Total
1459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0102 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its deletion command. This could allow an attacker to delete arbitrary files. | |||||
| CVE-2023-0052 | 1 Sauter-controls | 10 Modunet300 Ey-am300f001, Modunet300 Ey-am300f001 Firmware, Modunet300 Ey-am300f002 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| SAUTER Controls Nova 200–220 Series with firmware version 3.3-006 and prior and BACnetstac version 4.2.1 and prior allows the execution of commands without credentials. As Telnet and file transfer protocol (FTP) are the only protocols available for device management, an unauthorized user could access the system and modify the device configuration, which could result in the unauthorized user executing unrestricted malicious commands. | |||||
| CVE-2022-4240 | 1 Honeywell | 2 Onewireless Network Wireless Device Manager, Onewireless Network Wireless Device Manager Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| Missing Authentication for Critical Function vulnerability in Honeywell OneWireless allows Authentication Bypass. This issue affects OneWireless version 322.1 | |||||
| CVE-2022-4229 | 1 Book Store Management System Project | 1 Book Store Management System | 2024-11-21 | N/A | 7.3 HIGH |
| A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588. | |||||
| CVE-2022-4228 | 1 Book Store Management System Project | 1 Book Store Management System | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587. | |||||
| CVE-2022-4018 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 4.3 MEDIUM |
| Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. | |||||
| CVE-2022-48291 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 6.5 MEDIUM |
| The Bluetooth module has an authentication bypass vulnerability in the pairing process. Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2022-46145 | 1 Goauthentik | 1 Authentik | 2024-11-21 | N/A | 8.1 HIGH |
| authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified password recovery, this can be used to overwrite the email address of admin accounts and take over their accounts. authentik 2022.11.2 and 2022.10.2 fix this issue. As a workaround, a policy can be created and bound to the `default-user-settings-flow flow` with the contents `return request.user.is_authenticated`. | |||||
| CVE-2022-45794 | 1 Omron | 82 Sysmac Cj1g-cpu42p, Sysmac Cj1g-cpu42p Firmware, Sysmac Cj1g-cpu43p and 79 more | 2024-11-21 | N/A | 8.6 HIGH |
| An attacker with network access to the affected PLC (CJ-series and CS-series PLCs, all versions) may use a network protocol to read and write files on the PLC internal memory and memory card. | |||||
| CVE-2022-45378 | 1 Apache | 1 Soap | 2024-11-21 | N/A | 9.8 CRITICAL |
| In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-45140 | 1 Wago | 14 751-9301, 751-9301 Firmware, 752-8303\/8000-002 and 11 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| The configuration backend allows an unauthenticated user to write arbitrary data with root privileges to the storage, which could lead to unauthenticated remote code execution and full system compromise. | |||||
| CVE-2022-45138 | 1 Wago | 14 751-9301, 751-9301 Firmware, 752-8303\/8000-002 and 11 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| The configuration backend of the web-based management can be used by unauthenticated users, although only authenticated users should be able to use the API. The vulnerability allows an unauthenticated attacker to read and set several device parameters that can lead to full compromise of the device. | |||||
| CVE-2022-43761 | 1 Br-automation | 1 Industrial Automation Aprol | 2024-11-21 | N/A | 9.4 CRITICAL |
| Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration. | |||||
| CVE-2022-43555 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.8 HIGH |
| Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability | |||||
| CVE-2022-43554 | 1 Ivanti | 1 Avalanche | 2024-11-21 | N/A | 7.8 HIGH |
| Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability | |||||
| CVE-2022-42970 | 2 Microsoft, Schneider-electric | 8 Windows 10, Windows 11, Windows 7 and 5 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| A CWE-306: Missing Authentication for Critical Function The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261) | |||||
| CVE-2022-42785 | 1 Wut | 34 At-modem-emulator, At-modem-emulator Firmware, Com-server 20ma and 31 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Multiple W&T products of the ComServer Series are prone to an authentication bypass. An unathenticated remote attacker, can log in without knowledge of the password by crafting a modified HTTP GET Request. | |||||
| CVE-2022-42473 | 1 Fortinet | 1 Fortisoar | 2024-11-21 | N/A | 5.3 MEDIUM |
| A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password. | |||||
| CVE-2022-42277 | 1 Nvidia | 2 Dgx Station A100, Dgx Station A100 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| NVIDIA DGX Station contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | |||||
| CVE-2022-42276 | 1 Nvidia | 2 Dgx A100, Dgx A100 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmiFlash, where a local user with elevated privileges can read, write and erase flash, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. | |||||