Total
3610 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35198 | 1 Contract Management System Project | 1 Contract Managment System | 2024-11-21 | N/A | 7.5 HIGH |
| Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information. | |||||
| CVE-2022-35142 | 1 Raneto Project | 1 Raneto | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter. | |||||
| CVE-2022-34919 | 1 Zengenti | 1 Contensis | 2024-11-21 | N/A | 9.8 CRITICAL |
| The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands. | |||||
| CVE-2022-34887 | 1 Lenovo | 6 G263dns, G263dns Firmware, Gm265dn and 3 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password. | |||||
| CVE-2022-34575 | 1 Wavlink | 1 Wifi-repeater Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml. | |||||
| CVE-2022-34535 | 1 Dw | 2 Megapix, Megapix Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows unauthenticated attackers to view internal paths and scripts via web files. | |||||
| CVE-2022-34380 | 1 Dell | 1 Cloudlink | 2024-11-21 | N/A | 9.3 CRITICAL |
| Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. | |||||
| CVE-2022-34379 | 1 Dell | 1 Cloudlink | 2024-11-21 | N/A | 9.4 CRITICAL |
| Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system. | |||||
| CVE-2022-34372 | 1 Dell | 1 Powerprotect Cyber Recovery | 2024-11-21 | N/A | 9.8 CRITICAL |
| Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality | |||||
| CVE-2022-34331 | 1 Ibm | 1 Powervm Hypervisor | 2024-11-21 | N/A | 5.5 MEDIUM |
| After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695. | |||||
| CVE-2022-34267 | 1 Rws | 1 Worldserver | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in RWS WorldServer before 11.7.3. Adding a token parameter with the value of 02 bypasses all authentication requirements. Arbitrary Java code can be uploaded and executed via a .jar archive to the ws-api/v2/customizations/api endpoint. | |||||
| CVE-2022-34155 | 1 Miniorange | 1 Oauth Single Sign On | 2024-11-21 | N/A | 8.8 HIGH |
| Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3. | |||||
| CVE-2022-33946 | 1 Intel | 1 System Usage Report | 2024-11-21 | N/A | 5.6 MEDIUM |
| Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33750 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands. | |||||
| CVE-2022-33736 | 1 Siemens | 1 Opcenter Quality | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials. | |||||
| CVE-2022-33720 | 1 Google | 1 Android | 2024-11-21 | N/A | 2.4 LOW |
| Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. | |||||
| CVE-2022-33242 | 1 Qualcomm | 314 Aqt1000, Aqt1000 Firmware, Ar8031 and 311 more | 2024-11-21 | N/A | 7.8 HIGH |
| Memory corruption due to improper authentication in Qualcomm IPC while loading unsigned lib in audio PD. | |||||
| CVE-2022-33202 | 1 Softcreate | 1 L2blocker | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
| Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor. | |||||
| CVE-2022-32971 | 1 Intel | 1 System Usage Report | 2024-11-21 | N/A | 3.1 LOW |
| Improper authentication in the Intel(R) SUR software before version 2.4.8902 may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-32570 | 1 Intel | 1 Quartus Prime | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper authentication in the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||