Total
3294 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48683 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 7.8 HIGH |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox. | |||||
| CVE-2022-48615 | 1 Huawei | 2 Ar617vw, Ar617vw Firmware | 2024-11-21 | N/A | 4.8 MEDIUM |
| An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information. | |||||
| CVE-2022-47648 | 1 Bosch | 2 B420, B420 Firmware | 2024-11-21 | N/A | 7.6 HIGH |
| An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can gain access to the same panel without requiring any sort of authorization. The B420 module was already obsolete at the time this vulnerability was found (The End of Life announcement was made in 2013). | |||||
| CVE-2022-47558 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-11-21 | N/A | 9.4 CRITICAL |
| Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors. | |||||
| CVE-2022-47037 | 1 Siklu | 9 Tg Firmware, Tg Lr T280, Tg Mpl-261 and 6 more | 2024-11-21 | N/A | 7.5 HIGH |
| Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials. | |||||
| CVE-2022-47036 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware, which would typically be used with firmware 2.1.1 or later. | |||||
| CVE-2022-46755 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 4.9 MEDIUM |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. | |||||
| CVE-2022-46754 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 8.7 HIGH |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities. | |||||
| CVE-2022-46678 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 4.9 MEDIUM |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. | |||||
| CVE-2022-46677 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 6.8 MEDIUM |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized. | |||||
| CVE-2022-46676 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 4.9 MEDIUM |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized. | |||||
| CVE-2022-46664 | 1 Siemens | 1 Mendix Workflow Commons | 2024-11-21 | N/A | 8.1 HIGH |
| A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information. | |||||
| CVE-2022-46331 | 1 Ge | 1 Proficy Historian | 2024-11-21 | N/A | 7.5 HIGH |
| An unauthorized user could possibly delete any file on the system. | |||||
| CVE-2022-46279 | 1 Intel | 1 Retail Edge Program | 2024-11-21 | N/A | 5.0 MEDIUM |
| Improper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-46025 | 1 Totolink | 2 N200re V5, N200re V5 Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. | |||||
| CVE-2022-45937 | 1 Siemens | 18 Pxc00-e96.a, Pxc00-e96.a Firmware, Pxc100-e96.a and 15 more | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials. | |||||
| CVE-2022-45929 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user. | |||||
| CVE-2022-45112 | 1 Intel | 1 Virtual Raid On Cpu | 2024-11-21 | N/A | 7.3 HIGH |
| Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-44622 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 2.7 LOW |
| In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive | |||||
| CVE-2022-43494 | 1 Ge | 1 Proficy Historian | 2024-11-21 | N/A | 7.5 HIGH |
| An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. | |||||