Total
2555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21141 | 1 Airspan | 9 A5x, A5x Firmware, C5c and 6 more | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
|
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization checks on multiple API functions. An attacker may gain access to these functions and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.
|
|||||
| CVE-2022-20942 | 1 Cisco | 4 Asyncos, Secure Email And Web Manager, Secure Email Gateway and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA), Cisco Secure Email and Web Manager, and Cisco Secure Web Appliance, formerly known as Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to retrieve sensitive information from an affected device, including user credentials.
This vulnerability is due to weak enforcement of back-end authorization checks. An attacker could exploit this vulnerability by sending a crafted H ...
Show More |
|||||
| CVE-2022-20928 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-11-21 | N/A | 5.8 MEDIUM |
|
A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to establish a connection as a different user.
This vulnerability is due to a flaw in the authorization verifications during the VPN authentication flow. An attacker could exploit this vulnerability by sending a crafted packet during a VPN authentication. The attacker mu ...
Show More |
|||||
| CVE-2022-1983 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured.
|
|||||
| CVE-2022-1981 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 2.7 LOW |
|
An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list.
|
|||||
| CVE-2022-1944 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.9 MEDIUM | 5.4 MEDIUM |
|
When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs
|
|||||
| CVE-2022-1936 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured
|
|||||
| CVE-2022-1935 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured
|
|||||
| CVE-2022-1753 | 1 Wowonder | 1 Wowonder | 2024-11-21 | 4.0 MEDIUM | 5.4 MEDIUM |
|
A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public.
|
|||||
| CVE-2022-1706 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Ignition and 1 more | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config.
|
|||||
| CVE-2022-1631 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify ...
Show More |
|||||
| CVE-2022-1553 | 1 Publify Project | 1 Publify | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users.
|
|||||
| CVE-2022-1499 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
|
|||||
| CVE-2022-1466 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted.
|
|||||
| CVE-2022-1460 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.1 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user.
|
|||||
| CVE-2022-1417 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs
|
|||||
| CVE-2022-1401 | 1 Device42 | 1 Cmdb | 2024-11-21 | N/A | 6.9 MEDIUM |
|
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00.
|
|||||
| CVE-2022-1365 | 1 Cross-fetch Project | 1 Cross-fetch | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.
|
|||||
| CVE-2022-1309 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 9.6 CRITICAL |
|
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
|
|||||
| CVE-2022-1224 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
|
|||||
| CVE-2022-1193 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
|
Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances
|
|||||
| CVE-2022-1177 | 1 Open-emr | 1 Openemr | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0.
|
|||||
| CVE-2022-1132 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.
|
|||||
| CVE-2022-1124 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
|
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled
|
|||||
| CVE-2022-0985 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability.
|
|||||
| CVE-2022-0984 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges.
|
|||||
| CVE-2022-0981 | 1 Quarkus | 1 Quarkus | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.
|
|||||
| CVE-2022-0920 | 1 Salonbookingsystem | 1 Salon Booking System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data
|
|||||
| CVE-2022-0860 | 2 Cobbler Project, Fedoraproject | 2 Cobbler, Fedora | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
|
|||||
| CVE-2022-0829 | 1 Webmin | 1 Webmin | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
|
|||||
| CVE-2022-0825 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
|
|||||
| CVE-2022-0824 | 1 Webmin | 1 Webmin | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
|
|||||
| CVE-2022-0740 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 3.1 LOW |
|
Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches.
|
|||||
| CVE-2022-0727 | 1 Framasoft | 1 Peertube | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.
|
|||||
| CVE-2022-0720 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it.
|
|||||
| CVE-2022-0670 | 3 Fedoraproject, Linuxfoundation, Redhat | 3 Fedora, Ceph, Ceph Storage | 2024-11-21 | N/A | 9.1 CRITICAL |
|
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
|
|||||
| CVE-2022-0633 | 1 Updraftplus | 1 Updraftplus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site (such as subscriber) to download the most recent site & database backup.
|
|||||
| CVE-2022-0594 | 1 Shareaholic | 1 Shareaholic | 2024-11-21 | N/A | 5.3 MEDIUM |
|
The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc.
|
|||||
| CVE-2022-0577 | 2 Debian, Scrapy | 2 Debian Linux, Scrapy | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.
|
|||||
| CVE-2022-0574 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
Improper Access Control in GitHub repository publify/publify prior to 9.2.8.
|
|||||