Export limit exceeded: 10396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10396 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27948 | 1 Tesla | 6 Model 3, Model 3 Firmware, Model S and 3 more | 2024-11-21 | 7.2 High |
| Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as intended | ||||
| CVE-2022-27836 | 1 Google | 1 Android | 2024-11-21 | 8.4 High |
| Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access. | ||||
| CVE-2022-27669 | 1 Sap | 1 Netweaver Application Server For Java | 2024-11-21 | 7.5 High |
| An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges. | ||||
| CVE-2022-27668 | 1 Sap | 4 Netweaver As Abap, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc and 1 more | 2024-11-21 | 9.8 Critical |
| Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. | ||||
| CVE-2022-27658 | 1 Sap | 1 Innovation Management | 2024-11-21 | 7.5 High |
| Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks. | ||||
| CVE-2022-27609 | 1 Forcepoint | 1 One Endpoint | 2024-11-21 | 6 Medium |
| Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of services by users with Administrator privileges. This could result in a user disabling Forcepoint One Endpoint and the protection offered by it. | ||||
| CVE-2022-27608 | 1 Forcepoint | 1 One Endpoint | 2024-11-21 | 6 Medium |
| Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to registry key tampering by users with Administrator privileges. This could result in a user disabling anti-tampering mechanisms which would then allow the user to disable Forcepoint One Endpoint and the protection offered by it. | ||||
| CVE-2022-27575 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. | ||||
| CVE-2022-27551 | 1 Hcltechsw | 1 Hcl Launch | 2024-11-21 | 5.3 Medium |
| HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. | ||||
| CVE-2022-27480 | 1 Siemens | 4 Sicam A8000 Cp-8031, Sicam A8000 Cp-8031 Firmware, Sicam A8000 Cp-8050 and 1 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. | ||||
| CVE-2022-27215 | 1 Jenkins | 1 Release Helper | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | ||||
| CVE-2022-27211 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | ||||
| CVE-2022-27209 | 1 Jenkins | 1 Kubernetes Continuous Deploy | 2024-11-21 | 6.5 Medium |
| A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-27205 | 1 Jenkins | 1 Extended Choice Parameter | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | ||||
| CVE-2022-27199 | 1 Jenkins | 1 Cloudbees Aws Credentials | 2024-11-21 | 4.3 Medium |
| A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | ||||
| CVE-2022-27134 | 1 B1 | 1 Eosio Batdappboomx | 2024-11-21 | 7.5 High |
| EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the `std::string memo` parameter. | ||||
| CVE-2022-27055 | 1 Ecjia | 1 Daojia | 2024-11-21 | 7.5 High |
| ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor disputes this because the environment file is in the data directory, which is not intended for access by website visitors (only the statics directory can be accessed by website visitors) | ||||
| CVE-2022-26676 | 1 Aenrich | 1 A\+hrd | 2024-11-21 | 9.8 Critical |
| aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use the API function to upload and execute malicious scripts to control the system or disrupt service. | ||||
| CVE-2022-26668 | 1 Asus | 1 Control Center | 2024-11-21 | 7.3 High |
| ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service. | ||||
| CVE-2022-26629 | 3 Linux, Microsoft, Splus | 3 Linux Kernel, Windows, Soroushplus | 2024-11-21 | 9.1 Critical |
| An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function. | ||||