Total
34334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27672 | 2 Amd, Redhat | 331 A10-9600p, A10-9600p Firmware, A10-9630p and 328 more | 2024-11-21 | 4.7 Medium |
| When SMT is enabled, certain AMD processors may speculatively execute instructions using a target from the sibling thread after an SMT mode switch potentially resulting in information disclosure. | ||||
| CVE-2022-27664 | 3 Fedoraproject, Golang, Redhat | 19 Fedora, Go, Acm and 16 more | 2024-11-21 | 7.5 High |
| In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. | ||||
| CVE-2022-27578 | 1 Sick | 1 Overall Equipment Effectiveness | 2024-11-21 | 7.8 High |
| An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content. | ||||
| CVE-2022-27535 | 2 Kaspersky, Microsoft | 2 Vpn Secure Connection, Windows | 2024-11-21 | 7.8 High |
| Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker. | ||||
| CVE-2022-27534 | 1 Kaspersky | 6 Anti-virus, Endpoint Security, Internet Security and 3 more | 2024-11-21 | 9.8 Critical |
| Kaspersky Anti-Virus products for home and Kaspersky Endpoint Security with antivirus databases released before 12 March 2022 had a bug in a data parsing module that potentially allowed an attacker to execute arbitrary code. The fix was delivered automatically. Credits: Georgy Zaytsev (Positive Technologies). | ||||
| CVE-2022-27502 | 2 Microsoft, Realvnc | 2 Windows, Vnc Server | 2024-11-21 | 7.8 High |
| RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. | ||||
| CVE-2022-27474 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.2 High |
| SuiteCRM v7.11.23 was discovered to allow remote code execution via a crafted payload injected into the FirstName text field. | ||||
| CVE-2022-27452 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.cc. | ||||
| CVE-2022-27451 | 2 Mariadb, Redhat | 3 Mariadb, Enterprise Linux, Rhel Software Collections | 2024-11-21 | 7.5 High |
| MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. | ||||
| CVE-2022-27449 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. | ||||
| CVE-2022-27446 | 2 Mariadb, Redhat | 3 Mariadb, Enterprise Linux, Rhel Software Collections | 2024-11-21 | 7.5 High |
| MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_cmpfunc.h. | ||||
| CVE-2022-27445 | 3 Debian, Mariadb, Redhat | 4 Debian Linux, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/sql_window.cc. | ||||
| CVE-2022-27444 | 2 Mariadb, Redhat | 3 Mariadb, Enterprise Linux, Rhel Software Collections | 2024-11-21 | 7.5 High |
| MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_subselect.cc. | ||||
| CVE-2022-27336 | 1 Seacms | 1 Seacms | 2024-11-21 | 9.8 Critical |
| Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php. | ||||
| CVE-2022-27313 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 High |
| An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. | ||||
| CVE-2022-27257 | 1 Hubzilla | 1 Hubzilla | 2024-11-21 | 7.5 High |
| A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. | ||||
| CVE-2022-27250 | 1 Unisoc | 1 Unisoc Chipset | 2024-11-21 | 9.8 Critical |
| The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data. | ||||
| CVE-2022-27243 | 1 Misp | 1 Misp | 2024-11-21 | 7.8 High |
| An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting. | ||||
| CVE-2022-27227 | 2 Fedoraproject, Powerdns | 3 Fedora, Authoritative Server, Recursor | 2024-11-21 | 7.5 High |
| In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. | ||||
| CVE-2022-27191 | 3 Fedoraproject, Golang, Redhat | 12 Extra Packages For Enterprise Linux, Fedora, Ssh and 9 more | 2024-11-21 | 7.5 High |
| The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. | ||||