ReportizFlow
Filtered by vendor
Subscriptions
Total
539 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23774 | 1 Motorola | 5 Ebts Mbts Base Radio, Ebts Site Controller, Ebts Site Controller Firmware and 2 more | 2024-11-21 | 8.4 High |
| Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device. | ||||
| CVE-2023-22292 | 4 Apple, Google, Intel and 1 more | 4 Iphone Os, Android, Unison Software and 1 more | 2024-11-21 | 7.3 High |
| Uncaught exception for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-21409 | 1 Axis | 1 License Plate Verifier | 2024-11-21 | 8.4 High |
| Due to insufficient file permissions, unprivileged users could gain access to unencrypted administrator credentials allowing the configuration of the application. | ||||
| CVE-2023-21408 | 1 Axis | 1 License Plate Verifier | 2024-11-21 | 8.4 High |
| Due to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials that are used in the integration interface towards 3rd party systems. | ||||
| CVE-2023-20243 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 8.6 High |
| A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets. This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS accounting request packet to Cisco ISE. An attacker could also exploit this vulnerability by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service. Clients already authenticated to the network would not be affected. Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. For more information, see the Details ["#details"] section of this advisory. | ||||
| CVE-2022-48619 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap. | ||||
| CVE-2022-44652 | 1 Trendmicro | 1 Apex One | 2024-11-21 | 7.8 High |
| An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2022-44030 | 1 Redmine | 1 Redmine | 2024-11-21 | 7.5 High |
| Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user. | ||||
| CVE-2022-41917 | 1 Amazon | 1 Opensearch | 2024-11-21 | 4.3 Medium |
| OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of potentially impacted files is limited to text files with read permissions allowed in the Java Security Manager policy configuration. OpenSearch version 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2022-3279 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.7 Low |
| An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs | ||||
| CVE-2022-3175 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 5.3 Medium |
| Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2. | ||||
| CVE-2022-39912 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. | ||||
| CVE-2022-39886 | 1 Google | 1 Android | 2024-11-21 | 5.9 Medium |
| Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. | ||||
| CVE-2022-39885 | 1 Google | 1 Android | 2024-11-21 | 5.9 Medium |
| Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. | ||||
| CVE-2022-39872 | 1 Samsung | 1 Sharelive | 2024-11-21 | 5.9 Medium |
| Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-39271 | 1 Traefik | 1 Traefik | 2024-11-21 | 7.5 High |
| Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds. | ||||
| CVE-2022-36923 | 1 Zohocorp | 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more | 2024-11-21 | 7.5 High |
| Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs. | ||||
| CVE-2022-36874 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | 5.9 Medium |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number. | ||||
| CVE-2022-36287 | 1 Intel | 1 Field Programmable Gate Array Crypto Service Server | 2024-11-21 | 4 Medium |
| Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access. | ||||
| CVE-2022-35295 | 1 Sap | 1 Host Agent | 2024-11-21 | 4.9 Medium |
| In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. | ||||