Total
29059 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27518 | 1 Citrix | 4 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated remote arbitrary code execution | |||||
| CVE-2022-27511 | 1 Citrix | 1 Application Delivery Management | 2024-11-21 | 7.8 HIGH | 8.1 HIGH |
| Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted. | |||||
| CVE-2022-27491 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 6.8 MEDIUM |
| A improper verification of source of a communication channel in Fortinet FortiOS with IPS engine version 7.201 through 7.214, 7.001 through 7.113, 6.001 through 6.121, 5.001 through 5.258 and before 4.086 allows a remote and unauthenticated attacker to trigger the sending of "blocked page" HTML data to an arbitrary victim via crafted TCP requests, potentially flooding the victim. | |||||
| CVE-2022-27411 | 1 Totolink | 2 N600r, N600r Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function. | |||||
| CVE-2022-27337 | 3 Debian, Fedoraproject, Freedesktop | 3 Debian Linux, Fedora, Poppler | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||||
| CVE-2022-27235 | 1 Supsystic | 1 Social Share Buttons | 2024-11-21 | N/A | 6.3 MEDIUM |
| Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. | |||||
| CVE-2022-27201 | 1 Jenkins | 2 Jenkins, Semantic Versioning | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | |||||
| CVE-2022-27195 | 1 Jenkins | 1 Parameterized Trigger | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2022-27176 | 1 Jscom | 3 Revoworks Browser, Revoworks Desktop, Revoworks Scvx | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment. | |||||
| CVE-2022-27170 | 1 Intel | 1 Media Software Development Kit | 2024-11-21 | N/A | 5.7 MEDIUM |
| Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-27128 | 1 Zbzcms | 1 Zbzcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts. | |||||
| CVE-2022-27048 | 1 Moxa | 40 Mgate Mb3170, Mgate Mb3170-m-sc, Mgate Mb3170-m-sc-t and 37 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| A vulnerability has been discovered in Moxa MGate which allows an attacker to perform a man-in-the-middle (MITM) attack on the device. This affects MGate MB3170 Series Firmware Version 4.2 or lower. and MGate MB3270 Series Firmware Version 4.2 or lower. and MGate MB3280 Series Firmware Version 4.1 or lower. and MGate MB3480 Series Firmware Version 3.2 or lower. | |||||
| CVE-2022-26949 | 1 Rsa | 1 Archer | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
| Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on attachments. A remote authenticated malicious user could potentially exploit this vulnerability to gain access to files that should only be allowed by extra privileges. | |||||
| CVE-2022-26905 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2022-26861 | 1 Dell | 798 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3980 and 795 more | 2024-11-21 | N/A | 7.9 HIGH |
| Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM. | |||||
| CVE-2022-26857 | 1 Dell | 1 Openmanage Enterprise | 2024-11-21 | 6.5 MEDIUM | 9.0 CRITICAL |
| Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions. | |||||
| CVE-2022-26843 | 1 Intel | 2 Oneapi Dpc\+\+\/c\+\+ Compiler, Oneapi Toolkits | 2024-11-21 | N/A | 8.3 HIGH |
| Insufficient visual distinction of homoglyphs presented to user in the Intel(R) oneAPI DPC++/C++ Compiler before version 2022.1 for Intel(R) oneAPI Toolkits before version 2022.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-26841 | 3 Intel, Linux, Microsoft | 3 Sgx Sdk, Linux Kernel, Windows | 2024-11-21 | N/A | 2.5 LOW |
| Insufficient control flow management for the Intel(R) SGX SDK software for Linux before version 2.16.100.1 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-26834 | 1 Rakuten | 1 Casa | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default. | |||||
| CVE-2022-26703 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 2.1 LOW | 2.4 LOW |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be able to access photos from the lock screen. | |||||