Total
3658 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-20779 | 1 Cisco | 1 Enterprise Nfv Infrastructure Software | 2024-11-21 | 9.9 Critical |
| Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20777 | 1 Cisco | 1 Enterprise Nfv Infrastructure Software | 2024-11-21 | 9.9 Critical |
| Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2022-20762 | 1 Cisco | 1 Ultra Cloud Core - Subscriber Microservices Infrastructure | 2024-11-21 | 7.8 High |
| A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core - Subscriber Microservices Infrastructure (SMI) software could allow an authenticated, local attacker to escalate privileges on an affected device. This vulnerability is due to insufficient access control in the affected CLI. An attacker could exploit this vulnerability by authenticating as a CEE ConfD CLI user and executing a specific CLI command. A successful exploit could allow an attacker to access privileged containers with root privileges. | ||||
| CVE-2022-20732 | 1 Cisco | 1 Virtualized Infrastructure Manager | 2024-11-21 | 7.8 High |
| A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager (VIM) could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain configuration files. An attacker with low-privileged credentials could exploit this vulnerability by accessing an affected device and reading the affected configuration files. A successful exploit could allow the attacker to obtain internal database credentials, which the attacker could use to view and modify the contents of the database. The attacker could use this access to the database to elevate privileges on the affected device. | ||||
| CVE-2022-20728 | 1 Cisco | 52 Aironet 1542d, Aironet 1542d Firmware, Aironet 1542i and 49 more | 2024-11-21 | 4.7 Medium |
| A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed. | ||||
| CVE-2022-20716 | 1 Cisco | 7 Catalyst Sd-wan Manager, Sd-wan, Sd-wan Solution and 4 more | 2024-11-21 | 7.8 High |
| A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. | ||||
| CVE-2022-20696 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vmanage | 2024-11-21 | 7.5 High |
| A vulnerability in the binding configuration of Cisco SD-WAN vManage Software containers could allow an unauthenticated, adjacent attacker who has access to the VPN0 logical network to also access the messaging service ports on an affected system. This vulnerability exists because the messaging server container ports on an affected system lack sufficient protection mechanisms. An attacker could exploit this vulnerability by connecting to the messaging service ports of the affected system. To exploit this vulnerability, the attacker must be able to send network traffic to interfaces within the VPN0 logical network. This network may be restricted to protect logical or physical adjacent networks, depending on device deployment configuration. A successful exploit could allow the attacker to view and inject messages into the messaging service, which can cause configuration changes or cause the system to reload. | ||||
| CVE-2022-1958 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960. | ||||
| CVE-2022-1631 | 1 Microweber | 1 Microweber | 2024-11-21 | 8.8 High |
| Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account. | ||||
| CVE-2022-1553 | 1 Publify Project | 1 Publify | 2024-11-21 | 4.9 Medium |
| Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users. | ||||
| CVE-2022-1025 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 8.8 High |
| All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. | ||||
| CVE-2022-0824 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | ||||
| CVE-2022-0732 | 1 1byte | 9 Copy9, Exactspy, Fonetracker and 6 more | 2024-11-21 | 7.5 High |
| The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. | ||||
| CVE-2022-0731 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.5 Medium |
| Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
| CVE-2022-0727 | 1 Framasoft | 1 Peertube | 2024-11-21 | 5.4 Medium |
| Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. | ||||
| CVE-2022-0574 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.5 Medium |
| Improper Access Control in GitHub repository publify/publify prior to 9.2.8. | ||||
| CVE-2022-0541 | 1 Flothemes | 1 Flo-launch | 2024-11-21 | 9.8 Critical |
| The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value. | ||||
| CVE-2022-0405 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 4.3 Medium |
| Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16. | ||||
| CVE-2022-0273 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 6.5 Medium |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. | ||||
| CVE-2022-0270 | 1 Mirantis | 1 Bored-agent | 2024-11-21 | 8.8 High |
| Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups. | ||||