Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2074 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | N/A | 7.5 HIGH |
|
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
|
|||||
| CVE-2022-2049 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | N/A | 7.5 HIGH |
|
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
|
|||||
| CVE-2022-2013 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Deploy | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.
|
|||||
| CVE-2022-29950 | 1 Experian | 1 Hunter | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed
|
|||||
| CVE-2022-29935 | 1 Usu | 1 Oracle Optimization | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product.
|
|||||
| CVE-2022-29891 | 1 Cybozu | 1 Office | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.
|
|||||
| CVE-2022-29885 | 3 Apache, Debian, Oracle | 3 Tomcat, Debian Linux, Hospitality Cruise Shipboard Property Management System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks.
|
|||||
| CVE-2022-29871 | 1 Intel | 431 Atom X5-e3930, Atom X5-e3940, Atom X6200fe and 428 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-29859 | 1 Amb1 Sdk Project | 1 Amb1 Sdk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data.
|
|||||
| CVE-2022-29849 | 1 Progress | 1 Openedge | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system.
|
|||||
| CVE-2022-29846 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number.
|
|||||
| CVE-2022-29798 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Successful exploitation could cause denial of service.
|
|||||
| CVE-2022-29796 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
|
|||||
| CVE-2022-29793 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability.
|
|||||
| CVE-2022-29792 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2022-29791 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.
|
|||||
| CVE-2022-29790 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.
|
|||||
| CVE-2022-29789 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services.
|
|||||
| CVE-2022-29784 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java.
|
|||||
| CVE-2022-29780 | 1 Nginx | 1 Njs | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c.
|
|||||
| CVE-2022-29779 | 1 Nginx | 1 Njs | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c.
|
|||||
| CVE-2022-29778 | 1 Dlink | 2 Dir-890l, Dir-890l Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php
|
|||||
| CVE-2022-29619 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
|
Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted.
|
|||||
| CVE-2022-29614 | 1 Sap | 2 Host Agent, Netweaver Abap | 2024-11-21 | 4.6 MEDIUM | 5.0 MEDIUM |
|
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.
|
|||||
| CVE-2022-29586 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2024-11-21 | 6.9 MEDIUM | 7.4 HIGH |
|
Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode.
|
|||||
| CVE-2022-29562 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2024-11-21 | N/A | 3.7 LOW |
|
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < ...
Show More |
|||||
| CVE-2022-29546 | 1 Htmlunit | 1 Htmlunit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product.
|
|||||
| CVE-2022-29505 | 1 Linecorp | 1 Line | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation.
|
|||||
| CVE-2022-29405 | 1 Apache | 1 Archiva | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
|
|||||
| CVE-2022-29264 | 1 Coreboot | 1 Coreboot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur.
|
|||||
| CVE-2022-29262 | 1 Intel | 66 Compute Module Hns2600bpb, Compute Module Hns2600bpb24, Compute Module Hns2600bpb24 Firmware and 63 more | 2024-11-21 | N/A | 7.9 HIGH |
|
Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2022-29257 | 1 Electronjs | 1 Electron | 2024-11-21 | 6.5 MEDIUM | 6.6 MEDIUM |
|
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto up ...
Show More |
|||||
| CVE-2022-29241 | 1 Jupyter | 1 Jupyter Server | 2024-11-21 | 9.0 HIGH | 7.1 HIGH |
|
Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cros ...
Show More |
|||||
| CVE-2022-29177 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack.
|
|||||
| CVE-2022-29147 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 3.1 LOW |
|
Microsoft Edge (Chromium-based) Spoofing Vulnerability
|
|||||
| CVE-2022-29146 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 8.3 HIGH |
|
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-29144 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 7.5 HIGH |
|
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-29014 | 1 Razer | 2 Sila, Sila Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files.
|
|||||
| CVE-2022-28995 | 1 Yogeshojha | 1 Rengine | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.
|
|||||
| CVE-2022-28987 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login.
|
|||||