Total
29787 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1936 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue. | ||||
| CVE-2023-1691 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-1260 | 2 Kubernetes, Redhat | 4 Kube-apiserver, Openshift, Openshift Container Platform and 1 more | 2024-11-21 | 8 High |
| An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. | ||||
| CVE-2023-0916 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491. | ||||
| CVE-2023-0914 | 1 Pixelfed | 1 Pixelfed | 2024-11-21 | 5.3 Medium |
| Improper Authorization in GitHub repository pixelfed/pixelfed prior to 0.11.4. | ||||
| CVE-2023-0839 | 1 Inscada Project | 1 Inscada | 2024-11-21 | 9.8 Critical |
| Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before 20230115-1. | ||||
| CVE-2023-0697 | 1 Google | 2 Android, Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2023-0627 | 1 Docker | 1 Docker Desktop | 2024-11-21 | 6.7 Medium |
| Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. | ||||
| CVE-2022-4968 | 1 Canonical | 1 Netplan | 2024-11-21 | 6.5 Medium |
| netplan leaks the private key of wireguard to local users. Versions after 1.0 are not affected. | ||||
| CVE-2022-4927 | 1 Ualberta | 1 Neosdiscovery | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in ualbertalib NEOSDiscovery 1.0.70 and classified as problematic. This issue affects some unknown processing of the file app/views/bookmarks/_refworks.html.erb. The manipulation leads to use of web link to untrusted target with window.opener access. The attack may be initiated remotely. Upgrading to version 1.0.71 is able to address this issue. The patch is named abe9f57123e0c278ae190cd7402a623d66c51375. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-222287. | ||||
| CVE-2022-4452 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2022-48615 | 1 Huawei | 2 Ar617vw, Ar617vw Firmware | 2024-11-21 | 4.8 Medium |
| An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information. | ||||
| CVE-2022-48165 | 1 Wavlink | 2 Wl-wn530h4, Wl-wn530h4 Firmware | 2024-11-21 | 7.5 High |
| An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | ||||
| CVE-2022-48023 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 Medium |
| Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags. | ||||
| CVE-2022-47909 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 6.8 Medium |
| Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | ||||
| CVE-2022-47529 | 1 Rsa | 1 Netwitness | 2024-11-21 | 6.7 Medium |
| Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification. | ||||
| CVE-2022-46705 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2024-11-21 | 4.3 Medium |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. | ||||
| CVE-2022-46299 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | 3.3 Low |
| Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-46025 | 1 Totolink | 2 N200re V5, N200re V5 Firmware | 2024-11-21 | 9.1 Critical |
| Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. | ||||
| CVE-2022-45857 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 6 Medium |
| An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the super_admin account is deleted. | ||||