Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30213 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Windows GDI+ Information Disclosure Vulnerability
|
|||||
| CVE-2022-30211 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
|
Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability
|
|||||
| CVE-2022-30209 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
|
Windows IIS Server Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-30208 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Windows Security Account Manager (SAM) Denial of Service Vulnerability
|
|||||
| CVE-2022-30206 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Windows Print Spooler Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-30203 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 4.6 MEDIUM | 7.4 HIGH |
|
Windows Boot Manager Security Feature Bypass Vulnerability
|
|||||
| CVE-2022-30202 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
|
Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-30200 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | N/A | 7.8 HIGH |
|
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
|
|||||
| CVE-2022-30196 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2019 and 1 more | 2024-11-21 | N/A | 8.2 HIGH |
|
Windows Secure Channel Denial of Service Vulnerability
|
|||||
| CVE-2022-30181 | 1 Microsoft | 1 Azure Site Recovery | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
Azure Site Recovery Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-30170 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | N/A | 7.3 HIGH |
|
Windows Credential Roaming Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-30144 | 1 Microsoft | 4 Windows 10, Windows 11, Windows 8.1 and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
|
Windows Bluetooth Service Remote Code Execution Vulnerability
|
|||||
| CVE-2022-30134 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Microsoft Exchange Server Information Disclosure Vulnerability
|
|||||
| CVE-2022-30133 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability
|
|||||
| CVE-2022-30130 | 1 Microsoft | 11 .net Framework, Windows 10, Windows 11 and 8 more | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
|
.NET Framework Denial of Service Vulnerability
|
|||||
| CVE-2022-30075 | 1 Tp-link | 2 Archer Ax50, Archer Ax50 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.
|
|||||
| CVE-2022-30063 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ftcms <=2.1 was discovered to be vulnerable to code execution attacks .
|
|||||
| CVE-2022-30060 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php
|
|||||
| CVE-2022-2909 | 1 Simple And Nice Shopping Cart Script Project | 1 Simple And Nice Shopping Cart Script | 2024-11-21 | N/A | 6.3 MEDIUM |
|
A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206845 was assigned to this vulnerability.
|
|||||
| CVE-2022-2827 | 1 Ami | 1 Megarac Sp-x | 2024-11-21 | N/A | 7.5 HIGH |
|
AMI MegaRAC User Enumeration Vulnerability
|
|||||
| CVE-2022-2806 | 2 Ovirt, Sos Project | 2 Log Collector, Sos | 2024-11-21 | N/A | 5.5 MEDIUM |
|
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev
|
|||||
| CVE-2022-2776 | 1 Gym Management System Project | 1 Gym Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A vulnerability classified as problematic has been found in SourceCodester Gym Management System. Affected is an unknown function of the file delete_user.php. The manipulation of the argument delete_user leads to denial of service. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-206172.
|
|||||
| CVE-2022-2764 | 2 Netapp, Redhat | 9 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 6 more | 2024-11-21 | N/A | 4.9 MEDIUM |
|
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.
|
|||||
| CVE-2022-2761 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An information disclosure issue in GitLab CE/EE affecting all versions from 14.4 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to use GitLab Flavored Markdown (GFM) references in a Jira issue to disclose the names of resources they don't have access to.
|
|||||
| CVE-2022-2704 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability was found in SourceCodester Simple E-Learning System. It has been declared as problematic. This vulnerability affects unknown code of the file downloadFiles.php. The manipulation of the argument download leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205828.
|
|||||
| CVE-2022-2668 | 1 Redhat | 2 Keycloak, Single Sign-on | 2024-11-21 | N/A | 7.2 HIGH |
|
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
|
|||||
| CVE-2022-2616 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.
|
|||||
| CVE-2022-2611 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
|
|||||
| CVE-2022-2576 | 1 Eclipse | 1 Californium | 2024-11-21 | N/A | 7.5 HIGH |
|
In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0.
|
|||||
| CVE-2022-2534 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 2.2 LOW |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.
|
|||||
| CVE-2022-2497 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 8.5 HIGH |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
|
|||||
| CVE-2022-2385 | 1 Kubernetes | 1 Aws-iam-authenticator | 2024-11-21 | 6.0 MEDIUM | 8.1 HIGH |
|
A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.
|
|||||
| CVE-2022-2346 | 1 Octopus | 1 Octopus Server | 2024-11-21 | N/A | 5.5 MEDIUM |
|
In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.
|
|||||
| CVE-2022-2314 | 1 Vr Calendar Project | 1 Vr Calendar | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.
|
|||||
| CVE-2022-2281 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 2.6 LOW |
|
An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.
|
|||||
| CVE-2022-2228 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
|
Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range
|
|||||
| CVE-2022-2164 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.
|
|||||
| CVE-2022-2162 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-11-21 | N/A | 8.8 HIGH |
|
Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page.
|
|||||
| CVE-2022-2104 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2024-11-21 | 7.5 HIGH | 9.9 CRITICAL |
|
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).
|
|||||
| CVE-2022-2075 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | N/A | 7.5 HIGH |
|
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
|
|||||