PT-2022-24832 · Arvados · Arvados

Name of the Vulnerable Software and Affected Versions: Arvados versions prior to 2.4.3 Description: The issue affects Arvados, an open source platform for managing and analyzing biomedical big data. When using Portable Authentication Modules PAM for user authentication, if a user presents valid...

CVE-2021-33076

Improper authentication in firmware for some IntelR SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access...

PT-2022-6341 · Unknown · Mklogic-500

Name of the Vulnerable Software and Affected Versions: MKLogic-500 affected versions not specified Description: The issue is related to a lack of authentication for a critical function in the MKLogic-500 PLC configuration protocol. This could allow a remote attacker to modify the device's logic,...

PT-2022-11750 · Unknown +1 · Hoteldruid Hotel Management +1

Name of the Vulnerable Software and Affected Versions: HotelDruid Hotel Management Software version 3.0.3 Description: The issue concerns the controlla login function in the software, which generates a predictable session token. This predictability allows attackers to bypass authentication throug...

CVE-2022-36105 User Enumeration via Response Timing in TYPO3

TYPO3 is an open source PHP based web content management system released under the GNU GPL. It has been discovered that observing response time during user authentication backend and frontend can be used to distinguish between existing and non-existing user accounts. Extension authors of 3rd part...

PT-2022-24996 · Sap · Sap Gui For Html

Name of the Vulnerable Software and Affected Versions: SAP GUI for HTML affected versions not specified Description: The issue allows an attacker with no prior authentication to craft and send malicious scripts to SAP GUI for HTML within Fiori Launchpad, resulting in a reflected cross-site...

PT-2022-17826 · Baxter · Baxter Spectrum Wbm

Name of the Vulnerable Software and Affected Versions: Baxter Spectrum WBM affected versions not specified Description: The issue concerns a lack of mutual authentication with the gateway server host. This could allow an attacker to perform a man-in-the-middle attack, modifying parameters to caus...

CVE-2022-31020 Remote code execution in Indy's NODE_UPGRADE transaction

Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the pool-upgrade request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The pool-upgrade request...

CVE-2022-36640

influxData influxDB before v1.8.10 contains no authentication mechanism or controls, allowing unauthenticated attackers to execute arbitrary commands. NOTE: the CVE ID assignment is disputed because the vendor's documentation states "If InfluxDB is being deployed on a publicly accessible endpoint...

PT-2022-4607 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.10 through 15.1.6 GitLab versions 15.2 through 15.2.4 GitLab versions 15.3 through 15.3.2 Description: The issue is related to incorrect authentication with some Package Registries when IP address restrictions are configure...

PT-2022-8928 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: keycloak versions 11.0.3 through 13.0.0 Description: A flaw was found in the direct-grant authenticator of keycloak, where an expired certificate would be accepted due to missing time stamp validations. The highest threat from this issue is t...

CVE-2022-2377

The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog...

CVE-2022-24378

Improper initialization in the IntelR Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access...

CVE-2022-38368

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. Because Gateway API functions mishandle authentication, an authenticated VPN user can inject arbitrary commands...

PT-2022-24390 · Aviatrix · Aviatrix Gateway

Name of the Vulnerable Software and Affected Versions: Aviatrix Gateway versions prior to 6.6.5712 Aviatrix Gateway versions 6.7.x prior to 6.7.1376 Description: An issue was discovered in Aviatrix Gateway where Gateway API functions mishandle authentication. This allows an authenticated VPN user...

PT-2022-18546 · Sourcecodester · Sourcecodester Company Website Cms

Name of the Vulnerable Software and Affected Versions: SourceCodester Company Website CMS version 1.0 Description: A critical issue has been found, affecting an unknown functionality of the file /dashboard/settings, leading to improper authentication. The attack can be launched remotely...

When a user is given the owner privilege of multiple MIMOProxy through transferOwnership, the user cannot choose which MIMOProxy to use as the current Proxy

Lines of code Vulnerability details Impact currentProxies is only set when the user calls the deployFor function of the MIMOProxyRegistry contract, function deployForaddress owner public override returns IMIMOProxy proxy IMIMOProxy currentProxy = currentProxiesowner; // Do not deploy if the proxy...

CVE-2022-36296 WordPress ActiveDEMAND plugin <= 0.2.27 - Broken Authentication vulnerability

Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin = 0.2.27 at WordPress allows unauthenticated post update/create/delete...

PT-2022-17203 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 12.5 through 15.0.4 GitLab EE versions 15.1 through 15.1.3 GitLab EE versions 15.2 through 15.2.0 Description: An issue has been discovered in GitLab EE where it was not performing correct authentication on Grafana API unde...

PT-2022-22634 · Unknown · Omicard Edm

Name of the Vulnerable Software and Affected Versions: OMICARD EDM affected versions not specified Description: The mail image relay function in OMICARD EDM has a path traversal issue. This allows an unauthenticated remote attacker to bypass authentication and access arbitrary system files...