Total
9854 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22163 | 1 Juniper | 1 Junos | 2024-11-21 | 2.9 LOW | 7.4 HIGH |
| An Improper Input Validation vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS). If a device is configured as DHCPv6 local server and persistent storage is enabled, jdhcpd will crash when receiving a specific DHCPv6 message. This issue affects: Juniper Networks Junos OS All versions prior to 15.1R7-S11; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S3; 19.4 versions prior to 19.4R3-S5; 20.1 versions prior to 20.1R3-S1; 20.2 versions prior to 20.2R3-S2; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2; 21.2 versions prior to 21.2R2. | |||||
| CVE-2022-21696 | 1 Onionshare | 1 Onionshare | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions it is possible to change the username to that of another chat participant with an additional space character at the end of the name string. An adversary with access to the chat environment can use the rename feature to impersonate other participants by adding whitespace characters at the end of the username. | |||||
| CVE-2022-21687 | 1 Github | 1 Gh-ost | 2024-11-21 | 4.3 MEDIUM | 6.8 MEDIUM |
| gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost, plus network access from host running gh-ost to the attack's malicious MySQL server. The `-database` parameter does not properly sanitize user input which can lead to arbitrary file reads. | |||||
| CVE-2022-21212 | 1 Intel | 18 Proset Wi-fi 6e Ax210, Proset Wi-fi 6e Ax210 Firmware, Wi-fi 6 Ax200 and 15 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper input validation for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2022-21197 | 1 Intel | 18 Proset Wi-fi 6e Ax210, Proset Wi-fi 6e Ax210 Firmware, Wi-fi 6 Ax200 and 15 more | 2024-11-21 | N/A | 7.5 HIGH |
| Improper input validation for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2022-21181 | 1 Intel | 14 Dual Band Wireless-ac 8260, Dual Band Wireless-ac 8260 Firmware, Dual Band Wireless-ac 8265 and 11 more | 2024-11-21 | N/A | 7.8 HIGH |
| Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-21180 | 1 Intel | 814 Celeron 5305u, Celeron 5305u Firmware, Celeron G3900 and 811 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. | |||||
| CVE-2022-21144 | 1 Libxmljs Project | 1 Libxmljs | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash. | |||||
| CVE-2022-21136 | 1 Intel | 292 Core I9-7900x, Core I9-7900x Firmware, Core I9-7920x and 289 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-20945 | 1 Cisco | 8 Catalyst 9800-40, Catalyst 9800-40 Firmware, Catalyst 9800-80 and 5 more | 2024-11-21 | N/A | 7.4 HIGH |
| A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition. | |||||
| CVE-2022-20924 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-11-21 | N/A | 7.7 HIGH |
| A vulnerability in the Simple Network Management Protocol (SNMP) feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | |||||
| CVE-2022-20913 | 1 Cisco | 1 Nexus Dashboard | 2024-11-21 | N/A | 4.9 MEDIUM |
| A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device. | |||||
| CVE-2022-20909 | 1 Cisco | 1 Nexus Dashboard | 2024-11-21 | N/A | 6.0 MEDIUM |
| Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device. | |||||
| CVE-2022-20908 | 1 Cisco | 1 Nexus Dashboard | 2024-11-21 | N/A | 6.0 MEDIUM |
| Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device. | |||||
| CVE-2022-20850 | 1 Cisco | 14 1100-4g Integrated Services Router, 1100-6g Integrated Services Router, 1100 Integrated Services Router and 11 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. | |||||
| CVE-2022-20842 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2024-11-21 | N/A | 9.0 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20841 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2024-11-21 | N/A | 9.0 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20822 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | N/A | 7.1 HIGH |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to read and delete files on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains certain character sequences to an affected system. A successful exploit could allow the attacker to read or delete specific files on the device that their configured administrative level should not have access to. Cisco plans to release software updates that address this vulnerability. | |||||
| CVE-2022-20784 | 1 Cisco | 1 Web Security Appliance | 2024-11-21 | 5.0 MEDIUM | 5.8 MEDIUM |
| A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to incorrect handling of certain character combinations inserted into a URL. An attacker could exploit this vulnerability by sending crafted URLs to be processed by an affected device. A successful exploit could allow the attacker to bypass the web proxy and access web content that has been blocked by policy. | |||||
| CVE-2022-20783 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted H.323 traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to either reboot normally or reboot into maintenance mode, which could result in a DoS condition on the device. | |||||