Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-45118 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 6.2 MEDIUM |
| OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions. | |||||
| CVE-2022-44610 | 1 Intel | 1 Data Center Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
| Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-44574 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.5 HIGH |
| An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port. | |||||
| CVE-2022-44569 | 1 Ivanti | 1 Automation | 2024-11-21 | N/A | 7.8 HIGH |
| A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | |||||
| CVE-2022-44244 | 1 Lin-cms Project | 1 Lin-cms | 2024-11-21 | N/A | 6.6 MEDIUM |
| An authentication bypass in Lin-CMS v0.2.1 allows attackers to escalate privileges to Super Administrator. | |||||
| CVE-2022-43978 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 5.6 MEDIUM |
| There is an improper authentication vulnerability in Pandora FMS v764. The application verifies that the user has a valid session when he is not trying to do a login. Since the secret is static in generatePublicHash function, an attacker with knowledge of a valid session can abuse this in order to pass the authentication check. | |||||
| CVE-2022-43900 | 1 Ibm | 1 Websphere Automation For Ibm Cloud Pak For Watson Aiops | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827. | |||||
| CVE-2022-43620 | 1 Dlink | 2 Dir-1935, Dir-1935 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The issue results from the lack of proper implementation of the authentication algorithm. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-16142. | |||||
| CVE-2022-43557 | 1 Bd | 14 Bodyguard 121 Twins, Bodyguard 121 Twins Firmware, Bodyguard 323 Colorvision and 11 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump. | |||||
| CVE-2022-43451 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 8.4 HIGH |
| OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges. | |||||
| CVE-2022-43400 | 1 Siemens | 1 Siveillance Video Mobile Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in Siveillance Video Mobile Server V2022 R2 (All versions < V22.2a (80)). The mobile server component of affected applications improperly handles the log in for Active Directory accounts that are part of Administrators group. This could allow an unauthenticated remote attacker to access the application without a valid account. | |||||
| CVE-2022-42488 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 8.4 HIGH |
| OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable security features, or cause DoS by disabling particular services. | |||||
| CVE-2022-42463 | 1 Openharmony | 1 Openharmony | 2024-11-21 | N/A | 8.3 HIGH |
| OpenHarmony-v3.1.2 and prior versions have an authenication bypass vulnerability in a callback handler function of Softbus_server in communication subsystem. Attackers can launch attacks on distributed networks by sending Bluetooth rfcomm packets to any remote device and executing arbitrary commands. | |||||
| CVE-2022-42233 | 1 Tenda | 2 11n, 11n Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability. | |||||
| CVE-2022-41985 | 1 Weston-embedded | 1 Uc-ftps | 2024-11-21 | N/A | 8.6 HIGH |
| An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | |||||
| CVE-2022-41912 | 1 Saml Project | 1 Saml | 2024-11-21 | N/A | 9.1 CRITICAL |
| The crewjam/saml go library prior to version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9. There are no workarounds other than upgrading to a fixed version. | |||||
| CVE-2022-41678 | 1 Apache | 1 Activemq | 2024-11-21 | N/A | 8.8 HIGH |
| Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0. | |||||
| CVE-2022-41648 | 1 Heidenhain | 3 Heros, Tnc 640, Tnc 640 Programming Station | 2024-11-21 | N/A | 8.1 HIGH |
| The HEIDENHAIN Controller TNC 640, version 340590 07 SP5, running HEROS 5.08.3 controlling the HARTFORD 5A-65E CNC machine is vulnerable to improper authentication, which may allow an attacker to deny service to the production line, steal sensitive data from the production line, and alter any products created by the production line. | |||||
| CVE-2022-41436 | 1 Oxhoo | 2 Tp50, Tp50 Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| An issue in OXHOO TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via browsing to the URL http://device_ip/index1.html. | |||||
| CVE-2022-40723 | 1 Pingidentity | 3 Pingfederate, Pingid Integration Kit, Radius Pcv | 2024-11-21 | N/A | 6.5 MEDIUM |
| The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | |||||