Export limit exceeded: 350763 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350763 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11707 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11707 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-36412 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 9.8 Critical |
| In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.) | ||||
| CVE-2022-36396 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-11-21 | 8.2 High |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmiEdit-Linux-5.27.06.0017 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-36374 | 3 Intel, Linux, Microsoft | 3 Aptio V Uefi Firmware Integrator Tools, Linux Kernel, Windows | 2024-11-21 | 7.5 High |
| Improper access control in some Intel(R) Aptio* V UEFI Firmware Integrator Tools before version iDmi Windows 5.27.03.0003 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-35869 | 1 Inductiveautomation | 1 Ignition | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to bypass authentication on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within com.inductiveautomation.ignition.gateway.web.pages. The issue results from the lack of proper authentication prior to access to functionality. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17211. | ||||
| CVE-2022-35843 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 7.7 High |
| An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. | ||||
| CVE-2022-35629 | 1 Rapid7 | 1 Velociraptor | 2024-11-21 | 5.4 Medium |
| Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2. | ||||
| CVE-2022-35248 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 8.8 High |
| A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login. | ||||
| CVE-2022-35203 | 1 Trendnet | 2 Tv-ip572pi, Tv-ip572pi Firmware | 2024-11-21 | 7.2 High |
| An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information. | ||||
| CVE-2022-35198 | 1 Contract Management System Project | 1 Contract Managment System | 2024-11-21 | 7.5 High |
| Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information. | ||||
| CVE-2022-35142 | 1 Raneto Project | 1 Raneto | 2024-11-21 | 7.5 High |
| An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter. | ||||
| CVE-2022-34919 | 1 Zengenti | 1 Contensis | 2024-11-21 | 9.8 Critical |
| The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands. | ||||
| CVE-2022-34894 | 1 Jetbrains | 1 Hub | 2024-11-21 | 3.5 Low |
| In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | ||||
| CVE-2022-34887 | 1 Lenovo | 6 G263dns, G263dns Firmware, Gm265dn and 3 more | 2024-11-21 | 4.3 Medium |
| Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password. | ||||
| CVE-2022-34575 | 1 Wavlink | 1 Wifi-repeater Firmware | 2024-11-21 | 5.7 Medium |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml. | ||||
| CVE-2022-34535 | 1 Dw | 2 Megapix, Megapix Firmware | 2024-11-21 | 7.5 High |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows unauthenticated attackers to view internal paths and scripts via web files. | ||||
| CVE-2022-34453 | 1 Dell | 2 Xtremio X2, Xtremio X2 Firmware | 2024-11-21 | 7.6 High |
| Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default. | ||||
| CVE-2022-34380 | 1 Dell | 1 Cloudlink | 2024-11-21 | 9.3 Critical |
| Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. | ||||
| CVE-2022-34379 | 1 Dell | 1 Cloudlink | 2024-11-21 | 9.4 Critical |
| Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system. | ||||
| CVE-2022-34372 | 1 Dell | 1 Powerprotect Cyber Recovery | 2024-11-21 | 9.8 Critical |
| Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality | ||||
| CVE-2022-34368 | 1 Dell | 1 Emc Networker | 2024-11-21 | 6.1 Medium |
| Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources. | ||||