Total
1442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24562 | 1 Iobit | 1 Iotransfer | 2024-11-21 | 9.8 Critical |
| In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution. | ||||
| CVE-2022-24396 | 1 Sap | 1 Simple Diagnostics Agent | 2024-11-21 | 7.8 High |
| The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations. | ||||
| CVE-2022-24190 | 1 Sz-fujia | 1 Ourphoto | 2024-11-21 | 7.5 High |
| The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind request, without the end-users approval or interaction. | ||||
| CVE-2022-24111 | 1 Mahara | 1 Mahara | 2024-11-21 | 5.3 Medium |
| In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known. | ||||
| CVE-2022-23945 | 1 Apache | 1 Shenyu | 2024-11-21 | 7.5 High |
| Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | ||||
| CVE-2022-23944 | 1 Apache | 1 Shenyu | 2024-11-21 | 9.1 Critical |
| User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1. | ||||
| CVE-2022-23719 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2024-11-21 | 7.2 High |
| PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication. | ||||
| CVE-2022-23345 | 1 Bigantsoft | 1 Bigant Server | 2024-11-21 | 7.5 High |
| BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. | ||||
| CVE-2022-23220 | 4 Canonical, Debian, Gentoo and 1 more | 4 Ubuntu Linux, Debian Linux, Linux and 1 more | 2024-11-21 | 7.8 High |
| USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo. | ||||
| CVE-2022-22809 | 1 Schneider-electric | 6 Fellerlynk, Fellerlynk Firmware, Spacelynk and 3 more | 2024-11-21 | 5.3 Medium |
| A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) | ||||
| CVE-2022-22652 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 6.1 Medium |
| The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen. | ||||
| CVE-2022-22576 | 6 Brocade, Debian, Haxx and 3 more | 18 Fabric Operating System, Debian Linux, Curl and 15 more | 2024-11-21 | 8.1 High |
| An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). | ||||
| CVE-2022-22526 | 1 Gavazziautomation | 3 Cpy Car Park Server, Uwp 3.0 Monitoring Gateway And Controller, Uwp 3.0 Monitoring Gateway And Controller Firmware | 2024-11-21 | 9.8 Critical |
| In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing authentication allows for full access via API. | ||||
| CVE-2022-22309 | 1 Ibm | 2 Power System S922, Power System S922 Firmware | 2024-11-21 | 6.8 Medium |
| The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095. | ||||
| CVE-2022-21952 | 1 Suse | 1 Manager Server | 2024-11-21 | 7.5 High |
| A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37. | ||||
| CVE-2022-21816 | 1 Nvidia | 2 Cloud Gaming Virtual Gpu, Virtual Gpu | 2024-11-21 | 5.5 Medium |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service. | ||||
| CVE-2022-21691 | 1 Onionshare | 1 Onionshare | 2024-11-21 | 4.3 Medium |
| OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions chat participants can spoof their channel leave message, tricking others into assuming they left the chatroom. | ||||
| CVE-2022-20861 | 1 Cisco | 1 Nexus Dashboard | 2024-11-21 | 9.8 Critical |
| Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20858 | 1 Cisco | 1 Nexus Dashboard | 2024-11-21 | 9.8 Critical |
| Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20857 | 1 Cisco | 1 Nexus Dashboard | 2024-11-21 | 9.8 Critical |
| Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. For more information about these vulnerabilities, see the Details section of this advisory. | ||||