Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38015 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Windows Hyper-V Denial of Service Vulnerability
|
|||||
| CVE-2022-38012 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 7.7 HIGH |
|
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
|
|||||
| CVE-2022-38010 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Office Visio Remote Code Execution Vulnerability
|
|||||
| CVE-2022-38009 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
|||||
| CVE-2022-38008 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
|||||
| CVE-2022-38006 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Windows Graphics Component Information Disclosure Vulnerability
|
|||||
| CVE-2022-38005 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Print Spooler Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-38004 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Fax Service Remote Code Execution Vulnerability
|
|||||
| CVE-2022-37992 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Group Policy Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-37964 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-37963 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft Office Visio Remote Code Execution Vulnerability
|
|||||
| CVE-2022-37962 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2024-11-21 | N/A | 7.8 HIGH |
|
Microsoft PowerPoint Remote Code Execution Vulnerability
|
|||||
| CVE-2022-37961 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | N/A | 8.8 HIGH |
|
Microsoft SharePoint Server Remote Code Execution Vulnerability
|
|||||
| CVE-2022-37958 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-11-21 | N/A | 8.1 HIGH |
|
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
|
|||||
| CVE-2022-37957 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-37956 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-37955 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Group Policy Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-37954 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2024-11-21 | N/A | 7.8 HIGH |
|
DirectX Graphics Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-37939 | 1 Hpe | 4 Superdome Flex 280 Server, Superdome Flex 280 Server Firmware, Superdome Flex Server and 1 more | 2024-11-21 | N/A | 2.3 LOW |
|
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.
|
|||||
| CVE-2022-37932 | 1 Hpe | 38 Officeconnect 1820 J9979a, Officeconnect 1820 J9979a Firmware, Officeconnect 1820 J9980a and 35 more | 2024-11-21 | N/A | 8.8 HIGH |
|
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;
|
|||||
| CVE-2022-37923 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2024-11-21 | N/A | 7.2 HIGH |
|
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
|
|||||
| CVE-2022-37922 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2024-11-21 | N/A | 7.2 HIGH |
|
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
|
|||||
| CVE-2022-37921 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2024-11-21 | N/A | 7.2 HIGH |
|
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
|
|||||
| CVE-2022-37920 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2024-11-21 | N/A | 7.2 HIGH |
|
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
|
|||||
| CVE-2022-37919 | 1 Arubanetworks | 1 Edgeconnect Enterprise | 2024-11-21 | N/A | 7.5 HIGH |
|
A vulnerability exists in the API of Aruba EdgeConnect Enterprise. An unauthenticated attacker can exploit this condition via the web-based management interface to create a denial-of-service condition which prevents the appliance from properly responding to API requests in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below;
|
|||||
| CVE-2022-37895 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2024-11-21 | N/A | 4.9 MEDIUM |
|
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3. ...
Show More |
|||||
| CVE-2022-37894 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3. ...
Show More |
|||||
| CVE-2022-37861 | 1 Tenhot | 2 Tws-100, Tws-100 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component.
|
|||||
| CVE-2022-37779 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2024-11-21 | N/A | 7.2 HIGH |
|
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the sendnum parameter of the ping function.
|
|||||
| CVE-2022-37778 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2024-11-21 | N/A | 7.2 HIGH |
|
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the current_time parameter of the time function.
|
|||||
| CVE-2022-37777 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2024-11-21 | N/A | 7.2 HIGH |
|
Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert function.
|
|||||
| CVE-2022-37661 | 1 Adtran | 4 Sr506n, Sr506n Firmware, Sr510n and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature.
|
|||||
| CVE-2022-37450 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022.
|
|||||
| CVE-2022-37439 | 1 Splunk | 2 Splunk, Universal Forwarder | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.
|
|||||
| CVE-2022-37438 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 2.6 LOW |
|
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
|
|||||
| CVE-2022-37416 | 1 Ittiam | 1 Libmpeg2 | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8.
|
|||||
| CVE-2022-37396 | 1 Jetbrains | 1 Rider | 2024-11-21 | N/A | 4.1 MEDIUM |
|
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution
|
|||||
| CVE-2022-37394 | 1 Openstack | 1 Nova | 2024-11-21 | N/A | 3.3 LOW |
|
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected.
|
|||||
| CVE-2022-37393 | 1 Zimbra | 1 Collaboration | 2024-11-21 | N/A | 7.8 HIGH |
|
Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root.
|
|||||
| CVE-2022-37336 | 1 Intel | 52 Nuc 10 Performance Kit Nuc10i3fnh, Nuc 10 Performance Kit Nuc10i3fnh Firmware, Nuc 10 Performance Kit Nuc10i3fnhf and 49 more | 2024-11-21 | N/A | 7.9 HIGH |
|
Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||