Total
2183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25167 | 1 Apache | 1 Flume | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | |||||
| CVE-2022-25152 | 1 Itarian | 2 On-premise, Saas Service Desk | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents. | |||||
| CVE-2022-25098 | 1 Ectouch | 1 Ectouch | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter. | |||||
| CVE-2022-25095 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request. | |||||
| CVE-2022-24961 | 1 Portainer | 1 Portainer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. | |||||
| CVE-2022-24934 | 1 Wps | 1 Wps Office | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. | |||||
| CVE-2022-24677 | 1 Hyphp | 1 Hybbs2 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php. | |||||
| CVE-2022-24497 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Windows Network File System Remote Code Execution Vulnerability | |||||
| CVE-2022-24491 | 1 Microsoft | 8 Windows 10, Windows 11, Windows 8.1 and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Windows Network File System Remote Code Execution Vulnerability | |||||
| CVE-2022-24305 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | |||||
| CVE-2022-24303 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. | |||||
| CVE-2022-24293 | 1 Hp | 136 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 133 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | |||||
| CVE-2022-24292 | 1 Hp | 136 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 133 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | |||||
| CVE-2022-24218 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files. | |||||
| CVE-2022-23878 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. | |||||
| CVE-2022-23848 | 1 Alluxio | 1 Alluxio | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability. | |||||
| CVE-2022-23799 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. | |||||
| CVE-2022-23660 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-23658 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-23657 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||