Total
2819 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20918 | 1 Cisco | 2 Firepower Management Center, Firepower Services Software For Asa | 2024-08-03 | 7.5 High |
| A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generation Intrusion Prevention System (NGIPS) Software could allow an unauthenticated, remote attacker to perform an SNMP GET request using a default credential. This vulnerability is due to the presence of a default credential for SNMP version 1 (SNMPv1) and SNMP version 2 (SNMPv2). An attacker could exploit this vulnerability by sending an SNMPv1 or SNMPv2 GET request to an affected device. A successful exploit could allow the attacker to retrieve sensitive information from the device using the default credential. This attack will only be successful if SNMP is configured, and the attacker can only perform SNMP GET requests; write access using SNMP is not allowed. | ||||
| CVE-2022-4807 | 1 Usememos | 1 Memos | 2024-08-03 | 4.3 Medium |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4810 | 1 Usememos | 1 Memos | 2024-08-03 | 4.3 Medium |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4809 | 1 Usememos | 1 Memos | 2024-08-03 | 8.8 High |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4814 | 1 Usememos | 1 Memos | 2024-08-03 | 4.3 Medium |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2022-4724 | 1 Ikus-soft | 1 Rdiffweb | 2024-08-03 | 9.8 Critical |
| Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. | ||||
| CVE-2022-4689 | 1 Usememos | 1 Memos | 2024-08-03 | 8.8 High |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. | ||||
| CVE-2022-4684 | 1 Usememos | 1 Memos | 2024-08-03 | 8.8 High |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. | ||||
| CVE-2022-4567 | 1 Open-emr | 1 Openemr | 2024-08-03 | 8.1 High |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2022-4229 | 1 Book Store Management System Project | 1 Book Store Management System | 2024-08-03 | 7.3 High |
| A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588. | ||||
| CVE-2022-4087 | 1 Ipxe | 1 Ipxe | 2024-08-03 | 2.6 Low |
| A vulnerability was found in iPXE. It has been declared as problematic. This vulnerability affects the function tls_new_ciphertext of the file src/net/tls.c of the component TLS. The manipulation of the argument pad_len leads to information exposure through discrepancy. The name of the patch is 186306d6199096b7a7c4b4574d4be8cdb8426729. It is recommended to apply a patch to fix this issue. VDB-214054 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-3780 | 1 Devolutions | 1 Remote Desktop Manager | 2024-08-03 | 7.5 High |
| Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. | ||||
| CVE-2022-3746 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2024-08-03 | 6.7 Medium |
| A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface. | ||||
| CVE-2022-3186 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2024-08-03 | 8.6 High |
| Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the device’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information. | ||||
| CVE-2022-3182 | 1 Devolutions | 1 Remote Desktop Manager | 2024-08-03 | 7.0 High |
| Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions. | ||||
| CVE-2022-3065 | 1 Diagrams | 1 Drawio | 2024-08-03 | 7.5 High |
| Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. | ||||
| CVE-2022-2995 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift | 2024-08-03 | 7.1 High |
| Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | ||||
| CVE-2022-3019 | 1 Tooljet | 1 Tooljet | 2024-08-03 | 8.8 High |
| The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | ||||
| CVE-2022-2792 | 1 Emerson | 1 Electric\'s Proficy | 2024-08-03 | 6.6 Medium |
| Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. | ||||
| CVE-2022-2702 | 1 Company Website\/cms Project | 1 Company Website\/cms | 2024-08-03 | 7.3 High |
| A vulnerability was found in SourceCodester Company Website CMS and classified as critical. Affected by this issue is some unknown functionality of the file site-settings.php of the component Cookie Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205826 is the identifier assigned to this vulnerability. | ||||