Total
28988 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-20863 | 1 Cisco | 1 Webex Teams | 2024-02-28 | N/A | 5.3 MEDIUM |
A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application interface. A successful exploit could allow the attacker to modify the display of links or other content within the interface, potentially allowing the attacker to conduct phishing or spoofing attacks. | |||||
CVE-2022-29888 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-28 | N/A | 8.1 HIGH |
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2022-2661 | 1 Sequi | 2 Portbloque S, Portbloque S Firmware | 2024-02-28 | N/A | 8.8 HIGH |
Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests. | |||||
CVE-2021-42627 | 1 Dlink | 8 Dir-615, Dir-615 Firmware, Dir-615 J1 and 5 more | 2024-02-28 | N/A | 9.8 CRITICAL |
The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. | |||||
CVE-2022-28759 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-02-28 | N/A | 8.6 HIGH |
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | |||||
CVE-2022-32959 | 1 Hinet | 1 Hicos Natural Person Credential Component Client | 2024-02-28 | N/A | 6.8 MEDIUM |
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service. | |||||
CVE-2022-3031 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 7.5 HIGH |
An issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. It may be possible for an attacker to guess a user's password by brute force by sending crafted requests to a specific endpoint, even if the victim user has 2FA enabled on their account. | |||||
CVE-2022-36868 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||||
CVE-2022-35909 | 1 Jellyfin | 1 Jellyfin | 2024-02-28 | N/A | 8.8 HIGH |
In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. | |||||
CVE-2022-22106 | 1 Qualcomm | 4 Sa8540p, Sa8540p Firmware, Sa9000p and 1 more | 2024-02-28 | N/A | 7.8 HIGH |
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto | |||||
CVE-2022-40427 | 1 Democritus Domains Project | 1 Democritus Domains | 2024-02-28 | N/A | 9.8 CRITICAL |
The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0 | |||||
CVE-2022-3735 | 1 Ehoney Project | 1 Ehoney | 2024-02-28 | N/A | 9.8 CRITICAL |
A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability. | |||||
CVE-2022-23442 | 1 Fortinet | 1 Fortios | 2024-02-28 | N/A | 4.3 MEDIUM |
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands. | |||||
CVE-2022-23182 | 1 Intel | 1 Data Center Manager | 2024-02-28 | N/A | 8.8 HIGH |
Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
CVE-2022-39011 | 1 Huawei | 2 Emui, Harmonyos | 2024-02-28 | N/A | 7.5 HIGH |
The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module. | |||||
CVE-2022-35526 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-02-28 | N/A | 9.8 CRITICAL |
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml. | |||||
CVE-2022-25921 | 1 Morgan-json Project | 1 Morgan-json | 2024-02-28 | N/A | 9.8 CRITICAL |
All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. | |||||
CVE-2022-29484 | 1 Cybozu | 1 Garoon | 2024-02-28 | 5.5 MEDIUM | 8.1 HIGH |
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. | |||||
CVE-2021-26732 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2024-02-28 | N/A | 5.3 MEDIUM |
A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | |||||
CVE-2022-38372 | 1 Fortinet | 1 Fortitester | 2024-02-28 | N/A | 6.7 MEDIUM |
A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command. |