Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38743 | 1 Rockwellautomation | 1 Factorytalk Vantagepoint | 2024-11-21 | N/A | 8.8 HIGH |
| Rockwell Automation FactoryTalk VantagePoint versions 8.0, 8.10, 8.20, 8.30, 8.31 are vulnerable to an improper access control vulnerability. The FactoryTalk VantagePoint SQL Server account could allow a malicious user with read-only privileges to execute SQL statements in the back-end database. If successfully exploited, this could allow the attacker to execute arbitrary code and gain access to restricted data. | |||||
| CVE-2022-38715 | 1 Siretta | 2 Quartz-gold, Quartz-gold Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-38705 | 1 Ibm | 1 Cics Tx | 2024-11-21 | N/A | 5.3 MEDIUM |
| IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172. | |||||
| CVE-2022-38611 | 1 Watchdog | 1 Anti-virus | 2024-11-21 | N/A | 7.8 HIGH |
| Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary. | |||||
| CVE-2022-38582 | 1 Watchdog | 1 Anti-virus | 2024-11-21 | N/A | 6.5 MEDIUM |
| Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files. | |||||
| CVE-2022-38461 | 1 Wpml | 1 Wpml | 2024-11-21 | N/A | 5.4 MEDIUM |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with a subscriber or higher user role to change plugin settings (selected language for legacy widgets, the default behavior for media content). | |||||
| CVE-2022-38453 | 1 Contechealth | 2 Cms8000, Cms8000 Firmware | 2024-11-21 | N/A | 3.0 LOW |
| Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings. These compiler settings greatly decrease the level of effort for a threat actor to reverse engineer sensitive code and identify additional vulnerabilities. | |||||
| CVE-2022-38452 | 1 Netgear | 2 Rbs750, Rbs750 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A command execution vulnerability exists in the hidden telnet service functionality of Netgear Orbi Router RBR750 4.6.8.5. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2022-38388 | 1 Ibm | 1 Navigator Mobile | 2024-11-21 | N/A | 5.5 MEDIUM |
| IBM Navigator Mobile Android 3.4.1.1 and 3.4.1.2 app could allow a local user to obtain sensitive information due to improper access control. IBM X-Force ID: 233968. | |||||
| CVE-2022-38381 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | N/A | 5.3 MEDIUM |
| An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request. | |||||
| CVE-2022-38380 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 4.3 MEDIUM |
| An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API. | |||||
| CVE-2022-38377 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | N/A | 4.3 MEDIUM |
| An improper access control vulnerability [CWE-284] in FortiManager 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11 and FortiAnalyzer 7.2.0, 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.0 through 6.0.12 may allow a remote and authenticated admin user assigned to a specific ADOM to access other ADOMs information such as device information and dashboard information. | |||||
| CVE-2022-38375 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | N/A | 9.1 CRITICAL |
| An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4.1 and before 9.2.6 allows an unauthenticated user to perform some administrative operations over the FortiNAC instance via crafted HTTP POST requests. | |||||
| CVE-2022-38372 | 1 Fortinet | 1 Fortitester | 2024-11-21 | N/A | 6.7 MEDIUM |
| A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command. | |||||
| CVE-2022-38355 | 1 Daikinlatam | 2 Svmpc1, Svmpc2 | 2024-11-21 | N/A | 7.5 HIGH |
| Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication. | |||||
| CVE-2022-38341 | 1 Safe | 1 Fme Server | 2024-11-21 | N/A | 7.1 HIGH |
| Safe Software FME Server v2021.2.5 and below does not employ server-side validation. | |||||
| CVE-2022-38184 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | N/A | 7.5 HIGH |
| There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs. | |||||
| CVE-2022-38135 | 1 Photospace Gallery Project | 1 Photospace Gallery | 2024-11-21 | N/A | 5.4 MEDIUM |
| Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings. | |||||
| CVE-2022-38134 | 1 Cusrev | 1 Customer Reviews For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
| Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | |||||
| CVE-2022-38104 | 1 Oxilab | 1 Accordions | 2024-11-21 | N/A | 7.2 HIGH |
| Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions <= 2.0.3 on WordPress. | |||||