ReportizFlow
Filtered by vendor
Subscriptions
Total
4191 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0264 | 1 Redhat | 8 Enterprise Linux, Keycloak, Openshift Container Platform and 5 more | 2024-11-21 | 5.0 Medium |
| A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability. | ||||
| CVE-2022-47848 | 1 Bezeq | 4 Vtech Iad604-il, Vtech Iad604-il Firmware, Vtech Nb403-il and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09.13.01 and Vtech IAD604-IL versions BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T, and BZ_2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service. | ||||
| CVE-2022-46146 | 2 Prometheus, Redhat | 2 Exporter Toolkit, Openshift | 2024-11-21 | 6.2 Medium |
| Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality. | ||||
| CVE-2022-45877 | 1 Openharmony | 1 Openharmony | 2024-11-21 | 8.3 High |
| OpenHarmony-v3.1.4 and prior versions had an vulnerability. PIN code is transmitted to the peer device in plain text during cross-device authentication, which reduces the difficulty of man-in-the-middle attacks. | ||||
| CVE-2022-45860 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | 5 Medium |
| A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. | ||||
| CVE-2022-45124 | 1 Wellintech | 1 Kinghistorian | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability. | ||||
| CVE-2022-45118 | 1 Openharmony | 1 Openharmony | 2024-11-21 | 6.2 Medium |
| OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions. | ||||
| CVE-2022-44569 | 1 Ivanti | 1 Automation | 2024-11-21 | 7.8 High |
| A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication. | ||||
| CVE-2022-43451 | 1 Openharmony | 1 Openharmony | 2024-11-21 | 8.4 High |
| OpenHarmony-v3.1.2 and prior versions had an Multiple path traversal vulnerability in appspawn and nwebspawn services. Local attackers can create arbitrary directories or escape application sandbox.If chained with other vulnerabilities it would allow an unprivileged process to gain full root privileges. | ||||
| CVE-2022-40622 | 1 Wavlink | 2 Wn531g3, Wn531g3 Firmware | 2024-11-21 | 8.8 High |
| The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. Therefore, if an attacker changes their IP address to match the logged-in administrator's, or is behind the same NAT as the logged in administrator, session takeover is possible. | ||||
| CVE-2022-40536 | 1 Qualcomm | 162 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 159 more | 2024-11-21 | 7.5 High |
| Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network. | ||||
| CVE-2022-40521 | 1 Qualcomm | 484 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8953pro and 481 more | 2024-11-21 | 7.5 High |
| Transient DOS due to improper authorization in Modem | ||||
| CVE-2022-40144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 9.8 Critical |
| A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the product's login authentication by falsifying request parameters on affected installations. | ||||
| CVE-2022-3681 | 1 Motorola | 1 Mr2600 | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in the MR2600 router v1.0.18 and earlier that could allow an attacker within range of the wireless network to successfully brute force the WPS pin, potentially allowing them unauthorized access to a wireless network. | ||||
| CVE-2022-3218 | 1 Necta | 1 Wifi Mouse Server | 2024-11-21 | 9.8 Critical |
| Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution. | ||||
| CVE-2022-3173 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.3 Medium |
| Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. | ||||
| CVE-2022-3152 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 8.8 High |
| Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20. | ||||
| CVE-2022-38700 | 1 Openharmony | 1 Openharmony | 2024-11-21 | 8.8 High |
| OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. | ||||
| CVE-2022-38557 | 1 Dlink | 2 Dir-845l, Dir-845l Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | ||||
| CVE-2022-38556 | 1 Trendnet | 2 Tew733gr, Tew733gr Firmware | 2024-11-21 | 9.8 Critical |
| Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | ||||