Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29518 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-30683 1 Adobe 1 Experience Manager 2024-11-21 N/A 5.3 MEDIUM
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . An attacker could leverage this vulnerability to decrypt secrets, however, this is a high-complexity attack as the threat actor needs to already possess those secrets. Exploitation of this issue requires low-privilege access to AEM.
CVE-2022-30597 3 Fedoraproject, Moodle, Redhat 3 Fedora, Moodle, Enterprise Linux 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field.
CVE-2022-30584 1 Rsa 1 Archer 2024-11-21 9.0 HIGH 9.6 CRITICAL
Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases.
CVE-2022-30543 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 N/A 8.8 HIGH
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-30530 1 Intel 1 Driver \& Support Assistant 2024-11-21 N/A 7.8 HIGH
Protection mechanism failure in the Intel(R) DSA software before version 22.4.26 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-30305 1 Fortinet 2 Fortideceptor, Fortisandbox 2024-11-21 N/A 3.7 LOW
An insufficient logging [CWE-778] vulnerability in FortiSandbox versions 4.0.0 to 4.0.2, 3.2.0 to 3.2.3 and 3.1.0 to 3.1.5 and FortiDeceptor versions 4.2.0, 4.1.0 through 4.1.1, 4.0.0 through 4.0.2, 3.3.0 through 3.3.3, 3.2.0 through 3.2.2,3.1.0 through 3.1.1 and 3.0.0 through 3.0.2 may allow a remote attacker to repeatedly enter incorrect credentials without causing a log entry, and with no limit on the number of failed authentication attempts.
CVE-2022-30290 1 Citeum 1 Opencti 2024-11-21 5.0 MEDIUM 7.5 HIGH
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately.
CVE-2022-30126 2 Apache, Oracle 2 Tika, Primavera Unifier 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0
CVE-2022-30123 2 Debian, Rack Project 2 Debian Linux, Rack 2024-11-21 N/A 10.0 CRITICAL
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
CVE-2022-2841 1 Crowdstrike 1 Falcon 2024-11-21 N/A 2.7 LOW
A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806. It has been classified as problematic. Affected is an unknown function of the component Uninstallation Handler. The manipulation leads to missing authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.40.15409, 6.42.15611 and 6.44.15807 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-206880.
CVE-2022-2792 1 Emerson 1 Electric\'s Proficy 2024-11-21 N/A 6.6 MEDIUM
Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.
CVE-2022-2675 1 Unitree 2 Go 1, Go 1 Firmware 2024-11-21 N/A 6.5 MEDIUM
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.
CVE-2022-2661 1 Sequi 2 Portbloque S, Portbloque S Firmware 2024-11-21 N/A 9.9 CRITICAL
Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests.
CVE-2022-2622 3 Fedoraproject, Google, Microsoft 3 Fedora, Chrome, Windows 2024-11-21 N/A 6.5 MEDIUM
Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.
CVE-2022-2600 1 Auto-hyperlink Urls Project 1 Auto-hyperlink Urls 2024-11-21 N/A 5.4 MEDIUM
The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.
CVE-2022-2539 1 Gitlab 1 Gitlab 2024-11-21 N/A 5.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.
CVE-2022-2512 1 Gitlab 1 Gitlab 2024-11-21 N/A 6.5 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.
CVE-2022-2493 1 Open-emr 1 Openemr 2024-11-21 N/A 8.1 HIGH
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
CVE-2022-2475 1 Haascnc 2 Haas Controller, Haas Controller Firmware 2024-11-21 N/A 9.8 CRITICAL
Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context.
CVE-2022-2456 1 Gitlab 1 Gitlab 2024-11-21 N/A 4.9 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request.