Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25255 | 3 Linux, Opengroup, Qt | 3 Linux Kernel, Unix, Qt | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
|
|||||
| CVE-2022-25204 | 1 Jenkins | 1 Doktor | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists.
|
|||||
| CVE-2022-25186 | 1 Jenkins | 1 Hashicorp Vault | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key.
|
|||||
| CVE-2022-25183 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists.
|
|||||
| CVE-2022-25182 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured.
|
|||||
| CVE-2022-25181 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists.
|
|||||
| CVE-2022-25167 | 1 Apache | 1 Flume | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.
|
|||||
| CVE-2022-25153 | 1 Itarian | 1 Endpoint Manager Communication Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup.
|
|||||
| CVE-2022-25152 | 1 Itarian | 2 On-premise, Saas Service Desk | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
|
The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and ful ...
Show More |
|||||
| CVE-2022-25101 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-25099 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2022-25098 | 1 Ectouch | 1 Ectouch | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter.
|
|||||
| CVE-2022-25095 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.
|
|||||
| CVE-2022-25094 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php.
|
|||||
| CVE-2022-24974 | 1 Menlosecurity | 1 Email Isolation | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Links may not be rewritten according to policy in some specially formatted emails.
|
|||||
| CVE-2022-24972 | 1 Tp-link | 2 Tl-wr940n, Tl-wr940n Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
|
This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n (5553) routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on TCP port 80 by default. The issue results from the lack of proper access control. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. ...
Show More |
|||||
| CVE-2022-24961 | 1 Portainer | 1 Portainer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days.
|
|||||
| CVE-2022-24934 | 1 Wps | 1 Wps Office | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
|
|||||
| CVE-2022-24929 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
|
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.
|
|||||
| CVE-2022-24928 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 5.9 MEDIUM |
|
Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP.
|
|||||
| CVE-2022-24916 | 1 Optimism | 1 Eth-optimism\/l2geth | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Optimism before @eth-optimism/[email protected] allows economic griefing because a balance is duplicated upon contract self-destruction.
|
|||||
| CVE-2022-24905 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 2.6 LOW | 4.3 MEDIUM |
|
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on (SSO) is enabled. In order to exploit this vulnerability, an attacker would have to trick the victim to visit a specially crafted URL which contains the message to be displayed. As far as the research of the Argo CD team concluded, it is not possible to spec ...
Show More |
|||||
| CVE-2022-24822 | 1 Finn | 2 Podium Layout, Podium Proxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Podium is a library for building micro frontends. @podium/layout is a module for building a Podium layout server, and @podium/proxy is a module for proxying HTTP requests from a layout server to a podlet server. In @podium/layout prior to version 4.6.110 and @podium/proxy prior to version 4.2.74, an attacker using the `Trailer` header as part of the request against proxy endpoints has the ability to take down the server. All Podium layouts that include podlets with proxy endpoints are affected. ...
Show More |
|||||
| CVE-2022-24753 | 2 Microsoft, Stripe | 2 Windows, Stripe Cli | 2024-11-21 | 4.4 MEDIUM | 7.7 HIGH |
|
Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. The update addresses the vulnerability by throwing an error in ...
Show More |
|||||
| CVE-2022-24750 | 1 Uvnc | 1 Ultravnc | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
|
UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.1. Users unable to upgrade should not install and run UltraVNC server as a service. It is adv ...
Show More |
|||||
| CVE-2022-24696 | 1 Mirametrix | 1 Glance | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites.
|
|||||
| CVE-2022-24687 | 1 Hashicorp | 1 Consul | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3.
|
|||||
| CVE-2022-24684 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6.
|
|||||
| CVE-2022-24683 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.
|
|||||
| CVE-2022-24677 | 1 Hyphp | 1 Hybbs2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php.
|
|||||
| CVE-2022-24611 | 1 Silabs | 10 Sd3502, Sd3502 Firmware, Sd3503 and 7 more | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
|
Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs.
|
|||||
| CVE-2022-24550 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Windows Telephony Server Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-24549 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows AppX Package Manager Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-24548 | 1 Microsoft | 1 Malware Protection Engine | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Microsoft Defender Denial of Service Vulnerability
|
|||||
| CVE-2022-24547 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Digital Media Receiver Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-24546 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows DWM Core Library Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-24545 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 5.1 MEDIUM | 8.1 HIGH |
|
Windows Kerberos Remote Code Execution Vulnerability
|
|||||
| CVE-2022-24544 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Kerberos Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-24543 | 1 Microsoft | 1 Windows Upgrade Assistant | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Windows Upgrade Assistant Remote Code Execution Vulnerability
|
|||||
| CVE-2022-24542 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Windows Win32k Elevation of Privilege Vulnerability
|
|||||