Total
1299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13716 | 2 Google, Opensuse | 2 Chrome, Backports Sle | 2022-10-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2022-34434 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2022-10-13 | N/A | 6.7 MEDIUM |
| Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. | |||||
| CVE-2019-7258 | 1 Nortekcontrol | 4 Linear Emerge Elite, Linear Emerge Elite Firmware, Linear Emerge Essential and 1 more | 2022-10-13 | 6.5 MEDIUM | 8.8 HIGH |
| Linear eMerge E3-Series devices allow Privilege Escalation. | |||||
| CVE-2022-38388 | 1 Ibm | 1 Navigator Mobile | 2022-10-13 | N/A | 5.5 MEDIUM |
| IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968. | |||||
| CVE-2022-28866 | 1 Nokia | 1 Airframe Bmc Web Gui R18 Firmware | 2022-10-13 | N/A | 8.8 HIGH |
| Multiple Improper Access Control was discovered in Nokia AirFrame BMC Web GUI < R18 Firmware v4.13.00. It does not properly validate requests for access to (or editing of) data and functionality in all endpoints under /#settings/* and /api/settings/*. By not verifying the permissions for access to resources, it allows a potential attacker to view pages, with sensitive data, that are not allowed, and modify system configurations also causing DoS, which should be accessed only by user with administration profile, bypassing all controls (without checking for user identity). | |||||
| CVE-2022-39862 | 2 Google, Samsung | 2 Android, Dynamic Lockscreen | 2022-10-11 | N/A | 9.8 CRITICAL |
| Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. | |||||
| CVE-2022-1706 | 2 Fedoraproject, Redhat | 4 Fedora, Enterprise Linux, Ignition and 1 more | 2022-10-11 | 3.5 LOW | 6.5 MEDIUM |
| A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config. | |||||
| CVE-2022-41574 | 1 Gradle | 1 Enterprise | 2022-10-11 | N/A | 7.5 HIGH |
| An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. This is fixed in 2022.3.2. | |||||
| CVE-2022-36634 | 1 Zkteco | 1 Zkbiosecurity V5000 | 2022-10-11 | N/A | 8.8 HIGH |
| An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request. | |||||
| CVE-2022-39873 | 1 Samsung | 1 Internet | 2022-10-08 | N/A | 4.6 MEDIUM |
| Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. | |||||
| CVE-2021-30972 | 1 Apple | 2 Mac Os X, Macos | 2022-10-07 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences. | |||||
| CVE-2022-25584 | 1 Flexwatch | 2 Fw3170-ps-e, Fw3170-ps-e Firmware | 2022-10-07 | 5.0 MEDIUM | 7.5 HIGH |
| Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information. | |||||
| CVE-2022-34046 | 1 Wavlink | 2 Wn533a8, Wn533a8 Firmware | 2022-10-07 | N/A | 7.5 HIGH |
| An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);]. | |||||
| CVE-2020-26555 | 3 Bluetooth, Fedoraproject, Intel | 32 Bluetooth Core Specification, Fedora, Ac 3165 and 29 more | 2022-10-06 | 4.8 MEDIUM | 5.4 MEDIUM |
| Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specification 1.0B through 5.2 may permit an unauthenticated nearby device to spoof the BD_ADDR of the peer device to complete pairing without knowledge of the PIN. | |||||
| CVE-2020-28872 | 1 Monitorr Project | 1 Monitorr | 2022-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_register.php allows an unauthorized person to create valid credentials. | |||||
| CVE-2021-39904 | 1 Gitlab | 1 Gitlab | 2022-10-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| An Improper Access Control vulnerability in the GraphQL API in all versions of GitLab CE/EE starting from 13.1 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request | |||||
| CVE-2021-40504 | 1 Sap | 1 Netweaver Application Server Abap | 2022-10-06 | 4.0 MEDIUM | 4.9 MEDIUM |
| A certain template role in SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, contains transport authorizations, which exceed expected display only permissions. | |||||
| CVE-2020-11753 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2022-10-05 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable). | |||||
| CVE-2022-29490 | 1 Hitachienergy | 2 Microscada X Sys600, Sys600 | 2022-10-05 | N/A | 8.8 HIGH |
| Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* | |||||
| CVE-2022-2778 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2022-10-04 | N/A | 9.8 CRITICAL |
| In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes. | |||||