5 MEDIUM |
Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | |||||
CVE-2022-32544 | 1 Cybozu | 1 Office | 2024-02-28 | N/A | 4.3 MEDIUM |
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors. | |||||
CVE-2022-44544 | 2 Canonical, Mahara | 2 Ubuntu Linux, Mahara | 2024-02-28 | N/A | 9.8 CRITICAL |
Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript. | |||||
CVE-2022-3317 | 1 Google | 2 Android, Chrome | 2024-02-28 | N/A | 4.3 MEDIUM |
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 106.0.5249.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | |||||
CVE-2022-38792 | 1 Exotel Project | 1 Exotel | 2024-02-28 | N/A | 9.8 CRITICAL |
The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party. | |||||
CVE-2022-2778 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-02-28 | N/A | 9.8 CRITICAL |
In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | |||||
CVE-2022-36323 | 1 Siemens | 180 Scalance M-800, Scalance M-800 Firmware, Scalance S615 and 177 more | 2024-02-28 | N/A | 9.1 CRITICAL |
Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. | |||||
CVE-2022-38788 | 1 Nokia | 2 Fastmile 5g Receiver, Fastmile 5g Receiver Firmware | 2024-02-28 | N/A | 4.3 MEDIUM |
An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key). | |||||
CVE-2022-36375 | 1 Oxilab | 1 Responsive Tabs | 2024-02-28 | N/A | 7.2 HIGH |
Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. | |||||
CVE-2022-26017 | 1 Intel | 1 Driver \& Support Assistant | 2024-02-28 | N/A | 8.0 HIGH |
Improper access control in the Intel(R) DSA software for before version 22.2.14 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | |||||
CVE-2022-36072 | 1 Silverwaregames | 1 Silverwaregames | 2024-02-28 | N/A | 5.9 MEDIUM |
SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the `0e` symbols were being handled as zero multiplied with the `e` number. Therefore, the hash value was equal to 0. The maintainers fixed this in version 1.1.9 by using `===` instead of `==` in comparisons where it is possible (e.g. on sign in/sign up handlers). | |||||
CVE-2021-23188 | 1 Intel | 36 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 33 more | 2024-02-28 | N/A | 3.3 LOW |
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2021-25657 | 1 Avaya | 1 Ip Office | 2024-02-28 | N/A | 7.8 HIGH |
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. | |||||
CVE-2022-39890 | 1 Samsung | 1 Billing | 2024-02-28 | N/A | 7.5 HIGH |
Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information. | |||||
CVE-2022-41716 | 2 Golang, Microsoft | 2 Go, Windows | 2024-02-28 | N/A | 7.5 HIGH |
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D". | |||||
CVE-2022-3330 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 4.3 MEDIUM |
It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1. | |||||
CVE-2022-32993 | 1 Totolink | 2 A7000r, A7000r Firmware | 2024-02-28 | N/A | 9.8 CRITICAL |
TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh. | |||||
CVE-2022-36879 | 3 Debian, Linux, Netapp | 43 Debian Linux, Linux Kernel, A700s and 40 more | 2024-02-28 | N/A | 5.5 MEDIUM |
An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. | |||||
CVE-2022-25986 | 1 Cybozu | 1 Office | 2024-02-28 | N/A | 4.3 MEDIUM |
Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler. | |||||
CVE-2022-38768 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2024-02-28 | N/A | 9.8 CRITICAL |
The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization. |