Total
4422 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34457 | 1 Dell | 1 Command\|configure | 2024-11-21 | N/A | 7.3 HIGH |
|
Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users.
|
|||||
| CVE-2022-34453 | 1 Dell | 2 Xtremio X2, Xtremio X2 Firmware | 2024-11-21 | N/A | 7.6 HIGH |
|
Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.
|
|||||
| CVE-2022-34431 | 1 Dell | 1 Hybrid Client | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability. A WMS privilege attacker could potentially exploit this vulnerability, leading to DHC system not being accessible.
|
|||||
| CVE-2022-34259 | 2 Adobe, Magento | 2 Commerce, Magento | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2022-34255 | 2 Adobe, Magento | 2 Commerce, Magento | 2024-11-21 | N/A | 8.8 HIGH |
|
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account could leverage this vulnerability to perform an account takeover for a victim. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2022-33931 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An attacker with no access to Alert Classification page could potentially exploit this vulnerability, leading to the change the alert categories.
|
|||||
| CVE-2022-33926 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 7.1 HIGH |
|
Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. A remote malicious user could exploit this vulnerability in order to retain access to a file repository after it has been revoked.
|
|||||
| CVE-2022-33925 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information.
|
|||||
| CVE-2022-33924 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability with which an attacker with no access to create rules could potentially exploit this vulnerability and create rules.
|
|||||
| CVE-2022-33731 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.1 MEDIUM |
|
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.
|
|||||
| CVE-2022-33720 | 1 Google | 1 Android | 2024-11-21 | N/A | 2.4 LOW |
|
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.
|
|||||
| CVE-2022-33714 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.
|
|||||
| CVE-2022-33706 | 1 Samsung | 1 Samsung Gallery | 2024-11-21 | 2.1 LOW | 2.4 LOW |
|
Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.
|
|||||
| CVE-2022-33701 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent.
|
|||||
| CVE-2022-33243 | 1 Qualcomm | 314 Apq8096au, Apq8096au Firmware, Aqt1000 and 311 more | 2024-11-21 | N/A | 8.4 HIGH |
|
Memory corruption due to improper access control in Qualcomm IPC.
|
|||||
| CVE-2022-32582 | 1 Intel | 78 Nuc 11 Performance Kit Nuc11pahi3, Nuc 11 Performance Kit Nuc11pahi30z, Nuc 11 Performance Kit Nuc11pahi30z Firmware and 75 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper access control in firmware for some Intel(R) NUC Boards, Intel(R) NUC 11 Performance Kit, Intel(R) NUC 11 Performance Mini PC, Intel(R) NUC Pro Compute Element may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2022-32578 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-32507 | 2024-11-21 | N/A | 8.8 HIGH | ||
|
An issue was discovered on certain Nuki Home Solutions devices. Some BLE commands, which should have been designed to be only called from privileged accounts, could also be called from unprivileged accounts. This demonstrates that no access controls were implemented for the different BLE commands across the different accounts. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4.
|
|||||
| CVE-2022-32257 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to resources and potentially lead to code execution.
|
|||||
| CVE-2022-32256 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.
|
|||||
| CVE-2022-32255 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information.
|
|||||
| CVE-2022-32212 | 4 Debian, Fedoraproject, Nodejs and 1 more | 4 Debian Linux, Fedora, Node.js and 1 more | 2024-11-21 | N/A | 8.1 HIGH |
|
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.
|
|||||
| CVE-2022-32158 | 1 Splunk | 1 Splunk | 2024-11-21 | 7.5 HIGH | 9.0 CRITICAL |
|
Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server. An attacker that compromised a Universal Forwarder endpoint could use the vulnerability to execute arbitrary code on all other Universal Forwarder endpoints subscribed to the deployment server.
|
|||||
| CVE-2022-31257 | 1 Mendix | 1 Mendix | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s p ...
Show More |
|||||
| CVE-2022-31055 | 1 Google | 1 Kctf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect.
|
|||||
| CVE-2022-31024 | 1 Nextcloud | 1 Richdocuments | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available.
|
|||||
| CVE-2022-30752 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.
|
|||||
| CVE-2022-30751 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.
|
|||||
| CVE-2022-30750 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.
|
|||||
| CVE-2022-30745 | 1 Samsung | 1 Quick Share | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share.
|
|||||
| CVE-2022-30715 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 4.0 MEDIUM |
|
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.
|
|||||
| CVE-2022-2792 | 1 Emerson | 1 Electric\'s Proficy | 2024-11-21 | N/A | 6.6 MEDIUM |
|
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.
|
|||||
| CVE-2022-2702 | 1 Company Website\/cms Project | 1 Company Website\/cms | 2024-11-21 | N/A | 7.3 HIGH |
|
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205826 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-2631 | 1 Tooljet | 1 Tooljet | 2024-11-21 | N/A | 8.8 HIGH |
|
Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0.
|
|||||
| CVE-2022-2578 | 1 Garage Management System Project | 1 Garage Management System | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-2225 | 1 Cloudflare | 1 Warp | 2024-11-21 | N/A | 8.1 HIGH |
|
By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'.
|
|||||
| CVE-2022-2103 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2024-11-21 | 6.4 MEDIUM | 9.8 CRITICAL |
|
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories.
|
|||||
| CVE-2022-2088 | 1 Smartics | 1 Smartics | 2024-11-21 | 6.8 MEDIUM | 6.8 MEDIUM |
|
An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0.
|
|||||
| CVE-2022-2052 | 1 Trumpf | 5 Job Order Interface, Oseon, Trutops Boost and 2 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system.
|
|||||
| CVE-2022-29871 | 1 Intel | 431 Atom X5-e3930, Atom X5-e3940, Atom X6200fe and 428 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||