Total
3969 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-48683 | 1 Apple | 1 Macos | 2024-11-21 | 8.6 High |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13. An app may be able to break out of its sandbox. | ||||
| CVE-2022-48615 | 1 Huawei | 2 Ar617vw, Ar617vw Firmware | 2024-11-21 | 4.8 Medium |
| An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information. | ||||
| CVE-2022-47558 | 1 Ormazabal | 4 Ekorccp, Ekorccp Firmware, Ekorrci and 1 more | 2024-11-21 | 9.4 Critical |
| Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install rootkits or backdoors. | ||||
| CVE-2022-47036 | 2024-11-21 | 9.8 Critical | ||
| Siklu TG Terragraph devices before approximately 2.1.1 have a hardcoded root password that has been revealed via a brute force attack on an MD5 hash. It can be used for "debug login" by an admin. NOTE: the vulnerability is not fixed by the 2.1.1 firmware; instead, it is fixed in newer hardware, which would typically be used with firmware 2.1.1 or later. | ||||
| CVE-2022-46025 | 1 Totolink | 2 N200re V5, N200re V5 Firmware | 2024-11-21 | 9.1 Critical |
| Totolink N200RE_V5 V9.3.5u.6255_B20211224 is vulnerable to Incorrect Access Control. The device allows remote attackers to obtain Wi-Fi system information, such as Wi-Fi SSID and Wi-Fi password, without logging into the management page. | ||||
| CVE-2022-45929 | 2024-11-21 | 8.8 High | ||
| Northern.tech Mender 3.3.x before 3.3.2, 3.5.x before 3.5.0, and 3.6.x before 3.6.0 has Incorrect Access Control and allows users to change their roles and could allow privilege escalation from a low-privileged read-only user to a high-privileged user. | ||||
| CVE-2022-45112 | 1 Intel | 1 Virtual Raid On Cpu | 2024-11-21 | 7.3 High |
| Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-41689 | 1 Intel | 1 In-band Manageability | 2024-11-21 | 7.3 High |
| Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-41659 | 1 Intel | 1 Unison | 2024-11-21 | 1.9 Low |
| Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2022-40539 | 1 Qualcomm | 50 Qam8295p, Qam8295p Firmware, Qca6574au and 47 more | 2024-11-21 | 8.4 High |
| Memory corruption in Automotive Android OS due to improper validation of array index. | ||||
| CVE-2022-40529 | 1 Qualcomm | 392 Aqt1000, Aqt1000 Firmware, Ar8031 and 389 more | 2024-11-21 | 7.1 High |
| Memory corruption due to improper access control in kernel while processing a mapping request from root process. | ||||
| CVE-2022-3746 | 1 Lenovo | 174 Ideapad 1-14ijl7, Ideapad 1-14ijl7 Firmware, Ideapad 1-15ijl7 and 171 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to cause some peripherals to work abnormally due to an exposed Embedded Controller (EC) interface. | ||||
| CVE-2022-3182 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | 7.0 High |
| Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions. | ||||
| CVE-2022-3065 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. | ||||
| CVE-2022-3019 | 1 Tooljet | 1 Tooljet | 2024-11-21 | 8.8 High |
| The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one). | ||||
| CVE-2022-39946 | 1 Fortinet | 1 Fortinac | 2024-11-21 | 7.2 High |
| An access control vulnerability [CWE-284] in FortiNAC version 9.4.2 and below, version 9.2.7 and below, 9.1 all versions, 8.8 all versions, 8.7 all versions, 8.6 all versions, 8.5 all versions may allow a remote attackerĀ authenticated on the administrative interface to perform unauthorized jsp calls via crafted HTTP requests. | ||||
| CVE-2022-39878 | 1 Samsung | 1 Checkout | 2024-11-21 | 4 Medium |
| Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast. | ||||
| CVE-2022-39875 | 1 Samsung | 1 Account | 2024-11-21 | 5.1 Medium |
| Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | ||||
| CVE-2022-39871 | 1 Samsung | 1 Smartthings | 2024-11-21 | 4 Medium |
| Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. | ||||
| CVE-2022-39870 | 1 Samsung | 1 Smartthings | 2024-11-21 | 4 Medium |
| Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. | ||||