Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41048 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft ODBC Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2022-41047 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft ODBC Driver Remote Code Execution Vulnerability
|
|||||
| CVE-2022-40980 | 1 Trendmicro | 1 Mobile Security | 2024-11-21 | N/A | 9.1 CRITICAL |
|
A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2.
|
|||||
| CVE-2022-40922 | 1 Lief-project | 1 Lief | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.
|
|||||
| CVE-2022-40736 | 1 Axiosys | 1 Bento4 | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4_CttsAtom::Create in Core/Ap4CttsAtom.cpp.
|
|||||
| CVE-2022-40696 | 1 Advancedcustomfields | 1 Advanced Custom Fields | 2024-11-21 | N/A | 3.7 LOW |
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Engine Advanced Custom Fields (ACF).This issue affects Advanced Custom Fields (ACF): from 3.1.1 through 6.0.2.
|
|||||
| CVE-2022-40675 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Some cryptographic issues in Fortinet FortiNAC versions 9.4.0 through 9.4.1, 9.2.0 through 9.2.7, 9.1.0 through 9.1.8, 8.8.0 through 8.8.11, 8.7.0 through 8.7.6, 8.6.0 through 8.6.5, 8.5.0 through 8.5.4, 8.3.7 may allow an attacker to decrypt and forge protocol communication messages.
|
|||||
| CVE-2022-40629 | 1 Tacitine | 4 En6200-prime Quad-100, En6200-prime Quad-100 Firmware, En6200-prime Quad-35 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to insecure design in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to view sensitive information on the targ ...
Show More |
|||||
| CVE-2022-40337 | 1 Aspiresoftware | 1 Open Aviation Strategic Engineering System | 2024-11-21 | N/A | 8.8 HIGH |
|
OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu.
|
|||||
| CVE-2022-40233 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | N/A | 6.2 MEDIUM |
|
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599.
|
|||||
| CVE-2022-40141 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | N/A | 7.5 HIGH |
|
A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server.
|
|||||
| CVE-2022-3962 | 2 Kiali, Redhat | 5 Kiali, Enterprise Linux, Enterprise Linux For Ibm Z Systems and 2 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
|
|||||
| CVE-2022-3752 | 1 Rockwellautomation | 10 Compact Guardlogix 5380, Compact Guardlogix 5380 Firmware, Compactlogix 5380 and 7 more | 2024-11-21 | N/A | 8.6 HIGH |
|
An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic
loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload
the user project file to bring the device back online and continue normal operation.
|
|||||
| CVE-2022-3726 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account.
|
|||||
| CVE-2022-3702 | 1 Lenovo | 3 Hardware Scan Addin, Hardware Scan Plugin, System Update Plugin | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A denial of service vulnerability was reported in Lenovo Vantage HardwareScan Plugin version 1.3.0.5 and earlier that could allow a local attacker to delete contents of an arbitrary directory under certain conditions.
|
|||||
| CVE-2022-3698 | 1 Lenovo | 2 Diagnostics, Hardwarescan Plugin | 2024-11-21 | N/A | 4.4 MEDIUM |
|
A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to
1.3.1.2
and
Lenovo Diagnostics versions prior to 4.45
that could allow a local user with administrative access to trigger a system crash.
|
|||||
| CVE-2022-3685 | 1 Hitachienergy | 1 Sdm600 | 2024-11-21 | N/A | 7.5 HIGH |
|
A vulnerability exists in the SDM600 software. The software operates at a privilege level that is higher than the minimum level required. An attacker who successfully exploits this vulnerability can escalate privileges.
This issue affects: All SDM600 versions prior to version 1.3.0.
List of CPEs:
* cpe:2.3:a:hitachienergy:sdm600:1.0:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.1:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:sdm600:1.2:*:*:*:*:*:*:*
* cpe:2.3:a:hitachienergy:s ...
