Total
34361 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34382 | 1 Dell | 3 Alienware Update, Command Update, Update | 2024-11-21 | 7.8 High |
| Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. | ||||
| CVE-2022-34356 | 1 Ibm | 2 Aix, Vios | 2024-11-21 | 7.8 High |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. IBM X-Force ID: 230502. | ||||
| CVE-2022-34355 | 1 Ibm | 2 Collaborative Lifecycle Management, Engineering Lifecycle Management | 2024-11-21 | 4 Medium |
| IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498. | ||||
| CVE-2022-34303 | 3 Eurosoft-uk, Microsoft, Redhat | 10 Uefi Bootloader, Windows 10, Windows 11 and 7 more | 2024-11-21 | 6.7 Medium |
| A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | ||||
| CVE-2022-34302 | 3 Horizondatasys, Microsoft, Redhat | 10 Uefi Bootloader, Windows 10, Windows 11 and 7 more | 2024-11-21 | 6.7 Medium |
| A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | ||||
| CVE-2022-34301 | 3 Kidan, Microsoft, Redhat | 10 Cryptopro Securedisk For Bitlocker, Windows 10, Windows 11 and 7 more | 2024-11-21 | 6.7 Medium |
| A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | ||||
| CVE-2022-34296 | 1 Zalando | 1 Skipper | 2024-11-21 | 7.5 High |
| In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request. | ||||
| CVE-2022-34293 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.5 High |
| wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. | ||||
| CVE-2022-34181 | 1 Jenkins | 1 Xunit | 2024-11-21 | 9.1 Critical |
| Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory. | ||||
| CVE-2022-34113 | 1 Dataease | 1 Dataease | 2024-11-21 | 9.8 Critical |
| An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. | ||||
| CVE-2022-34110 | 1 Msi | 1 Micro-star International Feature Navigator | 2024-11-21 | 5.5 Medium |
| An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size. | ||||
| CVE-2022-34109 | 1 Msi | 1 Micro-star International Feature Navigator | 2024-11-21 | 7.1 High |
| An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size. | ||||
| CVE-2022-34108 | 1 Msi | 1 Micro-star International Feature Navigator | 2024-11-21 | 7.1 High |
| An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file. | ||||
| CVE-2022-34100 | 1 Crestron | 1 Airmedia | 2024-11-21 | 8.8 High |
| A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation. | ||||
| CVE-2022-34056 | 1 Pypi | 1 Watertools | 2024-11-21 | 9.8 Critical |
| The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34055 | 1 Pypi | 1 Drxhello | 2024-11-21 | 9.8 Critical |
| The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34054 | 1 Pypi | 1 Perdido | 2024-11-21 | 9.8 Critical |
| The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34053 | 1 Pypi | 1 Dr-web-engine | 2024-11-21 | 9.8 Critical |
| The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34032 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | ||||
| CVE-2022-34031 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. | ||||