Total
654 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29850 | 1 Lexmark | 234 B2236, B2236 Firmware, B2338 and 231 more | 2024-11-21 | 8.1 High |
| Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots. | ||||
| CVE-2022-29820 | 1 Jetbrains | 1 Pycharm | 2024-11-21 | 3 Low |
| In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible | ||||
| CVE-2022-29646 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 5.3 Medium |
| An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. | ||||
| CVE-2022-28924 | 1 Universis | 1 Universis-students | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. | ||||
| CVE-2022-28794 | 1 Google | 1 Android | 2024-11-21 | 2.2 Low |
| Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. | ||||
| CVE-2022-28226 | 2 Microsoft, Yandex | 2 Windows, Yandex Browser | 2024-11-21 | 7.8 High |
| Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process. | ||||
| CVE-2022-28160 | 1 Jenkins | 1 Tests Selector | 2024-11-21 | 6.5 Medium |
| Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. | ||||
| CVE-2022-27822 | 1 Google | 1 Android | 2024-11-21 | 6.6 Medium |
| Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. | ||||
| CVE-2022-27818 | 1 Waycrate | 1 Swhkd | 2024-11-21 | 9.1 Critical |
| SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service. | ||||
| CVE-2022-27817 | 1 Waycrate | 1 Swhkd | 2024-11-21 | 4.4 Medium |
| SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality. | ||||
| CVE-2022-27772 | 1 Vmware | 1 Spring Boot | 2024-11-21 | 7.8 High |
| spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer | ||||
| CVE-2022-27576 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission | ||||
| CVE-2022-27331 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 Medium |
| An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. | ||||
| CVE-2022-26869 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2024-11-21 | 9.8 Critical |
| Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution. | ||||
| CVE-2022-26850 | 1 Apache | 1 Nifi | 2024-11-21 | 4.3 Medium |
| When creating or updating credentials for single-user access, Apache NiFi wrote a copy of the Login Identity Providers configuration to the operating system temporary directory. On most platforms, the operating system temporary directory has global read permissions. NiFi immediately moved the temporary file to the final configuration directory, which significantly limited the window of opportunity for access. NiFi 1.16.0 includes updates to replace the Login Identity Providers configuration without writing a file to the operating system temporary directory. | ||||
| CVE-2022-26355 | 1 Citrix | 1 Federated Authentication Service | 2024-11-21 | 4.4 Medium |
| Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration. | ||||
| CVE-2022-26121 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 3.7 Low |
| An exposure of resource to wrong sphere vulnerability [CWE-668] in FortiAnalyzer and FortiManager GUI 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.0 through 6.2.9, 6.0.0 through 6.0.11, 5.6.0 through 5.6.11 may allow an unauthenticated and remote attacker to access report template images via referencing the name in the URL path. | ||||
| CVE-2022-25643 | 1 Seatd Project | 1 Seatd | 2024-11-21 | 9.8 Critical |
| seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname. | ||||
| CVE-2022-25481 | 1 Thinkphp | 1 Thinkphp | 2024-11-21 | 7.5 High |
| ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. NOTE: this is disputed by a third party because system environment exposure is an intended feature of the debugging mode. | ||||
| CVE-2022-25375 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 5.5 Medium |
| An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. | ||||