Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-3285 | 1 Gitlab | 1 Gitlab | 2022-11-11 | N/A | 7.5 HIGH |
| Bypass of healthcheck endpoint allow list affecting all versions from 12.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an unauthorized attacker to prevent access to GitLab | |||||
| CVE-2022-3793 | 1 Gitlab | 1 Gitlab | 2022-11-10 | N/A | 5.3 MEDIUM |
| An improper authorization issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to read variables set directly in a GitLab CI/CD configuration file they don't have access to. | |||||
| CVE-2022-28689 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-11-10 | N/A | 8.8 HIGH |
| A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-29481 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-11-10 | N/A | 6.5 MEDIUM |
| A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-39890 | 1 Samsung | 1 Billing | 2022-11-10 | N/A | 7.5 HIGH |
| Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information. | |||||
| CVE-2022-26023 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-11-10 | N/A | 6.5 MEDIUM |
| A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-29888 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-11-10 | N/A | 8.1 HIGH |
| A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-39884 | 1 Google | 1 Android | 2022-11-10 | N/A | 3.3 LOW |
| Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information. | |||||
| CVE-2022-30543 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-11-09 | N/A | 8.8 HIGH |
| A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2021-40776 | 3 Adobe, Apple, Microsoft | 3 Lightroom, Macos, Windows | 2022-11-07 | 6.6 MEDIUM | 6.1 MEDIUM |
| Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability. | |||||
| CVE-2007-2727 | 1 Php | 1 Php | 2022-11-07 | 2.6 LOW | N/A |
| The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), which might allow context-dependent attackers to decrypt certain data more easily because of the guessable encryption keys. | |||||
| CVE-2022-38381 | 1 Fortinet | 1 Fortiadc | 2022-11-04 | N/A | 9.8 CRITICAL |
| An improper handling of malformed request vulnerability [CWE-228] exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall (WAF) protection such as the SQL Injection and XSS filters via a malformed HTTP request. | |||||
| CVE-2022-38380 | 1 Fortinet | 1 Fortios | 2022-11-04 | N/A | 4.3 MEDIUM |
| An improper access control [CWE-284] vulnerability in FortiOS version 7.2.0 and versions 7.0.0 through 7.0.7 may allow a remote authenticated read-only user to modify the interface settings via the API. | |||||
| CVE-2022-38372 | 1 Fortinet | 1 Fortitester | 2022-11-04 | N/A | 6.7 MEDIUM |
| A hidden functionality vulnerability [CWE-1242] in FortiTester CLI 2.3.0 through 3.9.1, 4.0.0 through 4.2.0, 7.0.0 through 7.1.0 may allow a local, privileged user to obtain a root shell on the device via an undocumented command. | |||||
| CVE-2022-44622 | 1 Jetbrains | 1 Teamcity | 2022-11-04 | N/A | 5.3 MEDIUM |
| In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive | |||||
| CVE-2022-2475 | 1 Haascnc | 2 Haas Controller, Haas Controller Firmware | 2022-11-02 | N/A | 8.8 HIGH |
| Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. | |||||
| CVE-2022-24670 | 1 Forgerock | 1 Access Management | 2022-10-31 | N/A | 6.5 MEDIUM |
| An attacker can use the unrestricted LDAP queries to determine configuration entries | |||||
| CVE-2021-27855 | 1 Fatpipeinc | 6 Ipvpn, Ipvpn Firmware, Mpvpn and 3 more | 2022-10-29 | 6.5 MEDIUM | 8.8 HIGH |
| FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001. | |||||
| CVE-2021-0129 | 4 Bluez, Debian, Linux and 1 more | 4 Bluez, Debian Linux, Linux Kernel and 1 more | 2022-10-29 | 2.7 LOW | 5.7 MEDIUM |
| Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. | |||||
| CVE-2022-29948 | 1 Lepin Ep-kp001 Project | 2 Lepin Ep-kp001, Lepinep-kp001 Firmware | 2022-10-29 | 2.1 LOW | 4.6 MEDIUM |
| Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode is known, it is possible to successfully unlock the target device and read the stored data in cleartext. | |||||