Total
3302 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-42884 | 1 Themeinprogress | 1 Wip Custom Login | 2024-08-03 | 5.4 Medium |
| Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7. | ||||
| CVE-2022-42909 | 1 Wepanow | 1 Print Away | 2024-08-03 | 6.5 Medium |
| WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they donĀ“t own and print hem without authorization. In order to exploit this vulnerability, the user must have an account with wepanow.com or any of the institutions they serve, and be logged in. | ||||
| CVE-2022-42782 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 5.5 Medium |
| In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | ||||
| CVE-2022-42778 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 7.8 High |
| In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed. | ||||
| CVE-2022-42776 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 7.8 High |
| In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed. | ||||
| CVE-2022-42766 | 2 Google, Unisoc | 14 Android, S8011, Sc7731e and 11 more | 2024-08-03 | 5.5 Medium |
| In wlan driver, there is a possible missing permission check, This could lead to local information disclosure. | ||||
| CVE-2022-42777 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2024-08-03 | 7.8 High |
| In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed. | ||||
| CVE-2022-41929 | 1 Xwiki | 1 Xwiki | 2024-08-03 | 4.9 Medium |
| org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1. | ||||
| CVE-2022-41937 | 1 Xwiki | 1 Xwiki | 2024-08-03 | 9.6 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a workaround, setting the right of the page Filter.WebHome and making sure only the main wiki administrators can view the application installed on main wiki or edit the page and apply the changed described in commit fb49b4f. | ||||
| CVE-2022-41930 | 1 Xwiki | 1 Xwiki | 2024-08-03 | 7.5 High |
| org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. The problem has been patched in XWiki 13.10.7, 14.5RC1 and 14.4.2. Workarounds: The problem can be patched immediately by editing the page `XWiki.XWikiUserProfileSheet` in the wiki and by performing the changes contained in https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa. | ||||
| CVE-2022-41797 | 1 Lemon8 Project | 1 Lemon8 | 2024-08-03 | 6.5 Medium |
| Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | ||||
| CVE-2022-41807 | 1 Kyocera | 80 Ecosys M2535dn, Ecosys M2535dn Firmware, Ecosys M6526cdn and 77 more | 2024-08-03 | 6.5 Medium |
| Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected products/versions are as follows: TASKalfa 7550ci/6550ci, TASKalfa 5550ci/4550ci/3550ci/3050ci, TASKalfa 255c/205c, TASKalfa 256ci/206ci, ECOSYS M6526cdn/M6526cidn, FS-C2126MFP/C2126MFP+/C2026MFP/C2026MFP+, TASKalfa 8000i/6500i, TASKalfa 5500i/4500i/3500i, TASKalfa 305/255, TASKalfa 306i/256i, LS-3140MFP/3140MFP+/3640MFP, ECOSYS M2535dn, LS-1135MFP/1035MFP, LS-C8650DN/C8600DN, ECOSYS P6026cdn, FS-C5250DN, LS-4300DN/4200DN/2100DN, ECOSYS P4040dn, ECOSYS P2135dn, and FS-1370DN. | ||||
| CVE-2022-41698 | 2024-08-03 | 6.5 Medium | ||
| Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3. | ||||
| CVE-2022-41695 | 1 Sedlex | 1 Traffic Manager | 2024-08-03 | 5.4 Medium |
| Missing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5. | ||||
| CVE-2022-41790 | 1 Codepeople | 1 Wp Time Slots Booking Form | 2024-08-03 | 4.3 Medium |
| Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76. | ||||
| CVE-2022-41417 | 1 Blogengine | 1 Blogengine.net | 2024-08-03 | 9.8 Critical |
| BlogEngine.NET v3.3.8.0 allows an attacker to create any folder with "files" prefix under ~/App_Data/. | ||||
| CVE-2022-41272 | 1 Sap | 1 Netweaver Process Integration | 2024-08-03 | 9.9 Critical |
| An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data across the entire system. This allows the attacker to have full read access to user data, make limited modifications to user data, and degrade the performance of the system, leading to a high impact on confidentiality and a limited impact on the availability and integrity of the application. | ||||
| CVE-2022-41271 | 1 Sap | 1 Netweaver Process Integration | 2024-08-03 | 9.4 Critical |
| An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations. The vulnerability affects local users and data, leading to a considerable impact on confidentiality as well as availability and a limited impact on the integrity of the application. These operations can be used to: * Read any information * Modify sensitive information * Denial of Service attacks (DoS) * SQL Injection | ||||
| CVE-2022-41246 | 1 Jenkins | 1 Worksoft Execution Manager | 2024-08-03 | 6.5 Medium |
| A missing permission check in Jenkins Worksoft Execution Manager Plugin 10.0.3.503 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-41250 | 1 Jenkins | 1 Scm Httpclient | 2024-08-03 | 6.5 Medium |
| A missing permission check in Jenkins SCM HttpClient Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||