Total
29460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-42042 | 1 Democritus | 1 D8s-networking | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-networking package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | |||||
| CVE-2022-42041 | 1 Democritus | 1 D8s-file-system | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-file-system package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hashes package. The affected version is 0.1.0. | |||||
| CVE-2022-41984 | 1 Intel | 4 Arc A750, Arc A750 Firmware, Arc A770 and 1 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-41979 | 1 Intel | 1 Data Center Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
| Protection mechanism failure in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-41945 | 1 Super-xray Project | 1 Super-xray | 2024-11-21 | N/A | 6.5 MEDIUM |
| super-xray is a vulnerability scanner (xray) GUI launcher. In version 0.1-beta, the URL is not filtered and directly spliced ??into the command, resulting in a possible RCE vulnerability. Users should upgrade to super-xray 0.2-beta. | |||||
| CVE-2022-41935 | 1 Xwiki | 1 Xwiki | 2024-11-21 | N/A | 5.3 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue. | |||||
| CVE-2022-41918 | 1 Amazon | 1 Opensearch | 2024-11-21 | N/A | 6.3 MEDIUM |
| OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams potentially leading to incorrect access authorization. OpenSearch 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to update. There are no known workarounds for this issue. | |||||
| CVE-2022-41904 | 1 Element | 1 Element | 2024-11-21 | N/A | 6.4 MEDIUM |
| Element iOS is an iOS Matrix client provided by Element. It is based on MatrixSDK. Prior to version 1.9.7, events encrypted using Megolm for which trust could not be established did not get decorated accordingly (with warning shields). Therefore a malicious homeserver could inject messages into the room without the user being alerted that the messages were not sent by a verified group member, even if the user has previously verified all group members. This issue has been patched in Element iOS 1.9.7. There are currently no known workarounds. | |||||
| CVE-2022-41898 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 4.8 MEDIUM |
| TensorFlow is an open source platform for machine learning. If `SparseFillEmptyRowsGrad` is given empty inputs, TensorFlow will crash. We have patched the issue in GitHub commit af4a6a3c8b95022c351edae94560acc61253a1b8. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-41891 | 1 Google | 1 Tensorflow | 2024-11-21 | N/A | 4.8 MEDIUM |
| TensorFlow is an open source platform for machine learning. If `tf.raw_ops.TensorListConcat` is given `element_shape=[]`, it results segmentation fault which can be used to trigger a denial of service attack. We have patched the issue in GitHub commit fc33f3dc4c14051a83eec6535b608abe1d355fde. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in supported range. | |||||
| CVE-2022-41839 | 1 Wpbrigade | 1 Loginpress | 2024-11-21 | N/A | 5.3 MEDIUM |
| Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. | |||||
| CVE-2022-41804 | 3 Debian, Fedoraproject, Intel | 382 Debian Linux, Fedora, Xeon Bronze 3408u and 379 more | 2024-11-21 | N/A | 7.2 HIGH |
| Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41781 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2024-11-21 | N/A | 6.5 MEDIUM |
| Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. | |||||
| CVE-2022-41769 | 1 Intel | 1 Connect M | 2024-11-21 | N/A | 4.8 MEDIUM |
| Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41716 | 2 Golang, Microsoft | 2 Go, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D". | |||||
| CVE-2022-41715 | 1 Golang | 1 Go | 2024-11-21 | N/A | 7.5 HIGH |
| Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. | |||||
| CVE-2022-41690 | 1 Intel | 1 Retail Edge Program | 2024-11-21 | N/A | 7.1 HIGH |
| Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41689 | 1 Intel | 1 In-band Manageability | 2024-11-21 | N/A | 7.3 HIGH |
| Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41659 | 1 Intel | 1 Unison | 2024-11-21 | N/A | 1.9 LOW |
| Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-41646 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2024-11-21 | N/A | 4.7 MEDIUM |
| Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access. | |||||