Total
3678 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2303 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA. | |||||
| CVE-2022-2302 | 1 Lenze | 6 C520, C520 Firmware, C550 and 3 more | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowledge of the password. | |||||
| CVE-2022-2197 | 1 Exemys | 2 Rme1, Rme1 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations. | |||||
| CVE-2022-2133 | 1 Miniorange | 1 Oauth Single Sign On | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address. | |||||
| CVE-2022-2031 | 1 Samba | 1 Samba | 2024-11-21 | N/A | 8.8 HIGH |
| A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services. | |||||
| CVE-2022-29865 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials. | |||||
| CVE-2022-29858 | 1 Silverstripe | 1 Assets | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content. | |||||
| CVE-2022-29838 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authentication vulnerability in the encrypted volumes and auto mount features of Western Digital My Cloud devices allows insecure direct access to the drive information in the case of a device reset. This issue affects: Western Digital My Cloud My Cloud versions prior to 5.25.124 on Linux. | |||||
| CVE-2022-29775 | 1 Ispyconnect | 1 Ispy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL. | |||||
| CVE-2022-29578 | 1 Meridian | 1 Meridian | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage. | |||||
| CVE-2022-29534 | 1 Misp | 1 Misp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. | |||||
| CVE-2022-29237 | 1 Apereo | 1 Opencast | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing organizational barriers. Attackers must have full access to Opencast's ingest REST interface, and also know internal links to resources in another organization of the same Opencast cluster. Users who do not run a multi-tenant cluster are not affected by this issue. This issue is fixed in Opencast 10.14 and 11.7. | |||||
| CVE-2022-29083 | 1 Dell | 216 Chengming 3980, Chengming 3980 Firmware, Chengming 3990 and 213 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Prior Dell BIOS versions contain an Improper Authentication vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability by bypassing drive security mechanisms in order to gain access to the system. | |||||
| CVE-2022-28955 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php. | |||||
| CVE-2022-28790 | 1 Samsung | 1 Link To Windows Service | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic. | |||||
| CVE-2022-28713 | 1 Cybozu | 1 Garoon | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product. | |||||
| CVE-2022-28666 | 1 Yikesinc | 1 Custom Product Tabs For Woocommerce | 2024-11-21 | N/A | 5.3 MEDIUM |
| Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update. | |||||
| CVE-2022-28376 | 1 Verizon | 2 Lvskihp, Lvskihp Firmware | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value. | |||||
| CVE-2022-28106 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. | |||||
| CVE-2022-27839 | 1 Samsung | 1 Internet | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials. | |||||