Total
495 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-44030 | 1 Redmine | 1 Redmine | 2024-11-21 | N/A | 7.5 HIGH |
Redmine 5.x before 5.0.4 allows downloading of file attachments of any Issue or any Wiki page due to insufficient permission checks. Depending on the configuration, this may require login as a registered user. | |||||
CVE-2022-41917 | 1 Amazon | 1 Opensearch | 2024-11-21 | N/A | 4.3 MEDIUM |
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of potentially impacted files is limited to text files with read permissions allowed in the Java Security Manager policy configuration. OpenSearch version 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
CVE-2022-3279 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 2.7 LOW |
An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs | |||||
CVE-2022-3175 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 5.3 MEDIUM |
Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2. | |||||
CVE-2022-39912 | 1 Google | 1 Android | 2024-11-21 | N/A | 6.2 MEDIUM |
Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. | |||||
CVE-2022-39886 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.9 MEDIUM |
Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. | |||||
CVE-2022-39885 | 1 Google | 1 Android | 2024-11-21 | N/A | 5.9 MEDIUM |
Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. | |||||
CVE-2022-39872 | 1 Samsung | 1 Sharelive | 2024-11-21 | N/A | 5.9 MEDIUM |
Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device. | |||||
CVE-2022-39380 | 1 Wire | 1 Wire-webapp | 2024-11-21 | N/A | 5.3 MEDIUM |
Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it impossible to display the affected chat history, other conversations are not affected. The issue has been fixed in version 2022-11-02 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-11-02-production.0-v0.31.9-0-337e400 or wire-server 2022-11-03 (chart/4.26.0), so that their applications are no longer affected. As a workaround, you may use an iOS or Android client and delete the corresponding message from the history OR write 30 or more messages into the affected conversation to prevent the client from further rendering of the corresponding message. When attempting to retrieve messages from the conversation history, the error will continue to occur once the malformed message is part of the result. | |||||
CVE-2022-39271 | 1 Traefik | 1 Traefik | 2024-11-21 | N/A | 7.5 HIGH |
Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds. | |||||
CVE-2022-36923 | 1 Zohocorp | 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more | 2024-11-21 | N/A | 7.5 HIGH |
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs. | |||||
CVE-2022-36874 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | N/A | 5.9 MEDIUM |
Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number. | |||||
CVE-2022-36287 | 1 Intel | 1 Field Programmable Gate Array Crypto Service Server | 2024-11-21 | N/A | 4.0 MEDIUM |
Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access. | |||||
CVE-2022-36031 | 1 Monospace | 1 Directus | 2024-11-21 | N/A | 6.5 MEDIUM |
Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`. | |||||
CVE-2022-35295 | 1 Sap | 1 Host Agent | 2024-11-21 | N/A | 4.9 MEDIUM |
In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. | |||||
CVE-2022-35268 | 1 Robustel | 2 R1510, R1510 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API. | |||||
CVE-2022-34849 | 2 Intel, Microsoft | 2 Iris Xe Max Dedicated Graphics, Windows | 2024-11-21 | N/A | 4.4 MEDIUM |
Uncaught exception in the Intel(R) Iris(R) Xe MAX drivers for Windows before version 100.0.5.1436(v2) may allow a privileged user to potentially enable denial of service via local access. | |||||
CVE-2022-34643 | 1 Riscv | 1 Spike Risc-v Isa Simulator | 2024-11-21 | N/A | 5.5 MEDIUM |
RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory. | |||||
CVE-2022-34641 | 2 Boom-core, Openhwgroup | 2 Riscvc-boom, Cva6 | 2024-11-21 | N/A | 5.5 MEDIUM |
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation. | |||||
CVE-2022-34639 | 1 Openhwgroup | 1 Cva6 | 2024-11-21 | N/A | 5.5 MEDIUM |
CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illegal which can affect the function of the application. |