Total
5660 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41272 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | N/A | 9.9 CRITICAL |
| An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application. | |||||
| CVE-2022-41271 | 1 Sap | 1 Netweaver Process Integration | 2024-11-21 | N/A | 9.4 CRITICAL |
| An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to: * Read any information * Modify sensitive information * Denial of Service attacks (DoS) * SQL Injection | |||||
| CVE-2022-40975 | 2024-11-21 | N/A | 5.4 MEDIUM | ||
| Missing Authorization vulnerability in Aazztech Post Slider.This issue affects Post Slider: from n/a through 1.6.7. | |||||
| CVE-2022-40702 | 1 Zorem | 1 Advanced Local Pickup For Woocommerce | 2024-11-21 | N/A | 5.4 MEDIUM |
| Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2. | |||||
| CVE-2022-40673 | 2 Fedoraproject, Kdiskmark Project | 2 Fedora, Kdiskmark | 2024-11-21 | N/A | 7.8 HIGH |
| KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. | |||||
| CVE-2022-40223 | 1 Searchwp | 1 Searchwp | 2024-11-21 | N/A | 5.4 MEDIUM |
| Nonce token leakage and missing authorization in SearchWP premium plugin <= 4.2.5 on WordPress leading to plugin settings change. | |||||
| CVE-2022-40218 | 2024-11-21 | N/A | 6.5 MEDIUM | ||
| Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4. | |||||
| CVE-2022-40203 | 1 Algolplus | 1 Advanced Dynamic Pricing For Woocommerce | 2024-11-21 | N/A | 6.3 MEDIUM |
| Missing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5. | |||||
| CVE-2022-3920 | 1 Hashicorp | 1 Consul | 2024-11-21 | N/A | 5.3 MEDIUM |
| HashiCorp Consul and Consul Enterprise 1.13.0 up to 1.13.3 do not filter cluster filtering's imported nodes and services for HTTP or RPC endpoints used by the UI. Fixed in 1.14.0. | |||||
| CVE-2022-3622 | 1 Adenion | 1 Blog2social | 2024-11-21 | N/A | 4.7 MEDIUM |
| The Blog2Social plugin for WordPress is vulnerable to authorization bypass due to missing capability checks in versions up to, and including, 6.9.11. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to change some plugin settings intended to be modifiable by admins only. | |||||
| CVE-2022-3512 | 1 Cloudflare | 1 Warp | 2024-11-21 | N/A | 6.7 MEDIUM |
| Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint. | |||||
| CVE-2022-3501 | 1 Otrs | 1 Otrs | 2024-11-21 | N/A | 3.5 LOW |
| Article template contents with sensitive data could be accessed from agents without permissions. | |||||
| CVE-2022-3482 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.3 MEDIUM |
| An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only | |||||
| CVE-2022-3400 | 1 Bricksbuilder | 1 Bricks | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. This makes it possible for authenticated attackers with minimal permissions, such as a subscriber, to edit any page, post, or template on the vulnerable WordPress website. | |||||
| CVE-2022-3337 | 1 Cloudflare | 1 Warp Mobile Client | 2024-11-21 | N/A | 6.7 MEDIUM |
| It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform. | |||||
| CVE-2022-3322 | 1 Cloudflare | 1 Warp Mobile Client | 2024-11-21 | N/A | 6.7 MEDIUM |
| Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action. | |||||
| CVE-2022-3321 | 1 Cloudflare | 1 Warp Mobile Client | 2024-11-21 | N/A | 6.7 MEDIUM |
| It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. Such configuration caused the WARP client to disconnect and allowed the user to bypass restrictions and policies enforced by the Zero Trust platform. | |||||
| CVE-2022-3320 | 1 Cloudflare | 1 Warp | 2024-11-21 | N/A | 6.7 MEDIUM |
| It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero Trust enrolled endpoint. | |||||
| CVE-2022-3124 | 1 Najeebmedia | 1 Frontend File Manager | 2024-11-21 | N/A | 5.3 MEDIUM |
| The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server | |||||
| CVE-2022-3007 | 1 Syska | 2 Sw100 Smartwatch, Sw100 Smartwatch Firmware | 2024-11-21 | N/A | 8.1 HIGH |
| The vulnerability exists in Syska SW100 Smartwatch due to an improper implementation and/or configuration of Nordic Device Firmware Update (DFU) which is used for performing Over-The-Air (OTA) firmware updates on the Bluetooth Low Energy (BLE) devices. An unauthenticated attacker could exploit this vulnerability by setting arbitrary values to handle on the vulnerable device over Bluetooth. Successful exploitation of this vulnerability could allow the attacker to perform firmware update, device reboot or data manipulation on the target device. | |||||