ReportizFlow
Filtered by vendor
Subscriptions
Total
112 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44020 | 3 Fedoraproject, Opendev, Redhat | 4 Fedora, Sushy-tools, Virtualbmc and 1 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration." | ||||
| CVE-2022-40723 | 1 Pingidentity | 3 Pingfederate, Pingid Integration Kit, Radius Pcv | 2024-11-21 | 6.5 Medium |
| The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | ||||
| CVE-2022-3100 | 2 Openstack, Redhat | 5 Barbican, Enterprise Linux Eus, Openstack and 2 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API. | ||||
| CVE-2022-39245 | 1 Makedeb | 1 Mist | 2024-11-21 | 8.4 High |
| Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist. | ||||
| CVE-2022-38700 | 1 Openharmony | 1 Openharmony | 2024-11-21 | 8.8 High |
| OpenHarmony-v3.1.1 and prior versions have a permission bypass vulnerability. LAN attackers can bypass permission control and get control of camera service. | ||||
| CVE-2022-38081 | 1 Openharmony | 1 Openharmony | 2024-11-21 | 6.2 Medium |
| OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. LAN attackers can bypass the distributed permission control.To take advantage of this weakness, attackers need another vulnerability to obtain system. | ||||
| CVE-2022-38064 | 1 Openharmony | 1 Openharmony | 2024-11-21 | 6.2 Medium |
| OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can bypass permission control and get sensitive information. | ||||
| CVE-2022-37026 | 2 Erlang, Redhat | 2 Erlang\/otp, Openstack | 2024-11-21 | 9.8 Critical |
| In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in certain client-certification situations for SSL, TLS, and DTLS. | ||||
| CVE-2022-2651 | 1 Joinbookwyrm | 1 Bookwyrm | 2024-11-21 | 9.8 Critical |
| Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5. | ||||
| CVE-2022-23729 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| When the device is in factory state, it can be access the shell without adb authentication process. The LG ID is LVE-SMP-210010. | ||||
| CVE-2022-23551 | 1 Microsoft | 1 Azure Ad Pod Identity | 2024-11-21 | 5.3 Medium |
| aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn't have access to. This issue has been fixed and has been included in AAD Pod Identity release version 1.8.13. If using the AKS pod-managed identities add-on, no action is required. The clusters should now be running the version 1.8.13 release. | ||||
| CVE-2022-0547 | 3 Debian, Fedoraproject, Openvpn | 3 Debian Linux, Fedora, Openvpn | 2024-11-21 | 9.8 Critical |
| OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. | ||||
| CVE-2022-0451 | 1 Dart | 1 Dart Software Development Kit | 2024-11-21 | 6.5 Medium |
| Dart SDK contains the HTTPClient in dart:io library whcih includes authorization headers when handling cross origin redirects. These headers may be explicitly set and contain sensitive information. By default, HttpClient handles redirection logic. If a request is sent to example.com with authorization header and it redirects to an attackers site, they might not expect attacker site to receive authorization header. We recommend updating the Dart SDK to version 2.16.0 or beyond. | ||||
| CVE-2021-45031 | 1 Mepsan | 1 Stawiz Usc\+\+ | 2024-11-21 | 7.7 High |
| A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | ||||
| CVE-2021-43175 | 1 Goautodial | 2 Goautodial, Goautodial Api | 2024-11-21 | 7.5 High |
| The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that accepts a username, password, and action that routes to other PHP files that implement the various API functions. Vulnerable versions of GOautodial validate the username and password incorrectly, allowing the caller to specify any values for these parameters and successfully authenticate. CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C | ||||
| CVE-2021-3850 | 2 Adodb Project, Debian | 2 Adodb, Debian Linux | 2024-11-21 | 9.1 Critical |
| Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21. | ||||
| CVE-2021-3586 | 1 Redhat | 3 Openshift Service Mesh, Service Mesh, Servicemesh-operator | 2024-11-21 | 9.8 Critical |
| A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2021-3547 | 1 Openvpn | 1 Openvpn | 2024-11-21 | 7.4 High |
| OpenVPN 3 Core Library version 3.6 and 3.6.1 allows a man-in-the-middle attacker to bypass the certificate authentication by issuing an unrelated server certificate using the same hostname found in the verify-x509-name option in a client configuration. | ||||
| CVE-2021-28503 | 1 Arista | 1 Eos | 2024-11-21 | 7.4 High |
| The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. | ||||
| CVE-2021-26726 | 1 Valmet | 1 Dna | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability affecting a Valmet DNA service listening on TCP port 1517, allows an attacker to execute commands with SYSTEM privileges This issue affects: Valmet DNA versions from Collection 2012 until Collection 2021. | ||||