Total
1632 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0919 | 1 Kavitareader | 1 Kavita | 2024-11-21 | 8.1 High |
| Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0. | ||||
| CVE-2023-0906 | 1 Online Pizza Ordering System Project | 1 Online Pizza Ordering System | 2024-11-21 | 7.3 High |
| A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1.0. Affected by this vulnerability is the function delete_category of the file ajax.php of the component POST Parameter Handler. The manipulation leads to missing authentication. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-221455. | ||||
| CVE-2022-4228 | 1 Book Store Management System Project | 1 Book Store Management System | 2024-11-21 | 5.3 Medium |
| A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587. | ||||
| CVE-2022-45378 | 1 Apache | 1 Soap | 2024-11-21 | 9.8 Critical |
| In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2022-43555 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.8 High |
| Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | ||||
| CVE-2022-43554 | 1 Ivanti | 1 Avalanche | 2024-11-21 | 7.8 High |
| Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | ||||
| CVE-2022-42473 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | 5.3 Medium |
| A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password. | ||||
| CVE-2022-41331 | 1 Fortinet | 1 Fortiproxy | 2024-11-21 | 9.3 Critical |
| A missing authentication for critical function vulnerability [CWE-306] in FortiPresence infrastructure server before version 1.2.1 allows a remote, unauthenticated attacker to access the Redis and MongoDB instances via crafted authentication requests. | ||||
| CVE-2022-39426 | 1 Oracle | 1 Vm Virtualbox | 2024-11-21 | 8.1 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2022-39425 | 1 Oracle | 1 Vm Virtualbox | 2024-11-21 | 8.1 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with network access via VRDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2022-39412 | 1 Oracle | 1 Access Manager | 2024-11-21 | 7.5 High |
| Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Admin Console). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Access Manager accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||
| CVE-2022-38817 | 1 Linuxfoundation | 1 Dapr Dashboard | 2024-11-21 | 7.5 High |
| Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data. | ||||
| CVE-2022-37062 | 1 Flir | 2 Flir Ax8, Flir Ax8 Firmware | 2024-11-21 | 7.5 High |
| All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this by sending a URI that contains the path of the SQLite users database and download it. A successful exploit could allow the attacker to extract usernames and hashed passwords. | ||||
| CVE-2022-36884 | 2 Jenkins, Redhat | 2 Git, Openshift | 2024-11-21 | 5.3 Medium |
| The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. | ||||
| CVE-2022-36780 | 1 Avdorcis | 1 Crystal Quality | 2024-11-21 | 4.9 Medium |
| Avdor CIS - crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number - id of the recorded number. | ||||
| CVE-2022-36619 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 7.5 High |
| In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. | ||||
| CVE-2022-36604 | 1 Canaan | 2 Avalon Asic Miner, Avalon Asic Miner Firmware | 2024-11-21 | 7.5 High |
| An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request. | ||||
| CVE-2022-36521 | 1 Cskefu | 1 Cskefu | 2024-11-21 | 7.5 High |
| Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts. | ||||
| CVE-2022-36129 | 1 Hashicorp | 1 Vault | 2024-11-21 | 9.1 Critical |
| HashiCorp Vault Enterprise 1.7.0 through 1.9.7, 1.10.4, and 1.11.0 clusters using Integrated Storage expose an unauthenticated API endpoint that could be abused to override the voter status of a node within a Vault HA cluster, introducing potential for future data loss or catastrophic failure. Fixed in Vault Enterprise 1.9.8, 1.10.5, and 1.11.1. | ||||
| CVE-2022-35871 | 1 Inductiveautomation | 1 Ignition | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition 8.1.15 (b2022030114). Authentication is not required to exploit this vulnerability. The specific flaw exists within the authenticateAdSso method. The issue results from the lack of authentication prior to allowing the execution of python code. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-17206. | ||||