Total
2183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2104 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2024-11-21 | 7.5 HIGH | 9.9 CRITICAL |
| The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). | |||||
| CVE-2022-29859 | 1 Amb1 Sdk Project | 1 Amb1 Sdk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data. | |||||
| CVE-2022-29264 | 1 Coreboot | 1 Coreboot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur. | |||||
| CVE-2022-28995 | 1 Rengine Project | 1 Rengine | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. | |||||
| CVE-2022-28956 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. | |||||
| CVE-2022-28747 | 1 Gosecure | 1 Titan Inbox Detection \& Response | 2024-11-21 | N/A | 9.8 CRITICAL |
| Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload. | |||||
| CVE-2022-28620 | 1 Hpe | 10 Cray Ex Supercomputers, Cray Ex Supercomputers Firmware, Cray Sh Supercomputer Air Cooled Base System Code and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27; All Slingshot versions prior to 1.7.2; All versions of node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27. HPE has provided a software update to resolve this vulnerability in HPE Cray Legacy Shasta System Solutions, HPE Slingshot, and HPE Cray EX Supercomputers. | |||||
| CVE-2022-28617 | 1 Hp | 1 Oneview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | |||||
| CVE-2022-28521 | 1 Zcms Project | 1 Zcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. | |||||
| CVE-2022-28493 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| A vulnerability in TOTOLINK CP900 V6.3c.566 allows attackers to start the Telnet service, | |||||
| CVE-2022-28492 | 1 Totolink | 2 Cp900, Cp900 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| TOTOLINK Technology CPE with firmware V6.3c.566 ,allows remote attackers to bypass Login. | |||||
| CVE-2022-28470 | 1 Python | 1 Pypi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor. | |||||
| CVE-2022-28443 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability. | |||||
| CVE-2022-28209 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. | |||||
| CVE-2022-28206 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. | |||||
| CVE-2022-28205 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. | |||||
| CVE-2022-28118 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. | |||||
| CVE-2022-28114 | 1 Dscms Project | 1 Dscms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php. | |||||
| CVE-2022-28056 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php. | |||||
| CVE-2022-27982 | 1 Ruijienetworks | 2 Rg-nbr2100g-e, Rg-nbr2100g-e Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php. | |||||