Total
34361 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38621 | 1 Doufox | 1 Doufox | 2024-11-21 | 9.8 Critical |
| Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-38532 | 1 Msi | 1 Center | 2024-11-21 | 7.8 High |
| Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable. | ||||
| CVE-2022-38392 | 1 * | 1 5400rmp Oem Harddrive | 2024-11-21 | 5.3 Medium |
| Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. A reported product is Seagate STDT4000100 763649053447. | ||||
| CVE-2022-38383 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-11-21 | 4 Medium |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673. | ||||
| CVE-2022-38362 | 1 Apache | 1 Apache-airflow-providers-docker | 2024-11-21 | 8.8 High |
| Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. | ||||
| CVE-2022-38333 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 7.5 High |
| Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request. | ||||
| CVE-2022-38299 | 1 Appsmith | 1 Appsmith | 2024-11-21 | 4.3 Medium |
| An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. | ||||
| CVE-2022-38176 | 1 Ysoft | 1 Safeq | 2024-11-21 | 7.8 High |
| An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859. | ||||
| CVE-2022-38164 | 1 F-secure | 1 Safe | 2024-11-21 | 6.5 Medium |
| A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attack with URL spoofing as the browser only display certain part of the entire URL. | ||||
| CVE-2022-38105 | 1 Asus | 2 Rt-ax82u, Rt-ax82u Firmware | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2022-37895 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2024-11-21 | 4.9 Medium |
| An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | ||||
| CVE-2022-37894 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2024-11-21 | 6.5 Medium |
| An unauthenticated Denial of Service (DoS) vulnerability exists in the handling of certain SSID strings by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected AP of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | ||||
| CVE-2022-37861 | 1 Tenhot | 2 Tws-100, Tws-100 Firmware | 2024-11-21 | 9.8 Critical |
| There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. It is necessary to know that the device account password is allowed to escape the execution system command through the network tools in the network diagnostic component. | ||||
| CVE-2022-37779 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2024-11-21 | 7.2 High |
| Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the sendnum parameter of the ping function. | ||||
| CVE-2022-37778 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2024-11-21 | 7.2 High |
| Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the current_time parameter of the time function. | ||||
| CVE-2022-37777 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2024-11-21 | 7.2 High |
| Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert function. | ||||
| CVE-2022-37661 | 1 Adtran | 4 Sr506n, Sr506n Firmware, Sr510n and 1 more | 2024-11-21 | 9.8 Critical |
| SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature. | ||||
| CVE-2022-37450 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | 5.9 Medium |
| Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022. | ||||
| CVE-2022-37439 | 1 Splunk | 2 Splunk, Universal Forwarder | 2024-11-21 | 5.5 Medium |
| In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file. | ||||
| CVE-2022-37438 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 2.6 Low |
| In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web. | ||||