Total
12594 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35404 | 1 Zohocorp | 4 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 1 more | 2024-11-21 | 8.2 High |
| ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | ||||
| CVE-2022-35239 | 1 Contec | 4 Sv-cpt-mc310, Sv-cpt-mc310 Firmware, Sv-cpt-mc310f and 1 more | 2024-11-21 | 8.8 High |
| The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. If this vulnerability is exploited, arbitrary PHP code may be executed if a remote authenticated attacker uploads a specially crafted PHP file. | ||||
| CVE-2022-35171 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 5.5 Medium |
| When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below | ||||
| CVE-2022-34916 | 1 Apache | 1 Flume | 2024-11-21 | 9.8 Critical |
| Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | ||||
| CVE-2022-34866 | 1 Yrl | 2 Passage Drive, Passage Drive For Box | 2024-11-21 | 7.8 High |
| Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where the product is running. | ||||
| CVE-2022-34851 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-11-21 | 4.3 Medium |
| In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-34844 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-11-21 | 5.9 Medium |
| In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker's control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-34758 | 1 Schneider-electric | 2 Easergy P5, Easergy P5 Firmware | 2024-11-21 | 5.1 Medium |
| A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. Affected Products: Easergy P5 (V01.401.102 and prior) | ||||
| CVE-2022-34657 | 1 Intel | 31 Pcsd Bios, R1208wfqysr, R1208wftys and 28 more | 2024-11-21 | 6 Medium |
| Improper input validation in firmware for some Intel(R) PCSD BIOS before version 02.01.0013 may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2022-34164 | 1 Ibm | 1 Cics Tx | 2024-11-21 | 5.5 Medium |
| IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338. | ||||
| CVE-2022-34146 | 1 Qualcomm | 194 Csr8811, Csr8811 Firmware, Ipq5010 and 191 more | 2024-11-21 | 7.5 High |
| Transient DOS due to improper input validation in WLAN Host while parsing frame during defragmentation. | ||||
| CVE-2022-33945 | 1 Intel | 66 Compute Module Hns2600bpb, Compute Module Hns2600bpb24, Compute Module Hns2600bpb24 Firmware and 63 more | 2024-11-21 | 8.2 High |
| Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-33876 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 5.1 Medium |
| Multiple instances of improper input validation vulnerability in Fortinet FortiADC version 7.1.0, version 7.0.0 through 7.0.2 and version 6.2.4 and below allows an authenticated attacker to retrieve files with specific extension from the underlying Linux system via crafted HTTP requests. | ||||
| CVE-2022-33754 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 9.8 Critical |
| CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | ||||
| CVE-2022-33752 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 9.8 Critical |
| CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code. | ||||
| CVE-2022-33729 | 1 Google | 1 Android | 2024-11-21 | 5.9 Medium |
| Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-33719 | 1 Google | 1 Android | 2024-11-21 | 8.6 High |
| Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. | ||||
| CVE-2022-33715 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
| Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. | ||||
| CVE-2022-33710 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 7.8 High |
| Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | ||||
| CVE-2022-33709 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 7.8 High |
| Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | ||||