Total
152 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11015 | 1 Thinx-device-api Project | 1 Thinx-device-api | 2022-09-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies to all (mostly ESP8266/ESP32) users. This has been fixed in firmware version 2.5.0. | |||||
| CVE-2022-37709 | 1 Tesla | 3 Model 3, Model 3 Firmware, Tesla | 2022-09-23 | N/A | 5.3 MEDIUM |
| Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. Tesla Model 3's Phone Key authentication is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to open a door and drive the car away by leveraging access to a legitimate Phone Key. | |||||
| CVE-2022-23949 | 1 Keylime | 1 Keylime | 2022-09-22 | N/A | 7.5 HIGH |
| In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar. | |||||
| CVE-2021-43310 | 1 Keylime | 1 Keylime | 2022-09-22 | N/A | 9.8 CRITICAL |
| A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution. | |||||
| CVE-2021-0232 | 2 Fedoraproject, Juniper | 2 Fedora, Paragon Active Assurance Control Center | 2022-09-20 | 5.8 MEDIUM | 7.4 HIGH |
| An authentication bypass vulnerability in the Juniper Networks Paragon Active Assurance Control Center may allow an attacker with specific information about the deployment to mimic an already registered Test Agent and access its configuration including associated inventory details. If the issue occurs, the affected Test Agent will not be able to connect to the Control Center. This issue affects Juniper Networks Paragon Active Assurance Control Center All versions prior to 2.35.6; 2.36 versions prior to 2.36.2. | |||||
| CVE-2020-19003 | 1 Liftoffsoftware | 1 Gate One | 2022-09-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue in Gate One 1.2.0 allows attackers to bypass to the verification check done by the origins list and connect to Gate One instances used by hosts not on the origins list. | |||||
| CVE-2022-31149 | 1 Activitywatch | 1 Activitywatch | 2022-09-13 | N/A | 9.6 CRITICAL |
| ActivityWatch open-source automated time tracker. Versions prior to 0.12.0b2 are vulnerable to DNS rebinding attacks. This vulnerability impacts everyone running ActivityWatch and gives the attacker full access to the ActivityWatch REST API. Users should upgrade to v0.12.0b2 or later to receive a patch. As a workaround, block DNS lookups that resolve to 127.0.0.1. | |||||
| CVE-2022-1307 | 1 Google | 2 Android, Chrome | 2022-08-30 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-1306 | 1 Google | 1 Chrome | 2022-08-30 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-32744 | 1 Samba | 1 Samba | 2022-08-29 | N/A | 8.8 HIGH |
| A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. | |||||
| CVE-2022-33991 | 1 Dproxy-nexgen Project | 1 Dproxy-nexgen | 2022-08-18 | N/A | 5.3 MEDIUM |
| dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers. | |||||
| CVE-2018-7160 | 1 Nodejs | 1 Node.js | 2022-08-16 | 6.8 MEDIUM | 8.8 HIGH |
| The Node.js inspector, in 6.x and later is vulnerable to a DNS rebinding attack which could be exploited to perform remote code execution. An attack is possible from malicious websites open in a web browser on the same computer, or another computer with network access to the computer running the Node.js process. A malicious website could use a DNS rebinding attack to trick the web browser to bypass same-origin-policy checks and to allow HTTP connections to localhost or to hosts on the local network. If a Node.js process with the debug port active is running on localhost or on a host on the local network, the malicious website could connect to it as a debugger, and get full code execution access. | |||||
| CVE-2022-2324 | 1 Sonicwall | 1 Email Security | 2022-08-08 | N/A | 7.5 HIGH |
| Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions | |||||
| CVE-2022-22476 | 1 Ibm | 2 Open Liberty, Websphere Application Server | 2022-08-03 | 6.0 MEDIUM | 8.8 HIGH |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. | |||||
| CVE-2022-2310 | 1 Skyhighsecurity | 1 Secure Web Gateway | 2022-08-02 | N/A | 9.8 CRITICAL |
| An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of SWG incorrectly whitelisting authentication bypass methods and using a weak crypto password. This can lead to the attacker logging into the SWG admin interface, without valid credentials, as the super user with complete control over the SWG. | |||||
| CVE-2021-34466 | 1 Microsoft | 1 Windows 10 | 2022-07-12 | 3.6 LOW | 6.1 MEDIUM |
| Windows Hello Security Feature Bypass Vulnerability | |||||
| CVE-2021-41753 | 1 Dlink | 4 Dir-x1560, Dir-x1560 Firmware, Dir-x6060 and 1 more | 2022-07-12 | 7.8 HIGH | 7.5 HIGH |
| A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1.04B04, and DIR-X6060, v1.11B04 allows a remote unauthenticated attacker to disconnect a wireless client via sending specific spoofed SAE authentication frames. | |||||
| CVE-2022-1745 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2022-07-05 | 7.2 HIGH | 6.8 MEDIUM |
| The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions. | |||||
| CVE-2022-32983 | 1 Nic | 1 Knot Resolver | 2022-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. | |||||
| CVE-2022-26505 | 2 Debian, Readymedia Project | 2 Debian Linux, Readymedia | 2022-06-03 | 4.3 MEDIUM | 7.4 HIGH |
| A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. | |||||