Total
29058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41777 | 1 Kujirahand | 1 Nadesiko3 | 2024-11-21 | N/A | 7.5 HIGH |
| Improper check or handling of exceptional conditions vulnerability in Nako3edit, editor component of nadesiko3 (PC Version) v3.3.74 and earlier allows a remote attacker to inject an invalid value to decodeURIComponent of nako3edit, which may lead the server to crash. | |||||
| CVE-2022-41769 | 1 Intel | 1 Connect M | 2024-11-21 | N/A | 4.8 MEDIUM |
| Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41723 | 1 Golang | 3 Go, Hpack, Http2 | 2024-11-21 | N/A | 7.5 HIGH |
| A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | |||||
| CVE-2022-41716 | 2 Golang, Microsoft | 2 Go, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D". | |||||
| CVE-2022-41715 | 1 Golang | 1 Go | 2024-11-21 | N/A | 7.5 HIGH |
| Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. | |||||
| CVE-2022-41690 | 1 Intel | 1 Retail Edge Program | 2024-11-21 | N/A | 7.1 HIGH |
| Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41689 | 1 Intel | 1 In-band Manageability | 2024-11-21 | N/A | 7.3 HIGH |
| Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41659 | 1 Intel | 1 Unison | 2024-11-21 | N/A | 1.9 LOW |
| Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-41646 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2024-11-21 | N/A | 4.7 MEDIUM |
| Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-41621 | 1 Intel | 1 Quickassist Technology | 2024-11-21 | N/A | 3.3 LOW |
| Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-41505 | 1 Tp-link | 2 Tapo C200 V1, Tapo C200 V1 Firmware | 2024-11-21 | N/A | 6.4 MEDIUM |
| An access control issue on TP-LInk Tapo C200 V1 devices allows physically proximate attackers to obtain root access by connecting to the UART pins, interrupting the boot process, and setting an init=/bin/sh value. | |||||
| CVE-2022-41446 | 1 Record Management System Project | 1 Record Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
| An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data. | |||||
| CVE-2022-41326 | 1 Mitel | 1 Micollab | 2024-11-21 | N/A | 9.8 CRITICAL |
| The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. | |||||
| CVE-2022-41323 | 1 Djangoproject | 1 Django | 2024-11-21 | N/A | 7.5 HIGH |
| In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. | |||||
| CVE-2022-41261 | 2 Microsoft, Sap | 2 Windows, Solution Manager | 2024-11-21 | N/A | 6.0 MEDIUM |
| SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized. | |||||
| CVE-2022-41235 | 1 Jenkins | 1 Wildfly Deployer | 2024-11-21 | N/A | 5.3 MEDIUM |
| Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2022-40972 | 1 Intel | 1 Quickassist Technology | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-40964 | 3 Debian, Fedoraproject, Intel | 17 Debian Linux, Fedora, Killer and 14 more | 2024-11-21 | N/A | 7.9 HIGH |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-40843 | 1 Tenda | 2 Ac1200 V-w15ev2, W15e Firmware | 2024-11-21 | N/A | 4.9 MEDIUM |
| The Tenda AC1200 V-W15Ev2 V15.11.0.10(1576) router is vulnerable to improper authorization / improper session management that allows the router login page to be bypassed. This leads to authenticated attackers having the ability to read the routers syslog.log file which contains the MD5 password of the Administrator's user account. | |||||
| CVE-2022-40812 | 1 Democritus Pdfs Project | 1 Democritus Pdfs | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | |||||