Total
601 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23950 | 1 Keylime | 1 Keylime | 2024-11-21 | N/A | 7.5 HIGH |
| In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations. | |||||
| CVE-2022-23835 | 1 Visual Voice Mail Project | 1 Visual Voice Mail | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| ** DISPUTED ** The Visual Voice Mail (VVM) application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READ_SMS permission, and reads an IMAP credentialing message that is (by design) not displayed to the victim within the AOSP SMS/MMS messaging application. (Often, the IMAP credentials are usable to listen to voice mail messages sent before the vulnerability was exploited, in addition to new ones.) NOTE: some vendors characterize this as not a "concrete and exploitable risk." | |||||
| CVE-2022-23825 | 4 Amd, Debian, Fedoraproject and 1 more | 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | |||||
| CVE-2022-23163 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 2.1 LOW | 4.7 MEDIUM |
| Dell PowerScale OneFS, 8.2,x, 9.1.0.x, 9.2.1.x, and 9.3.0.x contain a denial of service vulnerability. A local malicious user could potentially exploit this vulnerability, leading to denial of service/data unavailability. | |||||
| CVE-2022-23118 | 1 Jenkins | 1 Debian Package Builder | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller. | |||||
| CVE-2022-22732 | 2024-11-21 | N/A | 3.9 LOW | ||
| A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause all remote domains to access the resources (data) supplied by the server when an attacker sends a fetch request from third-party site or malicious site. Affected Products: EcoStruxure Power Commission (Versions prior to V2.22) | |||||
| CVE-2022-22515 | 1 Codesys | 18 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 15 more | 2024-11-21 | 4.9 MEDIUM | 8.1 HIGH |
| A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. | |||||
| CVE-2022-22154 | 1 Juniper | 1 Junos | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the Satellite Device (SD) control state machine of Juniper Networks Junos OS allows an attacker who is able to make physical changes to the cabling of the device to cause a denial of service (DoS). An SD can get rebooted and subsequently controlled by an Aggregation Device (AD) which does not belong to the original Fusion setup and is just connected to an extended port of the SD. To carry out this attack the attacker needs to have physical access to the cabling between the SD and the original AD. This issue affects: Juniper Networks Junos OS 16.1R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4. This issue does not affect Juniper Networks Junos OS versions prior to 16.1R1. | |||||
| CVE-2022-21964 | 1 Microsoft | 1 Windows 10 | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability | |||||
| CVE-2022-21947 | 1 Suse | 1 Rancher Desktop | 2024-11-21 | 5.8 MEDIUM | 8.3 HIGH |
| A Exposure of Resource to Wrong Sphere vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V. | |||||
| CVE-2022-21126 | 1 Samtools | 1 Htsjdk | 2024-11-21 | N/A | 7.3 HIGH |
| The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it. | |||||
| CVE-2022-1911 | 1 M-files | 1 M-files Server | 2024-11-21 | N/A | 5.3 MEDIUM |
| Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system. | |||||
| CVE-2022-1875 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1873 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1637 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Web Contents in Google Chrome prior to 101.0.4951.64 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1501 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1498 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1488 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. | |||||
| CVE-2022-1467 | 1 Aveva | 2 Intouch Access Anywhere, Plant Scada Access Anywhere | 2024-11-21 | 8.5 HIGH | 7.4 HIGH |
| Windows OS can be configured to overlay a “language bar” on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS. | |||||
| CVE-2022-1385 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.8 MEDIUM | 3.7 LOW |
| Mattermost 6.4.x and earlier fails to properly invalidate pending email invitations when the action is performed from the system console, which allows accidentally invited users to join the workspace and access information from the public teams and channels. | |||||