Total
2579 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0451 | 1 Econolite | 1 Eos | 2024-11-21 | N/A | 7.5 HIGH |
| Econolite EOS versions prior to 3.2.23 lack a password requirement for gaining “READONLY” access to log files and certain database and configuration files. One such file contains tables with MD5 hashes and usernames for all defined users in the control software, including administrators and technicians. | |||||
| CVE-2023-0017 | 1 Sap | 1 Netweaver Application Server For Java | 2024-11-21 | N/A | 9.4 CRITICAL |
| An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable. | |||||
| CVE-2023-0012 | 2 Microsoft, Sap | 2 Windows, Host Agent | 2024-11-21 | N/A | 6.4 MEDIUM |
| In SAP Host Agent (Windows) - versions 7.21, 7.22, an attacker who gains local membership to SAP_LocalAdmin could be able to replace executables with a malicious file that will be started under a privileged account. Note that by default all user members of SAP_LocaAdmin are denied the ability to logon locally by security policy so that this can only occur if the system has already been compromised. | |||||
| CVE-2022-4814 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4810 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4809 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4807 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4724 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 9.8 CRITICAL |
| Improper Access Control in GitHub repository ikus060/rdiffweb prior to 2.5.5. | |||||
| CVE-2022-4689 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-4684 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Access Control in GitHub repository usememos/memos prior to 0.9.0. | |||||
| CVE-2022-4567 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 8.1 HIGH |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. | |||||
| CVE-2022-48683 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 7.8 HIGH |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox. | |||||
| CVE-2022-47037 | 1 Siklu | 9 Tg Firmware, Tg Lr T280, Tg Mpl-261 and 6 more | 2024-11-21 | N/A | 7.5 HIGH |
| Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials. | |||||
| CVE-2022-47036 | 2024-11-21 | N/A | 9.8 CRITICAL | ||
| Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware, which would typically be used with firmware 2.1.1 or later. | |||||
| CVE-2022-46664 | 1 Siemens | 1 Mendix Workflow Commons | 2024-11-21 | N/A | 8.1 HIGH |
| A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read or delete sensitive information. | |||||
| CVE-2022-46025 | 1 Totolink | 2 N200re V5, N200re V5 Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. | |||||
| CVE-2022-45929 | 2024-11-21 | N/A | 8.8 HIGH | ||
| Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user. | |||||
| CVE-2022-41677 | 1 Bosch | 12 Cpp13, Cpp13 Firmware, Cpp14 and 9 more | 2024-11-21 | N/A | 5.3 MEDIUM |
| An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet. | |||||
| CVE-2022-41654 | 1 Ghost | 1 Ghost | 2024-11-21 | N/A | 4.3 MEDIUM |
| An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-40539 | 1 Qualcomm | 50 Qam8295p, Qam8295p Firmware, Qca6574au and 47 more | 2024-11-21 | N/A | 8.4 HIGH |
| Memory corruption in Automotive Android OS due to improper validation of array index. | |||||