Search Results (12679 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0916 1 Logitech 1 Options 2024-11-21 8.4 High
An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations.
CVE-2022-0910 1 Zyxel 64 Atp100, Atp100 Firmware, Atp100w and 61 more 2024-11-21 6.5 Medium
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.
CVE-2022-0862 1 Mcafee 1 Epolicy Orchestrator 2024-11-21 3.1 Low
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote attacker to change the password of a compromised session without knowing the existing user's password. This functionality was removed from the User Interface in ePO 10 and the API has now been disabled. Other protection is in place to reduce the likelihood of this being successful through sending a link to a logged in user.
CVE-2022-0860 2 Cobbler Project, Fedoraproject 2 Cobbler, Fedora 2024-11-21 9.1 Critical
Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.
CVE-2022-0829 1 Webmin 1 Webmin 2024-11-21 8.1 High
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
CVE-2022-0824 1 Webmin 1 Webmin 2024-11-21 8.8 High
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
CVE-2022-0821 1 Orchardcore 1 Orchardcore 2024-11-21 6.5 Medium
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
CVE-2022-0732 1 1byte 9 Copy9, Exactspy, Fonetracker and 6 more 2024-11-21 7.5 High
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability.
CVE-2022-0731 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 6.5 Medium
Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.
CVE-2022-0730 3 Cacti, Debian, Fedoraproject 3 Cacti, Debian Linux, Fedora 2024-11-21 9.8 Critical
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
CVE-2022-0727 1 Framasoft 1 Peertube 2024-11-21 5.4 Medium
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.
CVE-2022-0587 1 Librenms 1 Librenms 2024-11-21 6.5 Medium
Improper Authorization in Packagist librenms/librenms prior to 22.2.0.
CVE-2022-0574 1 Publify Project 1 Publify 2024-11-21 6.5 Medium
Improper Access Control in GitHub repository publify/publify prior to 9.2.8.
CVE-2022-0541 1 Flothemes 1 Flo-launch 2024-11-21 9.8 Critical
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.
CVE-2022-0540 1 Atlassian 3 Jira Data Center, Jira Server, Jira Service Management 2024-11-21 9.8 Critical
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
CVE-2022-0406 1 Janeczku 1 Calibre-web 2024-11-21 4.3 Medium
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
CVE-2022-0405 1 Janeczku 1 Calibre-web 2024-11-21 4.3 Medium
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
CVE-2022-0342 1 Zyxel 46 Atp100, Atp100 Firmware, Atp100w and 43 more 2024-11-21 9.8 Critical
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device.
CVE-2022-0330 4 Fedoraproject, Linux, Netapp and 1 more 52 Fedora, Linux Kernel, H300e and 49 more 2024-11-21 7.8 High
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2022-0273 1 Janeczku 1 Calibre-web 2024-11-21 6.5 Medium
Improper Access Control in Pypi calibreweb prior to 0.6.16.