Total
2818 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-47648 | 1 Bosch | 2 B420, B420 Firmware | 2024-08-03 | 7.6 High |
An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can gain access to the same panel without requiring any sort of authorization. The B420 module was already obsolete at the time this vulnerability was found (The End of Life announcement was made in 2013). | ||||
CVE-2022-47037 | 1 Siklu | 9 Tg Firmware, Tg Lr T280, Tg Mpl-261 and 6 more | 2024-08-03 | 7.5 High |
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials. | ||||
CVE-2022-46754 | 1 Dell | 1 Wyse Management Suite | 2024-08-03 | 8.7 High |
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities. | ||||
CVE-2022-46755 | 1 Dell | 1 Wyse Management Suite | 2024-08-03 | 4.9 Medium |
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. | ||||
CVE-2022-46664 | 1 Siemens | 1 Mendix Workflow Commons | 2024-08-03 | 8.1 High |
A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information. | ||||
CVE-2022-46677 | 1 Dell | 1 Wyse Management Suite | 2024-08-03 | 6.8 Medium |
Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized. | ||||
CVE-2022-46678 | 1 Dell | 1 Wyse Management Suite | 2024-08-03 | 4.9 Medium |
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. | ||||
CVE-2022-46676 | 1 Dell | 1 Wyse Management Suite | 2024-08-03 | 4.9 Medium |
Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A malicious admin user can disable or delete users under administration and unassigned admins for which the group admin is not authorized. | ||||
CVE-2022-46331 | 1 Ge | 1 Proficy Historian | 2024-08-03 | 7.5 High |
An unauthorized user could possibly delete any file on the system. | ||||
CVE-2022-46279 | 1 Intel | 1 Retail Edge Program | 2024-08-03 | 5 Medium |
Improper access control in the Intel(R) Retail Edge android application before version 3.0.301126-RELEASE may allow an authenticated user to potentially enable information disclosure via local access. | ||||
CVE-2022-46354 | 1 Siemens | 10 6gk5204-0ba00-2kb2, 6gk5204-0ba00-2kb2 Firmware, 6gk5204-0ba00-2mb2 and 7 more | 2024-08-03 | 5.3 Medium |
A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances. | ||||
CVE-2022-45929 | 2024-08-03 | 8.8 High | ||
Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user. | ||||
CVE-2022-45937 | 1 Siemens | 18 Pxc00-e96.a, Pxc00-e96.a Firmware, Pxc100-e96.a and 15 more | 2024-08-03 | 8.8 High |
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials. | ||||
CVE-2022-45936 | 1 Siemens | 1 Mendix Email Connector | 2024-08-03 | 8.1 High |
A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information. | ||||
CVE-2022-45112 | 1 Intel | 1 Virtual Raid On Cpu | 2024-08-03 | 7.3 High |
Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
CVE-2022-44622 | 1 Jetbrains | 1 Teamcity | 2024-08-03 | 2.7 Low |
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive | ||||
CVE-2022-44565 | 1 Ui | 12 Airfiber 60, Airfiber 60-hd, Airfiber 60-hd Firmware and 9 more | 2024-08-03 | 5.3 Medium |
An improper access validation vulnerability exists in airMAX AC <8.7.11, airFiber 60/LR <2.6.2, airFiber 60 XG/HD <v1.0.0 and airFiber GBE <1.4.1 that allows a malicious actor to retrieve status and usage data from the UISP device. | ||||
CVE-2022-43702 | 1 Arm | 6 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 3 more | 2024-08-03 | 7.8 High |
When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code. | ||||
CVE-2022-43494 | 1 Ge | 1 Proficy Historian | 2024-08-03 | 7.5 High |
An unauthorized user could be able to read any file on the system, potentially exposing sensitive information. | ||||
CVE-2022-42465 | 1 Intel | 1 One Boot Flash Update | 2024-08-03 | 7.2 High |
Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access. |