Total
1299 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26376 | 1 Amd | 167 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 164 more | 2022-06-01 | 4.9 MEDIUM | 5.5 MEDIUM |
| Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service. | |||||
| CVE-2022-30016 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-05-29 | 6.5 MEDIUM | 8.8 HIGH |
| Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info. | |||||
| CVE-2022-24466 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-05-26 | 2.3 LOW | 4.1 MEDIUM |
| Windows Hyper-V Security Feature Bypass Vulnerability. | |||||
| CVE-2020-3578 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2022-05-26 | 5.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. The vulnerability is due to insufficient validation of URLs when portal access rules are configured. An attacker could exploit this vulnerability by accessing certain URLs on the affected device. | |||||
| CVE-2022-1753 | 1 Wowonder | 1 Wowonder | 2022-05-25 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in WoWonder. Affected is the file /requests.php which is responsible to handle group messages. The manipulation of the argument group_id allows posting messages in other groups. It is possible to launch the attack remotely but it might require authentication. A video explaining the attack has been disclosed to the public. | |||||
| CVE-2022-1553 | 1 Publify Project | 1 Publify | 2022-05-25 | 4.0 MEDIUM | 4.9 MEDIUM |
| Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users. | |||||
| CVE-2022-0574 | 1 Publify Project | 1 Publify | 2022-05-24 | 6.4 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in GitHub repository publify/publify prior to 9.2.8. | |||||
| CVE-2022-27134 | 1 B1 | 1 Eosio Batdappboomx | 2022-05-24 | 5.0 MEDIUM | 7.5 HIGH |
| EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the `std::string memo` parameter. | |||||
| CVE-2022-23139 | 1 Zte | 2 Zxmp M721, Zxmp M721 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files. | |||||
| CVE-2022-22798 | 1 Sysaid | 1 Sysaid | 2022-05-23 | 9.0 HIGH | 8.8 HIGH |
| Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system. | |||||
| CVE-2022-29114 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2022-05-23 | 2.1 LOW | 5.5 MEDIUM |
| Windows Print Spooler Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29140. | |||||
| CVE-2022-21913 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass. | |||||
| CVE-2022-26913 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server and 2 more | 2022-05-23 | 5.8 MEDIUM | 7.4 HIGH |
| Windows Authentication Security Feature Bypass Vulnerability. | |||||
| CVE-2022-23705 | 1 Hpe | 1 Nimbleos | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. | |||||
| CVE-2022-28601 | 1 Lmsdoctor | 1 2 Factor Authentication | 2022-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism. | |||||
| CVE-2022-29538 | 1 Resi | 1 Gemini-net | 2022-05-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical resources. | |||||
| CVE-2022-0027 | 1 Paloaltonetworks | 1 Cortex Xsoar | 2022-05-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access. This issue impacts: All versions of Cortex XSOAR 6.1; All versions of Cortex XSOAR 6.2; All versions of Cortex XSOAR 6.5; Cortex XSOAR 6.6 versions earlier than Cortex XSOAR 6.6.0 build 6.6.0.2585049. | |||||
| CVE-2022-29107 | 1 Microsoft | 4 365 Apps, Office, Publisher and 1 more | 2022-05-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Office Security Feature Bypass Vulnerability. | |||||
| CVE-2022-1124 | 1 Gitlab | 1 Gitlab | 2022-05-18 | 3.5 LOW | 4.3 MEDIUM |
| An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled | |||||
| CVE-2022-1545 | 1 Gitlab | 1 Gitlab | 2022-05-18 | 4.0 MEDIUM | 4.3 MEDIUM |
| It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note. | |||||