Total
29060 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21157 | 1 Intel | 1 Smart Campus | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-21153 | 1 Intel | 1 Capital Global Summit | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control in the Intel(R) Capital Global Summit Android application may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-21152 | 1 Intel | 1 Edge Insights For Industrial | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-21151 | 3 Debian, Intel, Netapp | 796 Debian Linux, Celeron J1750, Celeron J1750 Firmware and 793 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-21148 | 1 Intel | 1 Edge Insights For Industrial | 2024-11-21 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-21140 | 1 Intel | 36 Dual Band Wireless-ac 3165, Dual Band Wireless-ac 3165 Firmware, Dual Band Wireless-ac 3168 and 33 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2022-21131 | 1 Intel | 292 Core I9-7900x, Core I9-7900x Firmware, Core I9-7920x and 289 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-21129 | 1 Paypal | 1 Nemo-appium | 2024-11-21 | N/A | 7.4 HIGH |
| Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies. | |||||
| CVE-2022-21128 | 1 Intel | 1 Advisor | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-20965 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to take privileges actions within the web-based management interface. This vulnerability is due to improper access control on a feature within the web-based management interface of the affected system. An attacker could exploit this vulnerability by accessing features through direct requests, bypassing checks within the application. A successful exploit could allow the attacker to take privileged actions within the web-based management interface that should be otherwise restricted. {{value}} ["%7b%7bvalue%7d%7d"])}]] | |||||
| CVE-2022-20956 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | N/A | 7.1 HIGH |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass authorization and access system files. This vulnerability is due to improper access control in the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to list, download, and delete certain files that they should not have access to. Cisco plans to release software updates that address this vulnerability. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-access-contol-EeufSUCx"] | |||||
| CVE-2022-20949 | 1 Cisco | 1 Firepower Threat Defense | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability in the management web server of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly restricted on an affected device. An attacker could exploit this vulnerability by sending specific messages to the affected HTTPS handler. A successful exploit could allow the attacker to perform configuration changes on the affected system, which should be configured and managed only through Cisco Firepower Management Center (FMC) Software. | |||||
| CVE-2022-20943 | 1 Cisco | 3 Cyber Vision, Firepower Threat Defense, Meraki Mx Security Appliance Firmware | 2024-11-21 | N/A | 5.8 MEDIUM |
| Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected. | |||||
| CVE-2022-20933 | 1 Cisco | 46 Meraki Mx100, Meraki Mx100 Firmware, Meraki Mx105 and 43 more | 2024-11-21 | N/A | 8.6 HIGH |
| A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z3 Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of client-supplied parameters while establishing an SSL VPN session. An attacker could exploit this vulnerability by crafting a malicious request and sending it to the affected device. A successful exploit could allow the attacker to cause the Cisco AnyConnect VPN server to crash and restart, resulting in the failure of the established SSL VPN connections and forcing remote users to initiate a new VPN connection and re-authenticate. A sustained attack could prevent new SSL VPN connections from being established. Note: When the attack traffic stops, the Cisco AnyConnect VPN server recovers gracefully without requiring manual intervention. Cisco Meraki has released software updates that address this vulnerability. | |||||
| CVE-2022-20922 | 1 Cisco | 3 Cyber Vision, Firepower Threat Defense, Umbrella Insights Virtual Appliance | 2024-11-21 | N/A | 5.8 MEDIUM |
| Multiple vulnerabilities in the Server Message Block Version 2 (SMB2) processor of the Snort detection engine on multiple Cisco products could allow an unauthenticated, remote attacker to bypass the configured policies or cause a denial of service (DoS) condition on an affected device. These vulnerabilities are due to improper management of system resources when the Snort detection engine is processing SMB2 traffic. An attacker could exploit these vulnerabilities by sending a high rate of certain types of SMB2 packets through an affected device. A successful exploit could allow the attacker to trigger a reload of the Snort process, resulting in a DoS condition. Note: When the snort preserve-connection option is enabled for the Snort detection engine, a successful exploit could also allow the attacker to bypass the configured policies and deliver a malicious payload to the protected network. The snort preserve-connection setting is enabled by default. See the Details ["#details"] section of this advisory for more information. Note: Only products that have Snort 3 configured are affected. Products that are configured with Snort 2 are not affected. | |||||
| CVE-2022-20921 | 1 Cisco | 1 Aci Multi-site Orchestrator | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device. | |||||
| CVE-2022-20870 | 1 Cisco | 193 Catalyst 3650, Catalyst 3650-12x48fd-e, Catalyst 3650-12x48fd-l and 190 more | 2024-11-21 | N/A | 8.6 HIGH |
| A vulnerability in the egress MPLS packet processing function of Cisco IOS XE Software for Cisco Catalyst 3650, Catalyst 3850, and Catalyst 9000 Family Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation of IPv4 traffic. An attacker could exploit this vulnerability by sending a malformed packet out of an affected MPLS-enabled interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2022-20864 | 1 Cisco | 240 Catalyst 3650, Catalyst 3650-12x48fd-e, Catalyst 3650-12x48fd-l and 237 more | 2024-11-21 | N/A | 4.6 MEDIUM |
| A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to read any file or reset the enable password. | |||||
| CVE-2022-20863 | 1 Cisco | 1 Webex Teams | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability in the messaging interface of Cisco Webex App, formerly Webex Teams, could allow an unauthenticated, remote attacker to manipulate links or other content within the messaging interface. This vulnerability exists because the affected software does not properly handle character rendering. An attacker could exploit this vulnerability by sending messages within the application interface. A successful exploit could allow the attacker to modify the display of links or other content within the interface, potentially allowing the attacker to conduct phishing or spoofing attacks. | |||||
| CVE-2022-20859 | 1 Cisco | 3 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unity Connection | 2024-11-21 | 9.0 HIGH | 6.5 MEDIUM |
| A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to. | |||||