Total
34334 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24308 | 4 Apple, Automox, Linux and 1 more | 4 Macos, Automox, Linux Kernel and 1 more | 2024-11-21 | 5.5 Medium |
| Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. | ||||
| CVE-2022-24305 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | ||||
| CVE-2022-24303 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 9.1 Critical |
| Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. | ||||
| CVE-2022-24293 | 1 Hp | 136 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 133 more | 2024-11-21 | 9.8 Critical |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | ||||
| CVE-2022-24292 | 1 Hp | 136 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 133 more | 2024-11-21 | 9.8 Critical |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | ||||
| CVE-2022-24291 | 1 Hp | 136 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 133 more | 2024-11-21 | 7.5 High |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | ||||
| CVE-2022-24218 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 9.1 Critical |
| An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files. | ||||
| CVE-2022-24141 | 1 Iobit | 1 Itop Vpn | 2024-11-21 | 5.4 Medium |
| The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient(). | ||||
| CVE-2022-24132 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 7.5 High |
| phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service. | ||||
| CVE-2022-24110 | 1 Accellion | 1 Managed File Transfer | 2024-11-21 | 6.5 Medium |
| Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later. | ||||
| CVE-2022-24073 | 1 Navercorp | 1 Whale | 2024-11-21 | 7.1 High |
| The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. | ||||
| CVE-2022-24072 | 1 Navercorp | 1 Whale | 2024-11-21 | 6.1 Medium |
| The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool. | ||||
| CVE-2022-24071 | 1 Navercorp | 1 Whale | 2024-11-21 | 4.3 Medium |
| A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs. | ||||
| CVE-2022-24003 | 1 Samsung | 1 Bixby Vision | 2024-11-21 | 4 Medium |
| Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent. | ||||
| CVE-2022-24001 | 1 Google | 1 Android | 2024-11-21 | 3.8 Low |
| Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel. | ||||
| CVE-2022-24000 | 1 Google | 1 Android | 2024-11-21 | 3.9 Low |
| PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. | ||||
| CVE-2022-23999 | 1 Google | 1 Android | 2024-11-21 | 3.9 Low |
| PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. | ||||
| CVE-2022-23989 | 1 Stormshield | 1 Stormshield Network Security | 2024-11-21 | 7.5 High |
| In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service. | ||||
| CVE-2022-23960 | 4 Arm, Debian, Redhat and 1 more | 45 Cortex-a57, Cortex-a57 Firmware, Cortex-a65 and 42 more | 2024-11-21 | 5.6 Medium |
| Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. | ||||
| CVE-2022-23958 | 1 Hp | 4 Probook 440 G8, Probook 440 G8 Firmware, Prodesk 405 G6 Small Form Factor and 1 more | 2024-11-21 | 5.5 Medium |
| Potential vulnerabilities have been identified in the BIOS for some HP PC products which may allow denial of service. | ||||