Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35753 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-21 | N/A | 8.1 HIGH |
|
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
|
|||||
| CVE-2022-35752 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-21 | N/A | 8.1 HIGH |
|
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
|
|||||
| CVE-2022-35750 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Win32k Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-35749 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Digital Media Receiver Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-35748 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2016, Windows Server 2019 and 2 more | 2024-11-21 | N/A | 7.5 HIGH |
|
HTTP.sys Denial of Service Vulnerability
|
|||||
| CVE-2022-35747 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability
|
|||||
| CVE-2022-35746 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Digital Media Receiver Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-35745 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-21 | N/A | 8.1 HIGH |
|
Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability
|
|||||
| CVE-2022-35744 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
|
|||||
| CVE-2022-35742 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft Outlook Denial of Service Vulnerability
|
|||||
| CVE-2022-35648 | 1 Nautilus | 4 T616, T616 Firmware, T618 and 1 more | 2024-11-21 | 2.1 LOW | 2.6 LOW |
|
Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers to cause a denial of service (fall) by connecting the power cord to a 120V circuit (which may lead to self-starting at an inopportune time).
|
|||||
| CVE-2022-35643 | 1 Ibm | 1 Powervm Virtual I\/o Server | 2024-11-21 | N/A | 9.1 CRITICAL |
|
IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956.
|
|||||
| CVE-2022-35639 | 2 Ibm, Linux | 3 Sterling Partner Engagement Manager, Sterling Partner Engagement Manager On Cloud, Linux Kernel | 2024-11-21 | N/A | 7.5 HIGH |
|
IBM Sterling Partner Engagement Manager 6.1, 6.2, and Cloud 22.2 do not limit the length of a connection which could cause the server to become unresponsive. IBM X-Force ID: 230932.
|
|||||
| CVE-2022-35637 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 and 3 more | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823.
|
|||||
| CVE-2022-35620 | 1 Dlink | 2 Dir-818l, Dir-818l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main.
|
|||||
| CVE-2022-35619 | 1 Dlink | 2 Dir-818l, Dir-818l Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main.
|
|||||
| CVE-2022-35489 | 1 Zammad | 1 Zammad | 2024-11-21 | N/A | 6.5 MEDIUM |
|
In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned.
|
|||||
| CVE-2022-35488 | 1 Zammad | 1 Zammad | 2024-11-21 | N/A | 7.5 HIGH |
|
In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim.
|
|||||
| CVE-2022-35412 | 1 Digitalguardian | 1 Digital Guardian | 2024-11-21 | 3.6 LOW | 5.1 MEDIUM |
|
Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device.
|
|||||
| CVE-2022-35403 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.)
|
|||||
| CVE-2022-35290 | 1 Sap | 1 Authenticator | 2024-11-21 | N/A | 7.5 HIGH |
|
Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted.
|
|||||
| CVE-2022-35288 | 1 Ibm | 1 Security Verify Information Queue | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Security Verify Information Queue 10.0.2 could allow a user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 230818.
|
|||||
| CVE-2022-35283 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2024-11-21 | N/A | 6.5 MEDIUM |
|
IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.
|
|||||
| CVE-2022-35228 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. This can be achieved only when a legitimate user accesses the application and a local compromise occurs, like sniffing or social engineering. On successful exploitation, the attacker can completely compromise the application.
|
|||||
| CVE-2022-35201 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.
|
|||||
| CVE-2022-35195 | 1 Testlink | 1 Testlink | 2024-11-21 | N/A | 7.2 HIGH |
|
TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php
|
|||||
| CVE-2022-35158 | 1 Tencent | 1 Tscancode | 2024-11-21 | N/A | 7.5 HIGH |
|
A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service (DoS) via a crafted lua script.
|
|||||
| CVE-2022-35019 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Advancecomp v2.3 was discovered to contain a segmentation fault.
|
|||||
| CVE-2022-35018 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Advancecomp v2.3 was discovered to contain a segmentation fault.
|
|||||
| CVE-2022-35014 | 2 Advancemame, Fedoraproject | 2 Advancecomp, Fedora | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Advancecomp v2.3 contains a segmentation fault.
|
|||||
| CVE-2022-35004 | 1 Bitbanksoftware | 1 Jpegdec | 2024-11-21 | N/A | 5.5 MEDIUM |
|
JPEGDEC commit be4843c was discovered to contain a FPE via TIFFSHORT at /src/jpeg.inl.
|
|||||
| CVE-2022-35002 | 1 Bitbanksoftware | 1 Jpegdec | 2024-11-21 | N/A | 5.5 MEDIUM |
|
JPEGDEC commit be4843c was discovered to contain a segmentation fault via TIFFSHORT at /src/jpeg.inl.
|
|||||
| CVE-2022-35000 | 1 Bitbanksoftware | 1 Jpegdec | 2024-11-21 | N/A | 5.5 MEDIUM |
|
JPEGDEC commit be4843c was discovered to contain a segmentation fault via fseek at /libio/fseek.c.
|
|||||
| CVE-2022-34983 | 1 Scu-captcha Project | 1 Scu-captcha | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The scu-captcha package in PyPI v0.0.1 to v0.0.4 included a code execution backdoor inserted by a third party.
|
|||||
| CVE-2022-34982 | 1 Eziod Project | 1 Eziod | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The eziod package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.
|
|||||
| CVE-2022-34981 | 1 Pycrowdtangle Project | 1 Pycrowdtangle | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The PyCrowdTangle package in PyPI before v0.0.1 included a code execution backdoor inserted by a third party.
|
|||||
| CVE-2022-34912 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.
|
|||||
| CVE-2022-34844 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-11-21 | N/A | 5.9 MEDIUM |
|
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not ev ...
Show More |
|||||
| CVE-2022-34829 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.
|
|||||
| CVE-2022-34774 | 1 Tabit | 1 Tabit | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover (the mail can be used to reset password).
|
|||||