Total
34334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28619 | 1 Hpe | 1 Control Repository Manager | 2024-11-21 | 7.8 High |
| A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0. | ||||
| CVE-2022-28617 | 1 Hp | 1 Oneview | 2024-11-21 | 9.8 Critical |
| A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | ||||
| CVE-2022-28590 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | 7.2 High |
| A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. | ||||
| CVE-2022-28521 | 1 Zcms Project | 1 Zcms | 2024-11-21 | 9.8 Critical |
| ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. | ||||
| CVE-2022-28470 | 1 Python | 1 Pypi | 2024-11-21 | 9.8 Critical |
| marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor. | ||||
| CVE-2022-28443 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 9.1 Critical |
| UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability. | ||||
| CVE-2022-28387 | 1 Verbatim | 4 Executive Fingerprint Secure Ssd, Executive Fingerprint Secure Ssd Firmware, Fingerprint Secure Portable Hard Drive and 1 more | 2024-11-21 | 4.6 Medium |
| An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650. | ||||
| CVE-2022-28366 | 3 Antisamy Project, Cyberneko Html Project, Htmlunit | 3 Antisamy, Cyberneko Html, Htmlunit | 2024-11-21 | 7.5 High |
| Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839. | ||||
| CVE-2022-28327 | 3 Fedoraproject, Golang, Redhat | 20 Extra Packages For Enterprise Linux, Fedora, Go and 17 more | 2024-11-21 | 7.5 High |
| The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | ||||
| CVE-2022-28323 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 High |
| An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, | ||||
| CVE-2022-28209 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. | ||||
| CVE-2022-28206 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 9.8 Critical |
| An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. | ||||
| CVE-2022-28205 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 9.8 Critical |
| An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. | ||||
| CVE-2022-28198 | 2 Microsoft, Nvidia | 3 Windows, Omniverse Cache, Omniverse Nucleus | 2024-11-21 | 6.6 Medium |
| NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability. | ||||
| CVE-2022-28184 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu | 2024-11-21 | 7.1 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering. | ||||
| CVE-2022-28118 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 9.8 Critical |
| SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. | ||||
| CVE-2022-28114 | 1 Dscms Project | 1 Dscms | 2024-11-21 | 9.1 Critical |
| DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php. | ||||
| CVE-2022-28076 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.2 High |
| Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. | ||||
| CVE-2022-28063 | 1 Simple Bakery Shop Management System Project | 1 Simple Bakery Shop Management System | 2024-11-21 | 4.9 Medium |
| Simple Bakery Shop Management System v1.0 contains a file disclosure via /bsms/?page=products. | ||||
| CVE-2022-28056 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 9.8 Critical |
| ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php. | ||||