Export limit exceeded: 10719 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10719 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23383 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 9.1 Critical |
| YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out. | ||||
| CVE-2022-23320 | 1 Xerox | 1 Xmpie Ustore | 2024-11-21 | 7.5 High |
| XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database. | ||||
| CVE-2022-23317 | 1 Helpsystems | 1 Cobalt Strike | 2024-11-21 | 7.5 High |
| CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL. | ||||
| CVE-2022-23178 | 1 Crestron | 2 Hd-md4x2-4k-e, Hd-md4x2-4k-e Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields. | ||||
| CVE-2022-23156 | 1 Dell | 1 Wyse Device Agent | 2024-11-21 | 6 Medium |
| Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server. | ||||
| CVE-2022-22990 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2024-11-21 | 7.8 High |
| A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts. | ||||
| CVE-2022-22831 | 1 Servisnet | 1 Tessa | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header. | ||||
| CVE-2022-22796 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 7 High |
| Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication. | ||||
| CVE-2022-22729 | 1 Yokogawa | 9 Centum Cs 3000, Centum Cs 3000 Entry, Centum Cs 3000 Entry Firmware and 6 more | 2024-11-21 | 8.8 High |
| CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. | ||||
| CVE-2022-22656 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 3.3 Low |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. | ||||
| CVE-2022-22650 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 5.5 Medium |
| This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application's permissions and access user data. | ||||
| CVE-2022-22576 | 6 Brocade, Debian, Haxx and 3 more | 18 Fabric Operating System, Debian Linux, Curl and 15 more | 2024-11-21 | 8.1 High |
| An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). | ||||
| CVE-2022-22472 | 2 Ibm, Linux | 2 Spectrum Protect Plus Container Backup And Restore, Linux Kernel | 2024-11-21 | 8.8 High |
| IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software. IBM X-Force ID: 225340. | ||||
| CVE-2022-22292 | 1 Google | 1 Android | 2024-11-21 | 7.1 High |
| Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. | ||||
| CVE-2022-22289 | 1 Samsung | 1 S Assistant | 2024-11-21 | 5.3 Medium |
| Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information. | ||||
| CVE-2022-22288 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 7.5 High |
| Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. | ||||
| CVE-2022-22284 | 1 Samsung | 1 Internet | 2024-11-21 | 5.7 Medium |
| Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication | ||||
| CVE-2022-22283 | 1 Samsung | 1 Health | 2024-11-21 | 2.8 Low |
| Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App. | ||||
| CVE-2022-22282 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2024-11-21 | 9.8 Critical |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. | ||||
| CVE-2022-22272 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission | ||||