Total
3988 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2553 | 4 Clusterlabs, Debian, Fedoraproject and 1 more | 5 Booth, Debian Linux, Fedora and 2 more | 2024-11-21 | 6.5 Medium |
| The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. | ||||
| CVE-2022-2393 | 2 Pki-core Project, Redhat | 4 Pki-core, Certificate System, Enterprise Linux and 1 more | 2024-11-21 | 5.7 Medium |
| A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content. | ||||
| CVE-2022-2303 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA. | ||||
| CVE-2022-2302 | 1 Lenze | 6 C520, C520 Firmware, C550 and 3 more | 2024-11-21 | 9.8 Critical |
| Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowledge of the password. | ||||
| CVE-2022-2133 | 1 Miniorange | 1 Oauth Single Sign On | 2024-11-21 | 5.3 Medium |
| The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address. | ||||
| CVE-2022-2031 | 1 Samba | 1 Samba | 2024-11-21 | 8.8 High |
| A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services. | ||||
| CVE-2022-29883 | 1 Siemens | 72 7kg8500-0aa00-0aa0, 7kg8500-0aa00-0aa0 Firmware, 7kg8500-0aa00-2aa0 and 69 more | 2024-11-21 | 5.3 Medium |
| A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not restrict unauthenticated access to certain pages of the web interface. This could allow an attacker to delete log files without authentication. | ||||
| CVE-2022-29865 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2024-11-21 | 7.5 High |
| OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials. | ||||
| CVE-2022-29858 | 1 Silverstripe | 1 Assets | 2024-11-21 | 4.3 Medium |
| Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. | ||||
| CVE-2022-29775 | 1 Ispyconnect | 1 Ispy | 2024-11-21 | 9.8 Critical |
| iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. | ||||
| CVE-2022-29578 | 1 Meridian | 1 Meridian | 2024-11-21 | 5.3 Medium |
| Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage. | ||||
| CVE-2022-29534 | 1 Misp | 1 Misp | 2024-11-21 | 7.5 High |
| An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. | ||||
| CVE-2022-29083 | 1 Dell | 216 Chengming 3980, Chengming 3980 Firmware, Chengming 3990 and 213 more | 2024-11-21 | 6.8 Medium |
| Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system. | ||||
| CVE-2022-28955 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-11-21 | 7.5 High |
| An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. | ||||
| CVE-2022-28790 | 1 Samsung | 1 Link To Windows Service | 2024-11-21 | 4 Medium |
| Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic. | ||||
| CVE-2022-28713 | 1 Cybozu | 1 Garoon | 2024-11-21 | 5.3 Medium |
| Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product. | ||||
| CVE-2022-28376 | 1 Verizon | 2 Lvskihp, Lvskihp Firmware | 2024-11-21 | 8.1 High |
| Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value. | ||||
| CVE-2022-28106 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-11-21 | 9.8 Critical |
| Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. | ||||
| CVE-2022-27839 | 1 Samsung | 1 Internet | 2024-11-21 | 3.3 Low |
| Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials. | ||||
| CVE-2022-27484 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 5.4 Medium |
| A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request. | ||||