Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30722 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 6.2 MEDIUM |
|
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.
|
|||||
| CVE-2022-30708 | 1 Webmin | 1 Webmin | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
|
|||||
| CVE-2022-30703 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation.
|
|||||
| CVE-2022-30697 | 1 Acronis | 1 Snap Deploy | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 3640
|
|||||
| CVE-2022-30689 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
|
|||||
| CVE-2022-30628 | 1 Supersmart | 1 Supersmart.me - Walk Through | 2024-11-21 | N/A | 4.8 MEDIUM |
|
It was possible to download all receipts without authentication. Must first access the API https://XXXX.supersmart.me/services/v4/customer/signin to get a TOKEN. Then you can then access the API that provides invoice images based on the URL https://XXXX.supersmart.me/services/v4/invoiceImg?orderId=XXXXX
|
|||||
| CVE-2022-30616 | 1 Ibm | 1 Robotic Process Automation | 2024-11-21 | N/A | 7.2 HIGH |
|
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978.
|
|||||
| CVE-2022-30614 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | N/A | 7.5 HIGH |
|
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591.
|
|||||
| CVE-2022-30613 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
|
IBM QRadar SIEM 7.4 and 7.5 could disclose sensitive information via a local service to a privileged user. IBM X-Force ID: 227366.
|
|||||
| CVE-2022-30602 | 1 Cybozu | 1 Garoon | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.
|
|||||
| CVE-2022-30598 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it.
|
|||||
| CVE-2022-30585 | 1 Rsa | 1 Archer | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases.
|
|||||
| CVE-2022-30574 | 1 Tibco | 2 Eftl, Ftl | 2024-11-21 | N/A | 4.6 MEDIUM |
|
The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, TIBCO eFTL - Enterprise Edition, and TIBCO eFTL - Enterprise Edition contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to obtain user credentials to the affected system. Affected releases are TIBCO Software In ...
Show More |
|||||
| CVE-2022-30573 | 1 Tibco | 1 Ftl | 2024-11-21 | N/A | 6.7 MEDIUM |
|
The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through ...
Show More |
|||||
| CVE-2022-30570 | 1 Tibco | 2 Data Virtualization, Data Virtualization For Aws Marketplace | 2024-11-21 | N/A | 6.5 MEDIUM |
|
The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below.
|
|||||
| CVE-2022-30563 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet.
|
|||||
| CVE-2022-30561 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet.
|
|||||
| CVE-2022-30560 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash.
|
|||||
| CVE-2022-30532 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | N/A | 5.3 MEDIUM |
|
In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy.
|
|||||
| CVE-2022-30503 | 1 Nginx | 1 Njs | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.
|
|||||
| CVE-2022-30470 | 1 Afian | 1 Filerun | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user.
|
|||||
| CVE-2022-30453 | 1 Shopwind | 1 Shopwind | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ShopWind <= 3.4.2 has a RCE vulnerability in Database.php
|
|||||
| CVE-2022-30450 | 1 Waimairencms Project | 1 Waimairencms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php
|
|||||
| CVE-2022-30408 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img.
|
|||||
| CVE-2022-30381 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img.
|
|||||
| CVE-2022-30324 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1.
|
|||||
| CVE-2022-30323 | 1 Hashicorp | 1 Go-getter | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
|
go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0.
|
|||||
| CVE-2022-30322 | 1 Hashicorp | 1 Go-getter | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
|
go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0.
|
|||||
| CVE-2022-30307 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 3.9 LOW |
|
A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack.
|
|||||
| CVE-2022-30288 | 1 Ohler | 1 Agoo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors.
|
|||||
| CVE-2022-30286 | 1 Pyscript | 1 Pyscript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code.
|
|||||
| CVE-2022-30242 | 1 Honeywell | 2 Alerton Ascent Control Module, Alerton Ascent Control Module Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
|
Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between th ...
Show More |
|||||
| CVE-2022-30226 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
Windows Print Spooler Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-30225 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-30224 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-30223 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
|
Windows Hyper-V Information Disclosure Vulnerability
|
|||||
| CVE-2022-30222 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
|
Windows Shell Remote Code Execution Vulnerability
|
|||||
| CVE-2022-30221 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-11-21 | 5.1 MEDIUM | 8.8 HIGH |
|
Windows Graphics Component Remote Code Execution Vulnerability
|
|||||
| CVE-2022-30220 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Windows Common Log File System Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-30215 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2024-11-21 | 8.5 HIGH | 7.5 HIGH |
|
Active Directory Federation Services Elevation of Privilege Vulnerability
|
|||||