CVE-2022-2166 Improper Restriction of Excessive Authentication Attempts in mastodon/mastodon

Improper Restriction of Excessive Authentication Attempts in GitHub repository mastodon/mastodon prior to 4.0.0...

CVE-2022-38385

IBM Cloud Pak for Security CP4S 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777...

CVE-2022-21794

Improper authentication in BIOS firmware for some IntelR NUC Boards, IntelR NUC Business, IntelR NUC Enthusiast, IntelR NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2022-29893

Improper authentication in firmware for IntelR AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access...

Intel NUC Kit 授权问题漏洞

The Intel NUC Kit is a small desktop computer from Intel Corporation USA. A security vulnerability exists in versions prior to Intel NUC Kit RY0386 that stems from improper authentication of its BIOS firmware may allow authenticated users to potentially escalate privileges through local access...

CVE-2022-41978 WordPress Zoho CRM Lead Magnet plugin <= 1.7.5.8 - Auth. Arbitrary Options Update vulnerability

Auth. subscriber+ Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin = 1.7.5.8 on WordPress...

CVE-2022-29836 Post-Auth Path Traversal Vulnerability Allows to Custom Package Installation via HTTP API

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file...

CVE-2022-30515

ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an attacker to view them through filename enumeration...

CVE-2022-40230

"IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532."...

CVE-2022-41688

Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...

CVE-2022-40202

The database backup function in Delta Electronics InfraSuite Device Master Versions 00.00.01a and prior lacks proper authentication. An attacker could provide malicious serialized objects which, when deserialized, could activate an opcode for a backup scheduling function without authentication...

CVE-2022-26884 Apache DolphinScheduler exposes files without authentication

Users can read any files by log server, Apache DolphinScheduler users should upgrade to version 2.0.6 or higher...

PT-2022-23597 · Unknown · Sourcecodester Sanitization Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Sanitization Management System version 1.0 Description: A critical issue has been found, affecting an unknown functionality, which leads to missing authentication. This issue can be exploited remotely. Recommendations: For...

PT-2022-7180 · Free5Gc · Free5Gc

Name of the Vulnerable Software and Affected Versions: Free5gc version 3.2.1 Description: The issue is related to information disclosure due to a lack of authentication for a critical function in the free5GC software, which is used for organizing 5G mobile network communications. This allows a...

CVE-2022-2533

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions...

CVE-2022-2533

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. GitLab was not performing correct authentication with some Package Registries when IP address restrictions...

GoCD 安全漏洞

GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0 that originates from allowing an authenticated agent to impersonate another agent, resulting in an access control outage and incorrect authentication of agent tokens in the GoCD server to...

CVE-2022-41489

WAYOS LQ09 22.03.17V was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to send crafted requests to the server from the affected device. This vulnerability is exploitable due to a lack of authentication in the component Usbupload.htm...

Trend Micro Apex One 信任管理问题漏洞

Trend Micro Apex One is an endpoint protection software from Trend Micro, Inc. Trend Micro Apex One 2019 on-prem, SaaS version has a trust management issue vulnerability that stems from the Apex One agent not being properly authenticated, which could be exploited by an attacker to load DLL files...

PT-2022-15493 · Carlo Gavazzi · Carlo Gavazzi Uwp3.0

Name of the Vulnerable Software and Affected Versions: Carlo Gavazzi UWP3.0 affected versions not specified CPY Car Park Server version 2.8.3 Description: An improper authentication issue exists, allowing an authentication bypass in the context of an unauthorized user if free-access is disabled...