Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2019 | 1 Prison Management System Project | 1 Prison Management System | 2024-11-21 | 4.3 MEDIUM | 7.3 HIGH |
|
A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-29948 | 1 Lepin Ep-kp001 Project | 2 Lepin Ep-kp001, Lepinep-kp001 Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker ...
Show More |
|||||
| CVE-2022-29888 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | N/A | 8.1 HIGH |
|
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.
|
|||||
| CVE-2022-29855 | 1 Mitel | 18 6865i Sip, 6865i Sip Firmware, 6867i Sip and 15 more | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive in ...
Show More |
|||||
| CVE-2022-29812 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 2.1 LOW | 2.3 LOW |
|
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
|
|||||
| CVE-2022-29773 | 1 Aleksis | 1 Aleksis | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set.
|
|||||
| CVE-2022-29639 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
|
TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a command injection vulnerability via the magicid parameter in the function uci_cloudupdate_config.
|
|||||
| CVE-2022-29633 | 1 Linglong Project | 1 Linglong | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie.
|
|||||
| CVE-2022-29581 | 4 Canonical, Debian, Linux and 1 more | 19 Ubuntu Linux, Debian Linux, Linux Kernel and 16 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.
|
|||||
| CVE-2022-29564 | 1 Jamf | 1 Private Access | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801.
|
|||||
| CVE-2022-29538 | 1 Resi | 1 Gemini-net | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical resources.
|
|||||
| CVE-2022-29518 | 1 Koyoele | 18 Gc-a22w-cw, Gc-a22w-cw Firmware, Gc-a24 and 15 more | 2024-11-21 | 5.9 MEDIUM | 7.0 HIGH |
|
Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2), and Real time remote monitoring and control tool(Remote GC) allows a local attacker to bypass authentication due to the improper check for the Remote control setting's account names. This may allow attacker who can access the HMI from Rea ...
Show More |
|||||
| CVE-2022-29514 | 1 Intel | 1 System Usage Report | 2024-11-21 | N/A | 7.7 HIGH |
|
Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
|
|||||
| CVE-2022-29502 | 2 Fedoraproject, Schedmd | 2 Fedora, Slurm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.
|
|||||
| CVE-2022-29501 | 3 Debian, Fedoraproject, Schedmd | 3 Debian Linux, Fedora, Slurm | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.
|
|||||
| CVE-2022-29500 | 3 Debian, Fedoraproject, Schedmd | 3 Debian Linux, Fedora, Slurm | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure.
|
|||||
| CVE-2022-29490 | 1 Hitachienergy | 2 Microscada X Sys600, Sys600 | 2024-11-21 | N/A | 8.5 HIGH |
|
Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*: ...
Show More |
|||||
| CVE-2022-29484 | 1 Cybozu | 1 Garoon | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
|
|||||
| CVE-2022-29481 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
|
|||||
| CVE-2022-29471 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
|
|||||
| CVE-2022-29470 | 1 Intel | 1 Dynamic Tuning Technology | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-29423 | 1 Edmonsoft | 1 Countdown Builder | 2024-11-21 | 7.5 HIGH | 3.8 LOW |
|
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.
|
|||||
| CVE-2022-29417 | 1 Shortpixel | 1 Shortpixel Adaptive Images | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings.
|
|||||
| CVE-2022-29235 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds.
|
|||||
| CVE-2022-29229 | 1 Cassproject | 1 Competency And Skills System | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cryptographic keys. This affects CaSS servers using standalone username/password authentication, which uses a method that expects e2e cryptographic security of authorization credentials. The issue has been patched in 1.5.8, however, the vulnerable accounts are only resecured when the user next logs in ...
Show More |
|||||
| CVE-2022-29201 | 1 Google | 1 Tensorflow | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
|
|||||
| CVE-2022-29054 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 3.3 LOW |
|
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.
|
|||||
| CVE-2022-29053 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 2.3 LOW |
|
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it.
|
|||||
| CVE-2022-28946 | 1 Openpolicyagent | 1 Open Policy Agent | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.
|
|||||
| CVE-2022-28860 | 2 Axis, Citilog | 2 M1125, Citilog | 2024-11-21 | N/A | 5.9 MEDIUM |
|
An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera.
|
|||||
| CVE-2022-28782 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.
|
|||||
| CVE-2022-28780 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.0 MEDIUM |
|
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
|
|||||
| CVE-2022-28778 | 1 Samsung | 1 Samsung Security Supporter | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission
|
|||||
| CVE-2022-28777 | 1 Samsung | 1 Members | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
|
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.
|
|||||
| CVE-2022-28776 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 4.6 MEDIUM | 5.9 MEDIUM |
|
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.
|
|||||
| CVE-2022-28775 | 1 Samsung | 1 Samsung Flow | 2024-11-21 | 2.1 LOW | 5.1 MEDIUM |
|
Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.
|
|||||
| CVE-2022-28761 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions.
|
|||||
| CVE-2022-28760 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.
|
|||||
| CVE-2022-28759 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-11-21 | N/A | 8.2 HIGH |
|
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.
|
|||||
| CVE-2022-28758 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-11-21 | N/A | 8.2 HIGH |
|
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.
|
|||||