Total
28988 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-2600 | 1 Auto-hyperlink Urls Project | 1 Auto-hyperlink Urls | 2024-02-28 | N/A | 5.4 MEDIUM |
The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object. | |||||
CVE-2022-33311 | 1 Cybozu | 1 Office | 2024-02-28 | N/A | 4.3 MEDIUM |
Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors. | |||||
CVE-2022-40843 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2024-02-28 | N/A | 4.9 MEDIUM |
The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account. | |||||
CVE-2022-38388 | 1 Ibm | 1 Navigator Mobile | 2024-02-28 | N/A | 5.5 MEDIUM |
IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968. | |||||
CVE-2022-20870 | 1 Cisco | 193 Catalyst 3650, Catalyst 3650-12x48fd-e, Catalyst 3650-12x48fd-l and 190 more | 2024-02-28 | N/A | 8.6 HIGH |
A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation of IPv4 traffic. An attacker could exploit this vulnerability by sending a malformed packet out of an affected MPLS-enabled interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
CVE-2022-3065 | 1 Diagrams | 1 Drawio | 2024-02-28 | N/A | 7.5 HIGH |
Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. | |||||
CVE-2022-25302 | 1 Opc Ua Stack Project | 1 Opc Ua Stack | 2024-02-28 | N/A | 7.5 HIGH |
All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA message with a special encoded NodeId. | |||||
CVE-2022-33732 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.1 HIGH |
Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. | |||||
CVE-2022-28761 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-02-28 | N/A | 6.5 MEDIUM |
Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions. | |||||
CVE-2022-33973 | 2 Intel, Microsoft | 3 Wlan Authentication And Privacy Infrastructure, Windows 10, Windows 11 | 2024-02-28 | N/A | 3.3 LOW |
Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2022-33734 | 1 Samsung | 1 Charm | 2024-02-28 | N/A | 5.5 MEDIUM |
Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. | |||||
CVE-2022-35525 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-02-28 | N/A | 9.8 CRITICAL |
WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml. | |||||
CVE-2022-30751 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. | |||||
CVE-2022-39860 | 1 Samsung | 1 Quick Share | 2024-02-28 | N/A | 3.5 LOW |
Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast. | |||||
CVE-2022-38453 | 1 Contechealth | 2 Cms8000, Cms8000 Firmware | 2024-02-28 | N/A | 4.4 MEDIUM |
Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities. | |||||
CVE-2022-38341 | 1 Safe | 1 Fme Server | 2024-02-28 | N/A | 7.1 HIGH |
Safe Software FME Server v2021.2.5 and below does not employ server-side validation. | |||||
CVE-2022-36215 | 1 Dedebiz | 1 Dedecmsv6 | 2024-02-28 | N/A | 7.2 HIGH |
DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sys_info.php. | |||||
CVE-2022-3030 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 4.3 MEDIUM |
An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users. | |||||
CVE-2022-30750 | 1 Google | 1 Android | 2024-02-28 | 2.1 LOW | 3.3 LOW |
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. | |||||
CVE-2022-36109 | 2 Fedoraproject, Mobyproject | 2 Fedora, Moby | 2024-02-28 | N/A | 6.3 MEDIUM |
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `"USER $USERNAME"` Dockerfile instruction. Instead by calling `ENTRYPOINT ["su", "-", "user"]` the supplementary groups will be set up properly. |