Total
29597 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29501 | 3 Debian, Fedoraproject, Schedmd | 3 Debian Linux, Fedora, Slurm | 2024-11-21 | 8.8 High |
| SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. | ||||
| CVE-2022-29500 | 3 Debian, Fedoraproject, Schedmd | 3 Debian Linux, Fedora, Slurm | 2024-11-21 | 8.8 High |
| SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. | ||||
| CVE-2022-29490 | 1 Hitachienergy | 2 Microscada X Sys600, Sys600 | 2024-11-21 | 8.5 High |
| Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.1.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:* | ||||
| CVE-2022-29484 | 1 Cybozu | 1 Garoon | 2024-11-21 | 8.1 High |
| Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. | ||||
| CVE-2022-29471 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.3 Medium |
| Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. | ||||
| CVE-2022-29470 | 1 Intel | 1 Dynamic Tuning Technology | 2024-11-21 | 6.7 Medium |
| Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-29235 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 5.3 Medium |
| BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds. | ||||
| CVE-2022-29054 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 3.1 Low |
| A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it. | ||||
| CVE-2022-29053 | 1 Fortinet | 1 Fortios | 2024-11-21 | 2.3 Low |
| A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it. | ||||
| CVE-2022-28946 | 1 Openpolicyagent | 1 Open Policy Agent | 2024-11-21 | 7.5 High |
| An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access. | ||||
| CVE-2022-28860 | 2 Axis, Citilog | 2 M1125, Citilog | 2024-11-21 | 5.9 Medium |
| An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera. | ||||
| CVE-2022-28782 | 1 Google | 1 Android | 2024-11-21 | 4.6 Medium |
| Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. | ||||
| CVE-2022-28780 | 1 Google | 1 Android | 2024-11-21 | 5 Medium |
| Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. | ||||
| CVE-2022-28778 | 1 Samsung | 1 Samsung Security Supporter | 2024-11-21 | 4.4 Medium |
| Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission | ||||
| CVE-2022-28777 | 1 Samsung | 1 Members | 2024-11-21 | 4.3 Medium |
| Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. | ||||
| CVE-2022-28776 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 5.9 Medium |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | ||||
| CVE-2022-28775 | 1 Samsung | 1 Samsung Flow | 2024-11-21 | 5.1 Medium |
| Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. | ||||
| CVE-2022-28758 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-11-21 | 8.2 High |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | ||||
| CVE-2022-28754 | 1 Zoom | 1 Meeting Connector | 2024-11-21 | 7.1 High |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | ||||
| CVE-2022-28753 | 1 Zoom | 1 Meeting Connector | 2024-11-21 | 7.1 High |
| Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the waiting room, and can become host and cause other meeting disruptions. | ||||