Total
28986 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40426 | 1 D8s-asns Project | 1 D8s-asns | 2024-02-28 | N/A | 9.8 CRITICAL |
| The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0. | |||||
| CVE-2022-31224 | 1 Dell | 50 Chengming 3900, Chengming 3900 Firmware, Inspiron 14 Plus 7420 and 47 more | 2024-02-28 | N/A | 2.4 LOW |
| Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by triggering a fault condition in order to change the behavior of the system. | |||||
| CVE-2022-39855 | 1 Google | 1 Android | 2024-02-28 | N/A | 4.3 MEDIUM |
| Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. | |||||
| CVE-2022-33714 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
| Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. | |||||
| CVE-2022-45198 | 1 Python | 1 Pillow | 2024-02-28 | N/A | 7.5 HIGH |
| Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification). | |||||
| CVE-2022-25966 | 1 Intel | 1 Edge Insights For Industrial | 2024-02-28 | N/A | 7.8 HIGH |
| Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2021-46304 | 1 Siemens | 8 Cp-8000 Master Module With I\/o -25\/\+70, Cp-8000 Master Module With I\/o -25\/\+70 Firmware, Cp-8000 Master Module With I\/o -40\/\+70 and 5 more | 2024-02-28 | N/A | 7.5 HIGH |
| A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems. | |||||
| CVE-2022-36101 | 1 Shopware | 1 Shopware | 2024-02-28 | N/A | 5.3 MEDIUM |
| Shopware is an open source e-commerce software. In affected versions the request for the customer detail view in the backend administration contained sensitive data like the hashed password and the session ID. These fields are now explicitly unset in version 5.7.15. Users are advised to update and may get the update either via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue. | |||||
| CVE-2022-39879 | 1 Google | 1 Android | 2024-02-28 | N/A | 3.3 LOW |
| Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. | |||||
| CVE-2022-28689 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-28 | N/A | 8.8 HIGH |
| A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-20864 | 1 Cisco | 240 Catalyst 3650, Catalyst 3650-12x48fd-e, Catalyst 3650-12x48fd-l and 237 more | 2024-02-28 | N/A | 4.6 MEDIUM |
| A vulnerability in the password-recovery disable feature of Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco Catalyst Switches could allow an unauthenticated, local attacker to recover the configuration or reset the enable password. This vulnerability is due to a problem with the file and boot variable permissions in ROMMON. An attacker could exploit this vulnerability by rebooting the switch into ROMMON and entering specific commands through the console. A successful exploit could allow the attacker to read any file or reset the enable password. | |||||
| CVE-2022-31609 | 1 Nvidia | 1 Virtual Gpu | 2024-02-28 | N/A | 7.8 HIGH |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure. | |||||
| CVE-2022-28760 | 1 Zoom | 1 Zoom On-premise Meeting Connector Mmr | 2024-02-28 | N/A | 6.5 MEDIUM |
| Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions. | |||||
| CVE-2021-39696 | 1 Google | 1 Android | 2024-02-28 | N/A | 7.8 HIGH |
| In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-185810717 | |||||
| CVE-2022-22250 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-02-28 | N/A | 6.5 MEDIUM |
| An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS). In an EVPN-MPLS scenario, if MAC is learned locally on an access interface but later a request to delete is received indicating that the MAC was learnt remotely, this can lead to memory corruption which can result in line card crash and reload. This issue affects: Juniper Networks Junos OS All versions 17.3R1 and later versions prior to 19.2R3-S5; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S6, 19.4R3-S8; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2; 21.4 versions prior to 21.4R1-S1, 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S3-EVO; 21.1-EVO version 21.1R1-EVO and later versions; 21.2-EVO versions prior to 21.2R3-EVO; 21.3-EVO versions prior to 21.3R2-EVO; 21.4-EVO versions prior to 21.4R1-S1-EVO, 21.4R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 17.3R1. | |||||
| CVE-2022-2456 | 1 Gitlab | 1 Gitlab | 2024-02-28 | N/A | 2.7 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request. | |||||
| CVE-2022-42717 | 2 Hashicorp, Linux | 2 Vagrant, Linux Kernel | 2024-02-28 | N/A | 7.8 HIGH |
| An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root. | |||||
| CVE-2022-32229 | 1 Rocket.chat | 1 Rocket.chat | 2024-02-28 | N/A | 4.3 MEDIUM |
| A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection. | |||||
| CVE-2022-34868 | 1 Yookassa | 1 Yukassa For Woocommerce | 2024-02-28 | N/A | 6.5 MEDIUM |
| Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | |||||
| CVE-2022-32544 | 1 Cybozu | 1 Office | 2024-02-28 | N/A | 4.3 MEDIUM |
| Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors. | |||||