Total
3930 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23383 | 1 Yzmcms | 1 Yzmcms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user's personal home page can be realized. It is necessary to judge the user's login status before accessing the personal home page, but the vulnerability can access other users' home pages through the non login status because real authentication is not carried out. | |||||
| CVE-2022-23320 | 1 Xerox | 1 Xmpie Ustore | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database. | |||||
| CVE-2022-23317 | 1 Helpsystems | 1 Cobalt Strike | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CobaltStrike <=4.5 HTTP(S) listener does not determine whether the request URL begins with "/", and attackers can obtain relevant information by specifying the URL. | |||||
| CVE-2022-23178 | 1 Crestron | 2 Hd-md4x2-4k-e, Hd-md4x2-4k-e Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with uname and upassword fields. | |||||
| CVE-2022-23156 | 1 Dell | 1 Wyse Device Agent | 2024-11-21 | 4.6 MEDIUM | 6.0 MEDIUM |
| Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A malicious user could potentially exploit this vulnerability by providing invalid input in order to obtain a connection to WMS server. | |||||
| CVE-2022-22990 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2024-11-21 | 8.3 HIGH | 7.8 HIGH |
| A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts. | |||||
| CVE-2022-22956 | 2 Linux, Vmware | 4 Linux Kernel, Identity Manager, Vrealize Automation and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE-2022-22956) in the OAuth2 ACS framework. A malicious actor may bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework. | |||||
| CVE-2022-22831 | 1 Servisnet | 1 Tessa | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header. | |||||
| CVE-2022-22796 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 10.0 HIGH | 7.0 HIGH |
| Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication. | |||||
| CVE-2022-22729 | 1 Yokogawa | 9 Centum Cs 3000, Centum Cs 3000 Entry, Centum Cs 3000 Entry Firmware and 6 more | 2024-11-21 | 6.0 MEDIUM | 8.8 HIGH |
| CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. | |||||
| CVE-2022-22656 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. | |||||
| CVE-2022-22576 | 5 Brocade, Debian, Haxx and 2 more | 17 Fabric Operating System, Debian Linux, Curl and 14 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). | |||||
| CVE-2022-22523 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled. | |||||
| CVE-2022-22289 | 1 Samsung | 1 S Assistant | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information. | |||||
| CVE-2022-22284 | 1 Samsung | 1 Internet | 2024-11-21 | 2.1 LOW | 5.7 MEDIUM |
| Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication | |||||
| CVE-2022-22283 | 1 Samsung | 1 Health | 2024-11-21 | 2.1 LOW | 2.8 LOW |
| Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App. | |||||
| CVE-2022-22259 | 1 Huawei | 2 Flmg-10, Flmg-10 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). Successful exploitation of this vulnerability may lead to a control of the victim device. | |||||
| CVE-2022-22237 | 1 Juniper | 1 Junos | 2024-11-21 | N/A | 6.5 MEDIUM |
| An Improper Authentication vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause an impact on confidentiality or integrity. A vulnerability in the processing of TCP-AO will allow a BGP or LDP peer not configured with authentication to establish a session even if the peer is locally configured to use authentication. This could lead to untrusted or unauthorized sessions being established. This issue affects Juniper Networks Junos OS: 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS Evolved. | |||||
| CVE-2022-21936 | 1 Johnsoncontrols | 2 Metasys Extended Application And Data Server, Metasys For Validated Environments | 2024-11-21 | N/A | 8.1 HIGH |
| On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated actions without providing a valid password when using MVE SMP UI. | |||||
| CVE-2022-21935 | 1 Johnsoncontrols | 3 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Open Application Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change. | |||||