Total
427 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35629 | 1 Rapid7 | 1 Velociraptor | 2024-11-21 | 5.4 Medium |
| Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2. | ||||
| CVE-2022-33991 | 1 Dproxy-nexgen Project | 1 Dproxy-nexgen | 2024-11-21 | 5.3 Medium |
| dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers. | ||||
| CVE-2022-32983 | 1 Nic | 1 Knot Resolver | 2024-11-21 | 5.3 Medium |
| Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. | ||||
| CVE-2022-32744 | 1 Samba | 1 Samba | 2024-11-21 | 8.8 High |
| A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover. | ||||
| CVE-2022-30319 | 1 Honeywell | 1 Saia Pg5 Controls Suite | 2024-11-21 | 8.1 High |
| Saia Burgess Controls (SBC) PCD through 2022-05-06 allows Authentication bypass. According to FSCT-2022-0062, there is a Saia Burgess Controls (SBC) PCD S-Bus authentication bypass issue. The affected components are characterized as: S-Bus (5050/UDP) authentication. The potential impact is: Authentication bypass. The Saia Burgess Controls (SBC) PCD controllers utilize the S-Bus protocol (5050/UDP) for a variety of engineering purposes. It is possible to configure a password in order to restrict access to sensitive engineering functionality. Authentication functions on the basis of a MAC/IP whitelist with inactivity timeout to which an authenticated client's MAC/IP is stored. UDP traffic can be spoofed to bypass the whitelist-based access control. Since UDP is stateless, an attacker capable of passively observing traffic can spoof arbitrary messages using the MAC/IP of an authenticated client. This allows the attacker access to sensitive engineering functionality such as uploading/downloading control logic and manipulating controller configuration. | ||||
| CVE-2022-2368 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.5 Medium |
| Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. | ||||
| CVE-2022-2324 | 1 Sonicwall | 1 Email Security | 2024-11-21 | 7.5 High |
| Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions | ||||
| CVE-2022-2310 | 1 Skyhighsecurity | 1 Secure Web Gateway | 2024-11-21 | 10 Critical |
| An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of SWG incorrectly whitelisting authentication bypass methods and using a weak crypto password. This can lead to the attacker logging into the SWG admin interface, without valid credentials, as the super user with complete control over the SWG. | ||||
| CVE-2022-26505 | 2 Debian, Readymedia Project | 2 Debian Linux, Readymedia | 2024-11-21 | 7.4 High |
| A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. | ||||
| CVE-2022-23949 | 1 Keylime | 1 Keylime | 2024-11-21 | 7.5 High |
| In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar. | ||||
| CVE-2022-22476 | 1 Ibm | 2 Open Liberty, Websphere Application Server | 2024-11-21 | 8.8 High |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604. | ||||
| CVE-2022-21142 | 1 Appleple | 1 A-blog Cms | 2024-11-21 | 9.8 Critical |
| Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74, Ver.2.9.x series versions prior to Ver.2.9.39, Ver.2.10.x series versions prior to Ver.2.10.43, and Ver.2.11.x series versions prior to Ver.2.11.41 allows a remote unauthenticated attacker to bypass authentication under the specific condition. | ||||
| CVE-2022-1495 | 1 Google | 2 Android, Chrome | 2024-11-21 | 4.3 Medium |
| Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page. | ||||
| CVE-2022-1307 | 1 Google | 2 Android, Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2022-1306 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2022-1129 | 1 Google | 2 Android, Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2022-0030 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 8.1 High |
| An authentication bypass vulnerability in the Palo Alto Networks PAN-OS 8.1 web interface allows a network-based attacker with specific knowledge of the target firewall or Panorama appliance to impersonate an existing PAN-OS administrator and perform privileged actions. | ||||
| CVE-2021-44420 | 5 Canonical, Debian, Djangoproject and 2 more | 7 Ubuntu Linux, Debian Linux, Django and 4 more | 2024-11-21 | 7.3 High |
| In Django 2.2 before 2.2.25, 3.1 before 3.1.14, and 3.2 before 3.2.10, HTTP requests for URLs with trailing newlines could bypass upstream access control based on URL paths. | ||||
| CVE-2021-43807 | 1 Apereo | 1 Opencast | 2024-11-21 | 7.5 High |
| Opencast is an Open Source Lecture Capture & Video Management for Education. Opencast versions prior to 9.10 allow HTTP method spoofing, allowing to change the assumed HTTP method via URL parameter. This allows attackers to turn HTTP GET requests into PUT requests or an HTTP form to send DELETE requests. This bypasses restrictions otherwise put on these types of requests and aids in cross-site request forgery (CSRF) attacks, which would otherwise not be possible. The vulnerability allows attackers to craft links or forms which may change the server state. This issue is fixed in Opencast 9.10 and 10.0. You can mitigate the problem by setting the `SameSite=Strict` attribute for your cookies. If this is a viable option for you depends on your integrations. We strongly recommend updating in any case. | ||||
| CVE-2021-43310 | 1 Keylime | 1 Keylime | 2024-11-21 | 9.8 Critical |
| A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution. | ||||