Show More |
|||||
| CVE-2022-3596 | 1 Redhat | 1 Openstack Platform | 2024-11-21 | N/A | 7.5 HIGH |
|
An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials.
|
|||||
| CVE-2022-3512 | 1 Cloudflare | 1 Warp | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.
|
|||||
| CVE-2022-3483 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
|
|||||
| CVE-2022-3479 | 1 Mozilla | 1 Network Security Services | 2024-11-21 | N/A | 7.5 HIGH |
|
A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash.
|
|||||
| CVE-2022-3447 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2022-3429 | 1 Lenovo | 6 G263dns, G263dns Firmware, Gm265dn and 3 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A denial-of-service vulnerability was found in the firmware used in Lenovo printers, where users send illegal or malformed strings to an open port, triggering a denial of service that causes a display error and prevents the printer from functioning properly.
|
|||||
| CVE-2022-3405 | 3 Acronis, Linux, Microsoft | 4 Cyber Backup, Cyber Protect, Linux Kernel and 1 more | 2024-11-21 | N/A | 8.8 HIGH |
|
Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
|
|||||
| CVE-2022-3351 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks.
|
|||||
| CVE-2022-3294 | 1 Kubernetes | 1 Kubernetes | 2024-11-21 | N/A | 6.6 MEDIUM |
|
Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. B ...
Show More |
|||||
| CVE-2022-3217 | 1 Visam | 1 Vbase | 2024-11-21 | N/A | 7.5 HIGH |
|
When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials.
|
|||||
| CVE-2022-3185 | 1 Dataprobe | 24 Iboot-pdu4-n20, Iboot-pdu4-n20 Firmware, Iboot-pdu4a-n15 and 21 more | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device.
|
|||||
| CVE-2022-3171 | 2 Fedoraproject, Google | 6 Fedora, Google-protobuf, Protobuf-java and 3 more | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above.
|
|||||
| CVE-2022-3157 | 1 Rockwellautomation | 12 Compact Guardlogix 5370, Compact Guardlogix 5370 Firmware, Compact Guardlogix 5380 and 9 more | 2024-11-21 | N/A | 8.6 HIGH |
|
A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS).
|
|||||
| CVE-2022-3095 | 2 Dart, Flutter | 2 Dart Software Development Kit, Flutter | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The implementation of backslash parsing in the Dart URI class for versions prior to 2.18 and Flutter versions prior to 3.30 differs from the WhatWG URL standards. Dart uses the RFC 3986 syntax, which creates incompatibilities with the '\' characters in URIs, which can lead to auth bypass in webapps interpreting URIs. We recommend updating Dart or Flutter to mitigate the issue.
|
|||||
| CVE-2022-3080 | 2 Fedoraproject, Isc | 2 Fedora, Bind | 2024-11-21 | N/A | 7.5 HIGH |
|
By sending specific queries to the resolver, an attacker can cause named to crash.
|
|||||
| CVE-2022-3027 | 1 Contechealth | 2 Cms8000, Cms8000 Firmware | 2024-11-21 | N/A | 5.7 MEDIUM |
|
The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. A threat actor could create an SSID with a malicious name, including non-standard characters that, when the device attempts connecting to the malicious SSID, the device can be exploited to write arbitrary files or display incorrect information.
|
|||||
| CVE-2022-39875 | 1 Samsung | 1 Account | 2024-11-21 | N/A | 5.1 MEDIUM |
|
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
|
|||||
| CVE-2022-39863 | 1 Samsung | 1 Account | 2024-11-21 | N/A | 3.6 LOW |
|
Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.
|
|||||
| CVE-2022-39859 | 1 Samsung | 1 Uphelper Library | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent.
|
|||||
| CVE-2022-39830 | 1 Samsung | 1 Mtower | 2024-11-21 | N/A | 7.5 HIGH |
|
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.
|
|||||
| CVE-2022-39828 | 1 Samsung | 1 Mtower | 2024-11-21 | N/A | 7.5 HIGH |
|
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.
|
|||||
| CVE-2022-39429 | 1 Oracle | 1 Java Virtual Machine | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java VM. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/ ...
Show More |
|||||
| CVE-2022-39428 | 1 Oracle | 1 Web Applications Desktop Integrator | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Avai ...
Show More |
|||||