Total
4025 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38180 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 5.3 Medium |
| In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases | ||||
| CVE-2022-38081 | 1 Openharmony | 1 Openharmony | 2024-11-21 | 6.2 Medium |
| OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. | ||||
| CVE-2022-38064 | 1 Openharmony | 1 Openharmony | 2024-11-21 | 6.2 Medium |
| OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. | ||||
| CVE-2022-37397 | 1 Yugabyte | 1 Yugabytedb | 2024-11-21 | 8.3 High |
| An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password. | ||||
| CVE-2022-37164 | 1 Ontrack Project | 1 Ontrack | 2024-11-21 | 9.8 Critical |
| Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes. | ||||
| CVE-2022-37163 | 1 Ihatetobudget Project | 1 Ihatetobudget | 2024-11-21 | 9.8 Critical |
| Bminusl IHateToBudget v1.5.7 employs a weak password policy which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. Additionally, user passwords are hashed without a salt or pepper making it much easier for tools like hashcat to crack the hashes. | ||||
| CVE-2022-36755 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | ||||
| CVE-2022-36524 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2024-11-21 | 7.5 High |
| D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh. | ||||
| CVE-2022-36436 | 1 Osuosl | 1 Twisted Vnc Authentication Proxy | 2024-11-21 | 9.8 Critical |
| OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. A remote attacker with network access to the proxy server could leverage this vulnerability to connect to VNC servers protected by the proxy server without providing any authentication credentials. Exploitation of this issue requires that the proxy server is currently accepting connections for the target VNC server. | ||||
| CVE-2022-36412 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 9.8 Critical |
| In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.) | ||||
| CVE-2022-35843 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 7.7 High |
| An authentication bypass by assumed-immutable data vulnerability [CWE-302] in the FortiOS SSH login component 7.2.0, 7.0.0 through 7.0.7, 6.4.0 through 6.4.9, 6.2 all versions, 6.0 all versions and FortiProxy SSH login component 7.0.0 through 7.0.5, 2.0.0 through 2.0.10, 1.2.0 all versions may allow a remote and unauthenticated attacker to login into the device via sending specially crafted Access-Challenge response from the Radius server. | ||||
| CVE-2022-35629 | 1 Rapid7 | 1 Velociraptor | 2024-11-21 | 5.4 Medium |
| Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2. | ||||
| CVE-2022-35248 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 8.8 High |
| A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that allowed two factor authentication can be bypassed when telling the server to use CAS during login. | ||||
| CVE-2022-35203 | 1 Trendnet | 2 Tv-ip572pi, Tv-ip572pi Firmware | 2024-11-21 | 7.2 High |
| An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information. | ||||
| CVE-2022-35198 | 1 Contract Management System Project | 1 Contract Managment System | 2024-11-21 | 7.5 High |
| Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information. | ||||
| CVE-2022-35142 | 1 Raneto Project | 1 Raneto | 2024-11-21 | 7.5 High |
| An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter. | ||||
| CVE-2022-34919 | 1 Zengenti | 1 Contensis | 2024-11-21 | 9.8 Critical |
| The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands. | ||||
| CVE-2022-34887 | 1 Lenovo | 6 G263dns, G263dns Firmware, Gm265dn and 3 more | 2024-11-21 | 4.3 Medium |
| Standard users can directly operate and set printer configuration information , such as IP, in some Lenovo Printers without having to authenticate with the administrator password. | ||||
| CVE-2022-34575 | 1 Wavlink | 1 Wifi-repeater Firmware | 2024-11-21 | 5.7 Medium |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the key information of the device via accessing fctest.shtml. | ||||
| CVE-2022-34535 | 1 Dw | 2 Megapix, Megapix Firmware | 2024-11-21 | 7.5 High |
| Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows unauthenticated attackers to view internal paths and scripts via web files. | ||||