Total
34345 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30585 | 1 Rsa | 1 Archer | 2024-11-21 | 6.5 Medium |
| The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. | ||||
| CVE-2022-30574 | 1 Tibco | 2 Eftl, Ftl | 2024-11-21 | 4.6 Medium |
| The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, TIBCO eFTL - Enterprise Edition, and TIBCO eFTL - Enterprise Edition contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to obtain user credentials to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL - Enterprise Edition: versions 6.0.0 through 6.7.3, TIBCO FTL - Enterprise Edition: version 6.8.0, TIBCO eFTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO eFTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO eFTL - Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO eFTL - Enterprise Edition: version 6.8.0. | ||||
| CVE-2022-30573 | 1 Tibco | 1 Ftl | 2024-11-21 | 6.7 Medium |
| The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.0.0 through 6.8.0, TIBCO FTL - Developer Edition: versions 6.0.1 through 6.8.0, TIBCO FTL - Enterprise Edition: versions 6.0.0 through 6.7.3, and TIBCO FTL - Enterprise Edition: version 6.8.0. | ||||
| CVE-2022-30570 | 1 Tibco | 2 Data Virtualization, Data Virtualization For Aws Marketplace | 2024-11-21 | 6.5 Medium |
| The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below. | ||||
| CVE-2022-30563 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 7.4 High |
| When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet. | ||||
| CVE-2022-30561 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 5.9 Medium |
| When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet. | ||||
| CVE-2022-30560 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 7.4 High |
| When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. | ||||
| CVE-2022-30532 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 5.3 Medium |
| In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy. | ||||
| CVE-2022-30503 | 1 Nginx | 1 Njs | 2024-11-21 | 5.5 Medium |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. | ||||
| CVE-2022-30470 | 1 Afian | 1 Filerun | 2024-11-21 | 9.8 Critical |
| In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. | ||||
| CVE-2022-30453 | 1 Shopwind | 1 Shopwind | 2024-11-21 | 9.8 Critical |
| ShopWind <= 3.4.2 has a RCE vulnerability in Database.php | ||||
| CVE-2022-30450 | 1 Waimairencms Project | 1 Waimairencms | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php | ||||
| CVE-2022-30408 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2024-11-21 | 6.5 Medium |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img. | ||||
| CVE-2022-30381 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2024-11-21 | 6.5 Medium |
| Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. | ||||
| CVE-2022-30324 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 9.8 Critical |
| HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. | ||||
| CVE-2022-30323 | 2 Hashicorp, Redhat | 3 Go-getter, Openshift, Openstack | 2024-11-21 | 8.6 High |
| go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0. | ||||
| CVE-2022-30322 | 2 Hashicorp, Redhat | 3 Go-getter, Openshift, Openstack | 2024-11-21 | 8.6 High |
| go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0. | ||||
| CVE-2022-30307 | 1 Fortinet | 1 Fortios | 2024-11-21 | 3.9 Low |
| A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack. | ||||
| CVE-2022-30288 | 1 Ohler | 1 Agoo | 2024-11-21 | 7.5 High |
| Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors. | ||||
| CVE-2022-30286 | 1 Pyscript | 1 Pyscript | 2024-11-21 | 7.5 High |
| pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code. | ||||