Total
3917 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1432 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2024-11-21 | 7.3 High |
| A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be launched remotely. VDB-223214 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1007 | 1 Filseclab | 1 Twister Antivirus | 2024-11-21 | 5.3 Medium |
| A vulnerability was found in Twister Antivirus 8.17. It has been declared as critical. This vulnerability affects the function 0x801120E4 in the library filmfd.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221740. | ||||
| CVE-2023-0998 | 1 Alphaware Simple E-commerce System Project | 1 Alphaware Simple E-commerce System | 2024-11-21 | 6.5 Medium |
| A vulnerability classified as critical has been found in SourceCodester Alphaware Simple E-Commerce System 1.0. This affects an unknown part of the file /alphaware/summary.php of the component Payment Handler. The manipulation of the argument amount leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221733 was assigned to this vulnerability. | ||||
| CVE-2023-0916 | 1 Auto Dealer Management System Project | 1 Auto Dealer Management System | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221491. | ||||
| CVE-2023-0506 | 1 Bydemes | 1 Airspace Cctv Web Service | 2024-11-21 | 8.8 High |
| The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access. | ||||
| CVE-2022-48683 | 1 Apple | 1 Macos | 2024-11-21 | 8.6 High |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox. | ||||
| CVE-2022-48615 | 1 Huawei | 2 Ar617vw, Ar617vw Firmware | 2024-11-21 | 4.8 Medium |
| An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information. | ||||
| CVE-2022-47558 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-11-21 | 9.4 Critical |
| Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors. | ||||
| CVE-2022-47036 | 2024-11-21 | 9.8 Critical | ||
| Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware, which would typically be used with firmware 2.1.1 or later. | ||||
| CVE-2022-46025 | 1 Totolink | 2 N200re V5, N200re V5 Firmware | 2024-11-21 | 9.1 Critical |
| Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. | ||||
| CVE-2022-45929 | 2024-11-21 | 8.8 High | ||
| Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user. | ||||
| CVE-2022-45112 | 1 Intel | 1 Virtual Raid On Cpu | 2024-11-21 | 7.3 High |
| Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-41689 | 1 Intel | 1 In-band Manageability | 2024-11-21 | 7.3 High |
| Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-41659 | 1 Intel | 1 Unison | 2024-11-21 | 1.9 Low |
| Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2022-40539 | 1 Qualcomm | 50 Qam8295p, Qam8295p Firmware, Qca6574au and 47 more | 2024-11-21 | 8.4 High |
| Memory corruption in Automotive Android OS due to improper validation of array index. | ||||
| CVE-2022-40529 | 1 Qualcomm | 392 Aqt1000, Aqt1000 Firmware, Ar8031 and 389 more | 2024-11-21 | 7.1 High |
| Memory corruption due to improper access control in kernel while processing a mapping request from root process. | ||||
| CVE-2022-3746 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface. | ||||
| CVE-2022-3182 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | 7.0 High |
| Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions. | ||||
| CVE-2022-3065 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. | ||||
| CVE-2022-3019 | 1 Tooljet | 1 Tooljet | 2024-11-21 | 8.8 High |
| The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | ||||