Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32585 | 1 Robustel | 2 R1510, R1510 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
|
|||||
| CVE-2022-32583 | 1 Cybozu | 1 Office | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.
|
|||||
| CVE-2022-32578 | 1 Intel | 1 Nuc Pro Software Suite | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Improper access control for the Intel(R) NUC Pro Software Suite before version 2.0.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-32544 | 1 Cybozu | 1 Office | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.
|
|||||
| CVE-2022-32537 | 1 Medtronic | 56 Guardian Link 2 Transmitter Mmt-7730, Guardian Link 2 Transmitter Mmt-7730 Firmware, Guardian Link 2 Transmitter Mmt-7731 and 53 more | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance
|
|||||
| CVE-2022-32430 | 1 Talelin | 1 Lin-cms-spring-boot | 2024-11-21 | N/A | 7.5 HIGH |
|
An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.
|
|||||
| CVE-2022-32261 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application.
|
|||||
| CVE-2022-32260 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
|
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios.
|
|||||
| CVE-2022-32259 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.
|
|||||
| CVE-2022-32258 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure.
|
|||||
| CVE-2022-32256 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information.
|
|||||
| CVE-2022-32255 | 1 Siemens | 1 Sinema Remote Connect Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information.
|
|||||
| CVE-2022-31884 | 1 Marvalglobal | 1 Marval Msm | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
|
|||||
| CVE-2022-31876 | 1 Netgear | 2 Wnap320, Wnap320 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.
|
|||||
| CVE-2022-31609 | 1 Nvidia | 1 Virtual Gpu | 2024-11-21 | N/A | 7.8 HIGH |
|
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure.
|
|||||
| CVE-2022-31589 | 1 Sap | 3 Erp Financial Accounting, Erp Localization For Cee Countries, S\/4hana | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.
|
|||||
| CVE-2022-31496 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.
|
|||||
| CVE-2022-31476 | 1 Intel | 1 System Usage Report | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable denial of service via local access.
|
|||||
| CVE-2022-31257 | 1 Mendix | 1 Mendix | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s p ...
Show More |
|||||
| CVE-2022-31247 | 1 Suse | 1 Rancher | 2024-11-21 | N/A | 9.1 CRITICAL |
|
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16.
|
|||||
| CVE-2022-31224 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2024-11-21 | N/A | 2.0 LOW |
|
Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system.
|
|||||
| CVE-2022-31223 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2024-11-21 | N/A | 2.3 LOW |
|
Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. A local authenticated administrator user could potentially exploit this vulnerability by sending unexpected null bytes in order to read memory on the system.
|
|||||
| CVE-2022-31215 | 1 Goverlan | 3 Client Agent, Reach Console, Reach Server | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11.
|
|||||
| CVE-2022-31180 | 1 Shescape Project | 1 Shescape | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the `escape` or `escapeAll` functions with the `interpolation` option set to `true`. The result is that if an attacker is able to include whitespace in their input they can: 1. Invoke shell-specific behaviour through shell-specific special characters inserted directly after whitespace. 2. Invoke shell ...
Show More |
|||||
| CVE-2022-31150 | 1 Nodejs | 1 Undici | 2024-11-21 | N/A | 5.3 MEDIUM |
|
undici is an HTTP/1.1 client, written from scratch for Node.js. It is possible to inject CRLF sequences into request headers in undici in versions less than 5.7.1. A fix was released in version 5.8.0. Sanitizing all HTTP headers from untrusted sources to eliminate `\r\n` is a workaround for this issue.
|
|||||
| CVE-2022-31120 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | N/A | 2.1 LOW |
|
Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available.
|
|||||
| CVE-2022-31055 | 1 Google | 1 Kctf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect.
|
|||||
| CVE-2022-31032 | 1 Enalean | 1 Tuleap | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue.
|
|||||
| CVE-2022-31025 | 1 Discourse | 1 Discourse | 2024-11-21 | 5.0 MEDIUM | 2.6 LOW |
|
Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase ...
Show More |
|||||
| CVE-2022-31007 | 1 Elabftw | 1 Elabftw | 2024-11-21 | 6.5 MEDIUM | 4.9 MEDIUM |
|
eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system a ...
Show More |
|||||
| CVE-2022-30973 | 1 Apache | 1 Tika | 2024-11-21 | 2.6 LOW | 5.5 MEDIUM |
|
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.
|
|||||
| CVE-2022-30945 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.8 MEDIUM | 8.5 HIGH |
|
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.
|
|||||
| CVE-2022-30885 | 1 Esa | 1 Pyesasky | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The pyesasky for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.0-1.4.2.
|
|||||
| CVE-2022-30877 | 1 Keep Project | 1 Keep | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2.
|
|||||
| CVE-2022-30757 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.
|
|||||
| CVE-2022-30752 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.
|
|||||
| CVE-2022-30751 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.
|
|||||
| CVE-2022-30750 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.
|
|||||
| CVE-2022-30748 | 1 Samsung | 1 Members | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity.
|
|||||
| CVE-2022-30745 | 1 Samsung | 1 Quick Share | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share.
|
|||||