Total
3717 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40703 | 1 Alivecor | 1 Kardia | 2024-11-21 | N/A | 5.2 MEDIUM |
| CWE-302 Authentication Bypass by Assumed-Immutable Data in AliveCor Kardia App version 5.17.1-754993421 and prior on Android allows an unauthenticated attacker with physical access to the Android device containing the app to bypass application authentication and alter information in the app. | |||||
| CVE-2022-40664 | 1 Apache | 1 Shiro | 2024-11-21 | N/A | 9.8 CRITICAL |
| Apache Shiro before 1.10.0, Authentication Bypass Vulnerability in Shiro when forwarding or including via RequestDispatcher. | |||||
| CVE-2022-40622 | 1 Wavlink | 2 Wn531g3, Wn531g3 Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible. | |||||
| CVE-2022-40602 | 1 Zyxel | 2 Lte3301-m209, Lte3301-m209 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A flaw in the Zyxel LTE3301-M209 firmware verisons prior to V1.00(ABLG.6)C0 could allow a remote attacker to access the device using an improper pre-configured password if the remote administration feature has been enabled by an authenticated administrator. | |||||
| CVE-2022-40536 | 1 Qualcomm | 162 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 159 more | 2024-11-21 | N/A | 7.5 HIGH |
| Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network. | |||||
| CVE-2022-40521 | 1 Qualcomm | 484 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8953pro and 481 more | 2024-11-21 | N/A | 7.5 HIGH |
| Transient DOS due to improper authorization in Modem | |||||
| CVE-2022-40259 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 8.3 HIGH |
| MegaRAC Default Credentials Vulnerability | |||||
| CVE-2022-40242 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 7.5 HIGH |
| MegaRAC Default Credentials Vulnerability | |||||
| CVE-2022-40144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations. | |||||
| CVE-2022-3875 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability classified as critical was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This vulnerability affects unknown code of the component API. The manipulation leads to authentication bypass by assumed-immutable data. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216244. | |||||
| CVE-2022-3681 | 1 Motorola | 1 Mr2600 | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network. | |||||
| CVE-2022-3674 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability has been found in SourceCodester Sanitization Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authentication. The attack can be launched remotely. The identifier VDB-212017 was assigned to this vulnerability. | |||||
| CVE-2022-3477 | 3 Newsmag Project, Newspaper Project, Tagdiv Composer Project | 3 Newsmag, Newspaper, Tagdiv Composer | 2024-11-21 | N/A | 9.8 CRITICAL |
| The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address | |||||
| CVE-2022-3465 | 1 Mediabridgeproducts | 2 Mlwr-ac1200r, Mlwr-ac1200r Firmware | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700. | |||||
| CVE-2022-3218 | 1 Necta | 1 Wifi Mouse Server | 2024-11-21 | N/A | 9.8 CRITICAL |
| Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution. | |||||
| CVE-2022-3173 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. | |||||
| CVE-2022-3156 | 1 Rockwellautomation | 1 Studio 5000 Logix Emulate | 2024-11-21 | N/A | 7.8 HIGH |
| A remote code execution vulnerability exists in Rockwell Automation Studio 5000 Logix Emulate software. Users are granted elevated permissions on certain product services when the software is installed. Due to this misconfiguration, a malicious user could potentially achieve remote code execution on the targeted software. | |||||
| CVE-2022-3152 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | N/A | 8.8 HIGH |
| Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20. | |||||
| CVE-2022-3119 | 1 Oauth Client Single Sign On Project | 1 Oauth Client Single Sign On | 2024-11-21 | N/A | 7.5 HIGH |
| The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated attackers to update them and change the OAuth endpoints to ones they controls, allowing them to then be authenticated as admin if they know the correct email address | |||||
| CVE-2022-39901 | 1 Samsung | 2 Exynos, Exynos Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB. | |||||