Vulnerabilities (CVE)

Filtered by NVD-CWE-Other
Total 29523 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-29481 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 N/A 6.5 MEDIUM
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-29471 1 Cybozu 1 Garoon 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
CVE-2022-29470 1 Intel 1 Dynamic Tuning Technology 2024-11-21 N/A 6.7 MEDIUM
Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-29423 1 Edmonsoft 1 Countdown Builder 2024-11-21 7.5 HIGH 3.8 LOW
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress.
CVE-2022-29417 1 Shortpixel 1 Shortpixel Adaptive Images 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings.
CVE-2022-29235 1 Bigbluebutton 1 Bigbluebutton 2024-11-21 4.3 MEDIUM 5.3 MEDIUM
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and prior to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds.
CVE-2022-29229 1 Cassproject 1 Competency And Skills System 2024-11-21 6.5 MEDIUM 6.3 MEDIUM
CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cryptographic keys. This affects CaSS servers using standalone username/password authentication, which uses a method that expects e2e cryptographic security of authorization credentials. The issue has been patched in 1.5.8, however, the vulnerable accounts are only resecured when the user next logs in using standalone authentication, as the data required to resecure the account is not available to the server. The issue may be mitigated by using SSO or client side certificates to log in. Please note that SSO and client side certificate authentication does not have this expectation of no-knowledge credential access, and cryptographic keys are available to the server administrator.
CVE-2022-29201 1 Google 1 Tensorflow 2024-11-21 2.1 LOW 5.5 MEDIUM
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.
CVE-2022-29054 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 N/A 3.3 LOW
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the DHCP and DNS keys in Fortinet FortiOS version 7.2.0, 7.0.0 through 7.0.5, 6.4.0 through 6.4.9, 6.2.x and 6.0.x may allow an attacker in possession of the encrypted key to decipher it.
CVE-2022-29053 1 Fortinet 1 Fortios 2024-11-21 N/A 2.3 LOW
A missing cryptographic steps vulnerability [CWE-325] in the functions that encrypt the keytab files in FortiOS version 7.2.0, 7.0.0 through 7.0.5 and below 7.0.0 may allow an attacker in possession of the encrypted file to decipher it.
CVE-2022-28946 1 Openpolicyagent 1 Open Policy Agent 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.
CVE-2022-28860 2 Axis, Citilog 2 M1125, Citilog 2024-11-21 N/A 5.9 MEDIUM
An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera.
CVE-2022-28782 1 Google 1 Android 2024-11-21 2.1 LOW 4.6 MEDIUM
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.
CVE-2022-28780 1 Google 1 Android 2024-11-21 2.1 LOW 5.0 MEDIUM
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
CVE-2022-28778 1 Samsung 1 Samsung Security Supporter 2024-11-21 2.1 LOW 4.4 MEDIUM
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission
CVE-2022-28777 1 Samsung 1 Members 2024-11-21 2.1 LOW 4.3 MEDIUM
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.
CVE-2022-28776 1 Samsung 1 Galaxy Store 2024-11-21 4.6 MEDIUM 5.9 MEDIUM
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.
CVE-2022-28775 1 Samsung 1 Samsung Flow 2024-11-21 2.1 LOW 5.1 MEDIUM
Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.
CVE-2022-28761 1 Zoom 1 Zoom On-premise Meeting Connector Mmr 2024-11-21 N/A 6.5 MEDIUM
Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions.
CVE-2022-28760 1 Zoom 1 Zoom On-premise Meeting Connector Mmr 2024-11-21 N/A 6.5 MEDIUM
Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.