Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43382 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 6.2 MEDIUM |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 238641.
|
|||||
| CVE-2022-43284 | 1 F5 | 1 Njs | 2024-11-21 | N/A | 7.5 HIGH |
|
Nginx NJS v0.7.2 to v0.7.4 was discovered to contain a segmentation violation via njs_scope_valid_value at njs_scope.h. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
|
|||||
| CVE-2022-42883 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Sensitive Information Disclosure vulnerability discovered by Quiz And Survey Master plugin <= 7.3.10 on WordPress.
|
|||||
| CVE-2022-42828 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 8.8 HIGH |
|
The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-42790 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. A user may be able to view restricted content from the lock screen.
|
|||||
| CVE-2022-42789 | 1 Apple | 1 Macos | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data.
|
|||||
| CVE-2022-42540 | 1 Google | 1 Android | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Elevation of privilege
|
|||||
| CVE-2022-42539 | 1 Google | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
|
Information disclosure
|
|||||
| CVE-2022-42538 | 1 Google | 1 Android | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Elevation of privilege
|
|||||
| CVE-2022-42537 | 1 Google | 1 Android | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Remote code execution
|
|||||
| CVE-2022-42536 | 1 Google | 1 Android | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Remote code execution
|
|||||
| CVE-2022-42528 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In ffa_mrd_prot of shared_mem.c, there is a possible ID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-242203672References: N/A
|
|||||
| CVE-2022-42465 | 1 Intel | 1 One Boot Flash Update | 2024-11-21 | N/A | 7.2 HIGH |
|
Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-42457 | 1 Generex | 2 Cs141, Cs141 Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
|
Generex CS141 through 2.10 allows remote command execution by administrators via a web interface that reaches run_update in /usr/bin/gxserve-update.sh (e.g., command execution can occur via a reverse shell installed by install.sh).
|
|||||
| CVE-2022-42436 | 4 Ibm, Linux, Microsoft and 1 more | 7 Aix, I, Linux On Ibm Z and 4 more | 2024-11-21 | N/A | 4.0 MEDIUM |
|
IBM MQ 8.0.0, 9.0.0, 9.1.0, 9.2.0, 9.3.0 Managed File Transfer could allow a local user to obtain sensitive information from diagnostic files. IBM X-Force ID: 238206.
|
|||||
| CVE-2022-42331 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2024-11-21 | N/A | 5.5 MEDIUM |
|
x86: speculative vulnerability in 32bit SYSCALL path Due to an oversight in the very original Spectre/Meltdown security work (XSA-254), one entrypath performs its speculation-safety actions too late. In some configurations, there is an unprotected RET instruction which can be attacked with a variety of speculative attacks.
|
|||||
| CVE-2022-42330 | 1 Xen | 1 Xen | 2024-11-21 | N/A | 7.5 HIGH |
|
Guests can cause Xenstore crash via soft reset When a guest issues a "Soft Reset" (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation. Due to a bug in xenstored this can result in a crash of xenstored. Any other use of XS_RELEASE will have the same impact.
|
|||||
| CVE-2022-42300 | 1 Veritas | 1 Netbackup | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)
|
|||||
| CVE-2022-42299 | 1 Veritas | 1 Netbackup | 2024-11-21 | N/A | 5.3 MEDIUM |
|
An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.
|
|||||
| CVE-2022-42286 | 1 Nvidia | 2 Dgx A100, Sbios | 2024-11-21 | N/A | 6.0 MEDIUM |
|
DGX A100 SBIOS contains a vulnerability in Bds, which may lead to code execution, denial of service, or escalation of privileges.
|
|||||
| CVE-2022-42282 | 1 Nvidia | 2 Bmc, Dgx A100 | 2024-11-21 | N/A | 6.5 MEDIUM |
|
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can access arbitrary files, which may lead to information disclosure.
|
|||||
| CVE-2022-42278 | 1 Nvidia | 2 Bmc, Dgx A100 | 2024-11-21 | N/A | 7.2 HIGH |
|
NVIDIA BMC contains a vulnerability in SPX REST API, where an authorized attacker can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure and data tampering.
|
|||||
| CVE-2022-42260 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2024-11-21 | N/A | 7.8 HIGH |
|
NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
|
|||||
| CVE-2022-42075 | 1 Wedding Planner Project | 1 Wedding Planner | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Wedding Planner v1.0 is vulnerable to arbitrary code execution.
|
|||||
| CVE-2022-42045 | 2 Watchdog, Zemana | 2 Anti-virus, Antimalware | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28.
