Total
28988 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-39370 | 1 Glpi-project | 1 Glpi | 2024-02-28 | N/A | 4.3 MEDIUM |
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Connected users may gain access to debug panel through the GLPI update script. This issue has been patched, please upgrade to 10.0.4. As a workaround, delete the `install/update.php` script. | |||||
CVE-2022-33689 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call. | |||||
CVE-2021-33164 | 1 Intel | 8 Nuc 8 Mainstream-g Kit Nuc8i5inh, Nuc 8 Mainstream-g Kit Nuc8i5inh Firmware, Nuc 8 Mainstream-g Kit Nuc8i7inh and 5 more | 2024-02-28 | N/A | 6.7 MEDIUM |
Improper access control in BIOS firmware for some Intel(R) NUCs before version INWHL357.0046 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-3290 | 1 Ikus-soft | 1 Rdiffweb | 2024-02-28 | N/A | 7.5 HIGH |
Improper Handling of Length Parameter Inconsistency in GitHub repository ikus060/rdiffweb prior to 2.4.8. | |||||
CVE-2022-3780 | 1 Devolutions | 1 Remote Desktop Manager | 2024-02-28 | N/A | 7.5 HIGH |
Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. | |||||
CVE-2022-3054 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-02-28 | N/A | 6.5 MEDIUM |
Insufficient policy enforcement in DevTools in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2022-3275 | 2 Fedoraproject, Puppet | 2 Fedora, Puppetlabs-mysql | 2024-02-28 | N/A | 9.8 CRITICAL |
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. | |||||
CVE-2022-39867 | 1 Samsung | 1 Smartthings | 2024-02-28 | N/A | 7.5 HIGH |
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. | |||||
CVE-2022-33931 | 1 Dell | 1 Wyse Management Suite | 2024-02-28 | N/A | 5.3 MEDIUM |
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An attacker with no access to Alert Classification page could potentially exploit this vulnerability, leading to the change the alert categories. | |||||
CVE-2022-36110 | 1 Gravitl | 1 Netmaker | 2024-02-28 | N/A | 8.8 HIGH |
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1. | |||||
CVE-2022-2393 | 2 Pki-core Project, Redhat | 3 Pki-core, Certificate System, Enterprise Linux | 2024-02-28 | N/A | 5.7 MEDIUM |
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content. | |||||
CVE-2022-39217 | 1 Ghas-to-csv Project | 1 Ghas-to-csv | 2024-02-28 | N/A | 9.8 CRITICAL |
some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version `v1`. Users are advised to use `v1` or later. There are no known workarounds for this issue. | |||||
CVE-2022-33685 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. | |||||
CVE-2022-21793 | 2 Intel, Vmware | 10 82599 10 Gigabit Ethernet Controller, Ethernet Controller X540, Ethernet Controller X550 and 7 more | 2024-02-28 | N/A | 5.5 MEDIUM |
Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access. | |||||
CVE-2022-38770 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2024-02-28 | N/A | 5.3 MEDIUM |
The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request. | |||||
CVE-2022-1561 | 2 Krakend, Luraproject | 2 Krakend, Lura | 2024-02-28 | N/A | 4.3 MEDIUM |
Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable. | |||||
CVE-2022-42221 | 1 Netgear | 2 R6220, R6220 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
Netgear R6220 v1.1.0.114_1.0.1 suffers from Incorrect Access Control, resulting in a command injection vulnerability. | |||||
CVE-2022-33198 | 1 Oxilab | 1 Accordions | 2024-02-28 | N/A | 5.3 MEDIUM |
Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. | |||||
CVE-2022-39851 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
Improper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that require BIND_REMOTEVIEWS permission. | |||||
CVE-2022-33969 | 1 Oxilab | 1 Flipbox | 2024-02-28 | N/A | 7.2 HIGH |
Authenticated WordPress Options Change vulnerability in Biplob Adhikari's Flipbox plugin <= 2.6.0 at WordPress. |