Total
847 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25243 | 1 Hashicorp | 1 Vault | 2024-11-21 | 6.5 Medium |
| "Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4. | ||||
| CVE-2022-24083 | 1 Pega | 1 Infinity | 2024-11-21 | 9.8 Critical |
| Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks. | ||||
| CVE-2022-24002 | 1 Samsung | 1 Link Sharing | 2024-11-21 | 4 Medium |
| Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity. | ||||
| CVE-2022-22288 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 7.5 High |
| Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. | ||||
| CVE-2022-22272 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission | ||||
| CVE-2022-22269 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. | ||||
| CVE-2022-22268 | 1 Google | 1 Android | 2024-11-21 | 6.1 Medium |
| Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. | ||||
| CVE-2022-22267 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. | ||||
| CVE-2022-21296 | 4 Debian, Netapp, Oracle and 1 more | 23 Debian Linux, 7-mode Transition Tool, Active Iq Unified Manager and 20 more | 2024-11-21 | 5.3 Medium |
| Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2022-20921 | 1 Cisco | 1 Aci Multi-site Orchestrator | 2024-11-21 | 8.8 High |
| A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device. | ||||
| CVE-2022-1224 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 6.5 Medium |
| Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | ||||
| CVE-2022-0860 | 2 Cobbler Project, Fedoraproject | 2 Cobbler, Fedora | 2024-11-21 | 9.1 Critical |
| Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. | ||||
| CVE-2022-0829 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.1 High |
| Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | ||||
| CVE-2022-0821 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 6.5 Medium |
| Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. | ||||
| CVE-2022-0587 | 1 Librenms | 1 Librenms | 2024-11-21 | 6.5 Medium |
| Improper Authorization in Packagist librenms/librenms prior to 22.2.0. | ||||
| CVE-2022-0406 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 4.3 Medium |
| Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. | ||||
| CVE-2022-0027 | 1 Paloaltonetworks | 1 Cortex Xsoar | 2024-11-21 | 4.3 Medium |
| An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049. | ||||
| CVE-2021-44204 | 2 Acronis, Microsoft | 5 Agent, Cyber Protect, Cyber Protect Home Office and 2 more | 2024-11-21 | 7.8 High |
| Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | ||||
| CVE-2021-43847 | 1 Humhub | 1 Humhub | 2024-11-21 | 6.5 Medium |
| HumHub is an open-source social network kit written in PHP. Prior to HumHub version 1.10.3 or 1.9.3, it could be possible for registered users to become unauthorized members of private Spaces. Versions 1.10.3 and 1.9.3 contain a patch for this issue. | ||||
| CVE-2021-42338 | 1 4mosan | 1 Gcb Doctor | 2024-11-21 | 9.8 Critical |
| 4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files. | ||||