Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27812 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | N/A | 7.5 HIGH |
|
Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.
|
|||||
| CVE-2022-27775 | 5 Brocade, Debian, Haxx and 2 more | 17 Fabric Operating System, Debian Linux, Curl and 14 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
|
|||||
| CVE-2022-27672 | 1 Amd | 330 A10-9600p, A10-9600p Firmware, A10-9630p and 327 more | 2024-11-21 | N/A | 4.7 MEDIUM |
|
When SMT is enabled, certain AMD processors may speculatively execute instructions using a target
from the sibling thread after an SMT mode switch potentially resulting in information disclosure.
|
|||||
| CVE-2022-27664 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2024-11-21 | N/A | 7.5 HIGH |
|
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
|
|||||
| CVE-2022-27598 | 1 Qnap | 17 Qts, Quts Hero, Qutscloud and 14 more | 2024-11-21 | N/A | 2.7 LOW |
|
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
|
|||||
| CVE-2022-27597 | 1 Qnap | 18 Qts, Quts Hero, Qutscloud and 15 more | 2024-11-21 | N/A | 2.7 LOW |
|
A vulnerability has been reported to affect QNAP operating systems. If exploited, the out-of-bounds read vulnerability allows remote authenticated administrators to get secret values. The vulnerability affects the following QNAP operating systems: QTS, QuTS hero, QuTScloud, QVP (QVR Pro appliances) We have already fixed the vulnerability in the following versions: QTS 5.0.1.2346 build 20230322 and later QuTS hero h5.0.1.2348 build 20230324 and later
|
|||||
| CVE-2022-27578 | 1 Sick | 1 Overall Equipment Effectiveness | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content.
|
|||||
| CVE-2022-27535 | 2 Kaspersky, Microsoft | 2 Vpn Secure Connection, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker.
|
|||||
| CVE-2022-27534 | 1 Kaspersky | 6 Anti-virus, Endpoint Security, Internet Security and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies).
|
|||||
| CVE-2022-27502 | 2 Microsoft, Realvnc | 2 Windows, Vnc Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM.
|
|||||
| CVE-2022-27474 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field.
|
|||||
| CVE-2022-27452 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc.
|
|||||
| CVE-2022-27451 | 1 Mariadb | 1 Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc.
|
|||||
| CVE-2022-27449 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148.
|
|||||
| CVE-2022-27446 | 1 Mariadb | 1 Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h.
|
|||||
| CVE-2022-27445 | 2 Debian, Mariadb | 2 Debian Linux, Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc.
|
|||||
| CVE-2022-27444 | 1 Mariadb | 1 Mariadb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc.
|
|||||
| CVE-2022-27336 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php.
|
|||||
| CVE-2022-27313 | 1 Gitea | 1 Gitea | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file.
|
|||||
| CVE-2022-27257 | 1 Hubzilla | 1 Hubzilla | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter.
|
|||||
| CVE-2022-27250 | 1 Unisoc | 1 Unisoc Chipset | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data.
|
|||||
| CVE-2022-27243 | 1 Misp | 1 Misp | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.
|
|||||
| CVE-2022-27227 | 2 Fedoraproject, Powerdns | 3 Fedora, Authoritative Server, Recursor | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.
|
|||||
| CVE-2022-27191 | 3 Fedoraproject, Golang, Redhat | 5 Extra Packages For Enterprise Linux, Fedora, Ssh and 2 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
|
|||||
| CVE-2022-27185 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-11-21 | N/A | 7.5 HIGH |
|
A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.
|
|||||
| CVE-2022-27178 | 1 Tcl | 1 Linkhub Mesh Wifi Ac1200 | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.
|
|||||
| CVE-2022-27152 | 1 Roku | 11 Express, Express 4k\+, Roku Os and 8 more | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
|
Roku devices running RokuOS v9.4.0 build 4200 or earlier that uses a Realtek WiFi chip is vulnerable to Arbitrary file modification.
|
|||||
| CVE-2022-27133 | 1 Zbzcms | 1 Zbzcms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php.
|
|||||
| CVE-2022-27049 | 1 Raidrive | 1 Raidrive | 2024-11-21 | 1.9 LOW | 2.0 LOW |
|
Raidrive before v2021.12.35 allows attackers to arbitrarily move log files by pre-creating a mountpoint and log files before Raidrive is installed.
|
|||||
| CVE-2022-26966 | 3 Debian, Linux, Netapp | 17 Debian Linux, Linux Kernel, Active Iq Unified Manager and 14 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
|
|||||
| CVE-2022-26945 | 1 Hashicorp | 1 Go-getter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
go-getter up to 1.5.11 and 2.0.2 allowed protocol switching, endless redirect, and configuration bypass via abuse of custom HTTP response header processing. Fixed in 1.6.1 and 2.1.0.
|
|||||
| CVE-2022-26944 | 1 Percona | 1 Xtrabackup | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997.
|
|||||
| CVE-2022-26924 | 1 Microsoft | 1 Yet Another Reverse Proxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
YARP Denial of Service Vulnerability
|
|||||
| CVE-2022-26921 | 1 Microsoft | 1 Visual Studio Code | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
|
Visual Studio Code Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-26920 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Windows Graphics Component Information Disclosure Vulnerability
|
|||||
| CVE-2022-26919 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
|
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
|
|||||
| CVE-2022-26918 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 5.1 MEDIUM | 7.8 HIGH |
|
Windows Fax Compose Form Remote Code Execution Vulnerability
|
|||||
| CVE-2022-26917 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 5.1 MEDIUM | 7.8 HIGH |
|
Windows Fax Compose Form Remote Code Execution Vulnerability
|
|||||
| CVE-2022-26916 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 5.1 MEDIUM | 7.8 HIGH |
|
Windows Fax Compose Form Remote Code Execution Vulnerability
|
|||||
| CVE-2022-26915 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Windows Secure Channel Denial of Service Vulnerability
|
|||||