Total
29058 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35519 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml. | |||||
| CVE-2022-35518 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml. | |||||
| CVE-2022-35517 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-11-21 | N/A | 8.8 HIGH |
| WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml. | |||||
| CVE-2022-35276 | 1 Intel | 10 Nuc 8 Compute Element Cm8ccb, Nuc 8 Compute Element Cm8ccb Firmware, Nuc 8 Compute Element Cm8i3cb and 7 more | 2024-11-21 | N/A | 7.5 HIGH |
| Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-35246 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | N/A | 4.3 MEDIUM |
| A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 in the getS3FileUrl Meteor server method that can disclose arbitrary file upload URLs to users that should not be able to access. | |||||
| CVE-2022-35242 | 1 59sec | 1 The Leads Management System\ | 2024-11-21 | N/A | 6.5 MEDIUM |
| Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress. | |||||
| CVE-2022-35238 | 1 Brinidesigner | 1 Awesome Filterable Portfolio | 2024-11-21 | N/A | 6.5 MEDIUM |
| Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress. | |||||
| CVE-2022-34894 | 1 Jetbrains | 1 Hub | 2024-11-21 | 5.0 MEDIUM | 3.5 LOW |
| In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | |||||
| CVE-2022-34885 | 1 Motorola | 2 Mr2600, Mr2600 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code. | |||||
| CVE-2022-34869 | 1 Allied-telesis | 2 Centrecom Ar260s, Centrecom Ar260s Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. | |||||
| CVE-2022-34868 | 1 Yookassa | 1 Yukassa For Woocommerce | 2024-11-21 | N/A | 8.8 HIGH |
| Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | |||||
| CVE-2022-34854 | 1 Intel | 1 System Usage Report | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-34827 | 1 Carel | 2 Boss Mini, Boss Mini Firmware | 2024-11-21 | N/A | 9.9 CRITICAL |
| Carel Boss Mini 1.5.0 has Improper Access Control. | |||||
| CVE-2022-34672 | 2 Microsoft, Nvidia | 3 Windows, Cloud Gaming, Virtual Gpu | 2024-11-21 | N/A | 7.8 HIGH |
| NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands. | |||||
| CVE-2022-34635 | 1 Openhwgroup | 1 Cva6 | 2024-11-21 | N/A | 9.8 CRITICAL |
| The mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a does not update when the mstatus.fs field is set to Dirty. | |||||
| CVE-2022-34487 | 1 Oxilab | 1 Shortcode Addons | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | |||||
| CVE-2022-34458 | 1 Dell | 3 Alienware Update, Command Update, Update | 2024-11-21 | N/A | 6.6 MEDIUM |
| Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. | |||||
| CVE-2022-34453 | 1 Dell | 2 Xtremio X2, Xtremio X2 Firmware | 2024-11-21 | N/A | 7.6 HIGH |
| Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default. | |||||
| CVE-2022-34450 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 6.7 MEDIUM |
| PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root. | |||||
| CVE-2022-34446 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 8.8 HIGH |
| PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration. | |||||