Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28619 | 1 Hpe | 1 Control Repository Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0.
|
|||||
| CVE-2022-28617 | 1 Hp | 1 Oneview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView.
|
|||||
| CVE-2022-28590 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme.
|
|||||
| CVE-2022-28521 | 1 Zcms Project | 1 Zcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config.
|
|||||
| CVE-2022-28493 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service,
|
|||||
| CVE-2022-28492 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
|
TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login.
|
|||||
| CVE-2022-28470 | 1 Python | 1 Pypi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
|
|||||
| CVE-2022-28443 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability.
|
|||||
| CVE-2022-28387 | 1 Verbatim | 4 Executive Fingerprint Secure Ssd, Executive Fingerprint Secure Ssd Firmware, Fingerprint Secure Portable Hard Drive and 1 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650.
|
|||||
| CVE-2022-28366 | 3 Antisamy Project, Cyberneko Html Project, Htmlunit | 3 Antisamy, Cyberneko Html, Htmlunit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.
|
|||||
| CVE-2022-28327 | 2 Fedoraproject, Golang | 3 Extra Packages For Enterprise Linux, Fedora, Go | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.
|
|||||
| CVE-2022-28323 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported,
|
|||||
| CVE-2022-28209 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect.
|
|||||
| CVE-2022-28206 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights.
|
|||||
| CVE-2022-28205 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future.
|
|||||
| CVE-2022-28198 | 2 Microsoft, Nvidia | 3 Windows, Omniverse Cache, Omniverse Nucleus | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
|
NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability.
|
|||||
| CVE-2022-28184 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
|
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering.
|
|||||
| CVE-2022-28118 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in.
|
|||||
| CVE-2022-28114 | 1 Dscms Project | 1 Dscms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php.
|
|||||
| CVE-2022-28076 | 1 Seacms | 1 Seacms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings.
|
|||||
| CVE-2022-28063 | 1 Simple Bakery Shop Management System Project | 1 Simple Bakery Shop Management System | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products.
|
|||||
| CVE-2022-28056 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php.
|
|||||
| CVE-2022-27983 | 1 Ruijienetworks | 2 Rg-nbr2100g-e, Rg-nbr2100g-e Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php.
|
|||||
| CVE-2022-27982 | 1 Ruijienetworks | 2 Rg-nbr2100g-e, Rg-nbr2100g-e Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php.
|
|||||
| CVE-2022-27969 | 1 Cynet | 1 Cynet 360 | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of decoy users via a crafted GET request sent to /WebApp/DeceptionUser/GetAllDeceptionUsers.
|
|||||
| CVE-2022-27968 | 1 Cynet | 1 Cynet 360 | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of monitored files and profiles via a crafted GET request sent to /WebApp/SettingsFileMonitor/GetFileMonitorProfiles.
|
|||||
| CVE-2022-27967 | 1 Cynet | 1 Cynet 360 | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Cynet 360 Web Portal before v4.5 was discovered to allow attackers to access a list of excluded files and profiles via a crafted GET request sent to /WebApp/SettingsExclusion/GetExclusionsProfiles.
|
|||||
| CVE-2022-27948 | 1 Tesla | 6 Model 3, Model 3 Firmware, Model S and 3 more | 2024-11-21 | 3.3 LOW | 7.2 HIGH |
|
Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as intended
|
|||||
| CVE-2022-27936 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.
|
|||||
| CVE-2022-27935 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.
|
|||||
| CVE-2022-27934 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.
|
|||||
| CVE-2022-27933 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.8 MEDIUM | 8.2 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
|
|||||
| CVE-2022-27932 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
|
|||||
| CVE-2022-27931 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
|
|||||
| CVE-2022-27930 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.
|
|||||
| CVE-2022-27929 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.
|
|||||
| CVE-2022-27928 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
|
|||||
| CVE-2022-27911 | 1 Joomla | 1 Joomla\! | 2024-11-21 | N/A | 5.3 MEDIUM |
|
An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing '_JEXEC or die check' caused by the PSR12 changes.
|
|||||
| CVE-2022-27909 | 1 Jdownloads | 1 Jdownloads | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
In Joomla component 'jDownloads 3.9.8.2 Stable' the remote user can change some parameters in the address bar and see the names of other users' files
|
|||||
| CVE-2022-27813 | 1 Motorola | 4 Mtm5400, Mtm5400 Firmware, Mtm5500 and 1 more | 2024-11-21 | N/A | 8.1 HIGH |
|
Motorola MTM5000 series firmwares lack properly configured memory protection of pages shared between the OMAP-L138 ARM and DSP cores. The SoC provides two memory protection units, MPU1 and MPU2, to enforce the trust boundary between the two cores. Since both units are left unconfigured by the firmwares, an adversary with control over either core can trivially gain code execution on the other, by overwriting code located in shared RAM or DDR2 memory regions.
|
|||||