Total
34334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24974 | 1 Menlosecurity | 1 Email Isolation | 2024-11-21 | 5.3 Medium |
| Links may not be rewritten according to policy in some specially formatted emails. | ||||
| CVE-2022-24961 | 1 Portainer | 1 Portainer | 2024-11-21 | 9.8 Critical |
| In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. | ||||
| CVE-2022-24934 | 1 Wps | 1 Wps Office | 2024-11-21 | 9.8 Critical |
| wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. | ||||
| CVE-2022-24929 | 1 Google | 1 Android | 2024-11-21 | 4.1 Medium |
| Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. | ||||
| CVE-2022-24928 | 1 Google | 1 Android | 2024-11-21 | 5.9 Medium |
| Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. | ||||
| CVE-2022-24916 | 1 Optimism | 1 Eth-optimism\/l2geth | 2024-11-21 | 7.5 High |
| Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated upon contract self-destruction. | ||||
| CVE-2022-24696 | 1 Mirametrix | 1 Glance | 2024-11-21 | 7.8 High |
| Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites. | ||||
| CVE-2022-24687 | 1 Hashicorp | 1 Consul | 2024-11-21 | 6.5 Medium |
| HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3. | ||||
| CVE-2022-24684 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 6.5 Medium |
| HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6. | ||||
| CVE-2022-24683 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 7.5 High |
| HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. | ||||
| CVE-2022-24677 | 1 Hyphp | 1 Hybbs2 | 2024-11-21 | 9.8 Critical |
| Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php. | ||||
| CVE-2022-24611 | 1 Silabs | 10 Sd3502, Sd3502 Firmware, Sd3503 and 7 more | 2024-11-21 | 6.5 Medium |
| Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs. | ||||
| CVE-2022-24434 | 1 Dicer Project | 1 Dicer | 2024-11-21 | 7.5 High |
| This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes. | ||||
| CVE-2022-24398 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-11-21 | 6.5 Medium |
| Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. | ||||
| CVE-2022-24379 | 1 Intel | 4 Server Board M70klp2sb, Server Board M70klp2sb Firmware, Server System M70klp4s2uhh and 1 more | 2024-11-21 | 7.5 High |
| Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-24346 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.8 High |
| In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. | ||||
| CVE-2022-24345 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.8 High |
| In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. | ||||
| CVE-2022-24336 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.3 Medium |
| In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. | ||||
| CVE-2022-24334 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.3 Medium |
| In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. | ||||
| CVE-2022-24328 | 1 Jetbrains | 1 Hub | 2024-11-21 | 6.5 Medium |
| In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | ||||