Total
29579 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27583 | 1 Sick | 4 Flx3-cpuc1, Flx3-cpuc1 Firmware, Flx3-cpuc2 and 1 more | 2025-05-07 | 9.1 Critical |
| A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. | ||||
| CVE-2022-49854 | 1 Linux | 1 Linux Kernel | 2025-05-07 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: mctp: Fix an error handling path in mctp_init() If mctp_neigh_init() return error, the routes resources should be released in the error handling path. Otherwise some resources leak. | ||||
| CVE-2022-49861 | 1 Linux | 1 Linux Kernel | 2025-05-07 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() A clk_prepare_enable() call in the probe is not balanced by a corresponding clk_disable_unprepare() in the remove function. Add the missing call. | ||||
| CVE-2022-49896 | 1 Linux | 1 Linux Kernel | 2025-05-07 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: cxl/pmem: Fix cxl_pmem_region and cxl_memdev leak When a cxl_nvdimm object goes through a ->remove() event (device physically removed, nvdimm-bridge disabled, or nvdimm device disabled), then any associated regions must also be disabled. As highlighted by the cxl-create-region.sh test [1], a single device may host multiple regions, but the driver was only tracking one region at a time. This leads to a situation where only the last enabled region per nvdimm device is cleaned up properly. Other regions are leaked, and this also causes cxl_memdev reference leaks. Fix the tracking by allowing cxl_nvdimm objects to track multiple region associations. | ||||
| CVE-2022-3304 | 1 Google | 1 Chrome | 2025-05-06 | 8.8 High |
| Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-20327 | 1 Cisco | 13 Asr 9000v-v2, Asr 9001, Asr 9006 and 10 more | 2025-05-06 | 7.4 High |
| A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router. | ||||
| CVE-2022-43563 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-05-05 | 8.1 High |
| In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | ||||
| CVE-2022-43565 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-05-05 | 8.1 High |
| In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. | ||||
| CVE-2022-42788 | 1 Apple | 1 Macos | 2025-05-05 | 5.5 Medium |
| A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information. | ||||
| CVE-2022-28709 | 1 Intel | 2 Ethernet Controller E810, Ethernet Controller E810 Firmware | 2025-05-05 | 4.4 Medium |
| Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2022-28356 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-05-05 | 5.5 Medium |
| In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. | ||||
| CVE-2022-26017 | 1 Intel | 1 Driver \& Support Assistant | 2025-05-05 | 8 High |
| Improper access control in the Intel(R) DSA software for before version 22.2.14 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2022-25966 | 1 Intel | 1 Edge Insights For Industrial | 2025-05-05 | 7.8 High |
| Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-23182 | 1 Intel | 1 Data Center Manager | 2025-05-05 | 8.8 High |
| Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2022-21812 | 1 Intel | 1 Hardware Accelerated Execution Manager | 2025-05-05 | 7.8 High |
| Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-21793 | 2 Intel, Vmware | 10 82599 10 Gigabit Ethernet Controller, Ethernet Controller X540, Ethernet Controller X550 and 7 more | 2025-05-05 | 5.5 Medium |
| Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access. | ||||
| CVE-2022-21225 | 1 Intel | 1 Data Center Manager | 2025-05-05 | 8 High |
| Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2022-21174 | 1 Intel | 1 Quartus Prime | 2025-05-05 | 7.8 High |
| Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-21157 | 1 Intel | 1 Smart Campus | 2025-05-05 | 5.5 Medium |
| Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-21153 | 1 Intel | 1 Capital Global Summit | 2025-05-05 | 5.5 Medium |
| Improper access control in the Intel(R) Capital Global Summit Android application may allow an authenticated user to potentially enable information disclosure via local access. | ||||