|
|||||
| CVE-2022-41978 | 1 Zohocorp | 1 Zoho Crm Lead Magnet | 2024-11-21 | N/A | 8.8 HIGH |
|
Auth. (subscriber+) Arbitrary Options Update vulnerability in Zoho CRM Lead Magnet plugin <= 1.7.5.8 on WordPress.
|
|||||
| CVE-2022-41976 | 1 Scada-lts | 1 Scada-lts | 2024-11-21 | N/A | 9.9 CRITICAL |
|
An privilege escalation issue was discovered in Scada-LTS 2.7.1.1 build 2948559113 allows remote attackers, authenticated in the application as a low-privileged user to change role (e.g., to administrator) by updating their user profile.
|
|||||
| CVE-2022-41913 | 1 Discourse | 1 Calendar | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Discourse-calendar is a plugin for the Discourse messaging platform which adds the ability to create a dynamic calendar in the first post of a topic. Members of private groups or public groups with private members can be listed by users, who can create and edit post events. This vulnerability only affects sites which have discourse post events enabled. This issue has been patched in commit `ca5ae3e7e` which will be included in future releases. Users unable to upgrade should disable the `discours ...
Show More |
|||||
| CVE-2022-41853 | 2 Debian, Hsqldb | 2 Debian Linux, Hypersql Database | 2024-11-21 | N/A | 8.0 HIGH |
|
Those using java.sql.Statement or java.sql.PreparedStatement in hsqldb (HyperSQL DataBase) to process untrusted input may be vulnerable to a remote code execution attack. By default it is allowed to call any static method of any Java class in the classpath resulting in code execution. The issue can be prevented by updating to 2.7.1 or by setting the system property "hsqldb.method_class_names" to classes which are allowed to be called. For example, System.setProperty("hsqldb.method_class_names", ...
Show More |
|||||
| CVE-2022-41836 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2024-11-21 | N/A | 7.5 HIGH |
|
When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
|
|||||
| CVE-2022-41784 | 1 Intel | 1 One Boot Flash Update | 2024-11-21 | N/A | 8.8 HIGH |
|
Improper access control in kernel mode driver for the Intel(R) OFU software before version 14.1.30 may allow an authenticated user to potentially enable escalation of privilege via local access
|
|||||
| CVE-2022-41739 | 1 Ibm | 1 Spectrum Scale Container Native Storage Access | 2024-11-21 | N/A | 7.9 HIGH |
|
IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815.
|
|||||
| CVE-2022-41736 | 2 Ibm, Linux | 2 Spectrum Scale Container Native Storage Access, Linux Kernel | 2024-11-21 | N/A | 8.4 HIGH |
|
IBM Spectrum Scale Container Native Storage Access
5.1.2.1 through 5.1.6.0
contains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810.
|
|||||
| CVE-2022-41677 | 1 Bosch | 12 Cpp13, Cpp13 Firmware, Cpp14 and 9 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
An information disclosure vulnerability was discovered in Bosch IP camera devices allowing an unauthenticated attacker to retrieve information (like capabilities) about the device itself and network settings of the device, disclosing possibly internal network settings if the device is connected to the internet.
|
|||||
| CVE-2022-41655 | 1 Algolplus | 1 Phone Orders For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Auth. (subscriber+) Sensitive Data Exposure vulnerability in Phone Orders for WooCommerce plugin <= 3.7.1 on WordPress.
|
|||||
| CVE-2022-41623 | 1 Villatheme | 1 Dropshipping And Fulfillment For Aliexpress And Woocommerce | 2024-11-21 | N/A | 7.5 HIGH |
|
Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress.
|
|||||
| CVE-2022-41561 | 1 Tibco | 1 Jasperreports Server | 2024-11-21 | N/A | 9.1 CRITICAL |
|
The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition, TIBCO JasperReports Server - Developer Edition, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for Microsoft Azure, and TIBCO JasperReports Server for Microsoft Azure contains an easily exploitable vulnerability that allows a privileged/administrative attacker wi ...
Show More |
|||||
| CVE-2022-41560 | 1 Tibco | 1 Nimbus | 2024-11-21 | N/A | 6.5 MEDIUM |
|
The Statement Set Upload via the Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Denial of Service Attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0.
|
|||||
| CVE-2022-41425 | 1 Axiosys | 1 Bento4 | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4decrypt.
|
|||||
| CVE-2022-41423 | 1 Axiosys | 1 Bento4 | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Bento4 v1.6.0-639 was discovered to contain a segmentation violation in the mp4fragment component.
|
|||||