Total
29518 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-35521 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml. | |||||
| CVE-2022-35520 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. This leads to command injection in page /ledonoff.shtml. | |||||
| CVE-2022-35519 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml. | |||||
| CVE-2022-35518 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml. | |||||
| CVE-2022-35517 | 1 Wavlink | 10 Wn530h4, Wn530h4 Firmware, Wn531p3 and 7 more | 2024-11-21 | N/A | 8.8 HIGH |
| WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml. | |||||
| CVE-2022-35242 | 1 59sec | 1 The Leads Management System\ | 2024-11-21 | N/A | 6.5 MEDIUM |
| Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress. | |||||
| CVE-2022-35238 | 1 Brinidesigner | 1 Awesome Filterable Portfolio | 2024-11-21 | N/A | 6.5 MEDIUM |
| Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin <= 1.9.7 at WordPress. | |||||
| CVE-2022-34894 | 1 Jetbrains | 1 Hub | 2024-11-21 | 5.0 MEDIUM | 3.5 LOW |
| In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | |||||
| CVE-2022-34885 | 1 Motorola | 2 Mr2600, Mr2600 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code. | |||||
| CVE-2022-34869 | 1 Allied-telesis | 2 Centrecom Ar260s, Centrecom Ar260s Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. | |||||
| CVE-2022-34868 | 1 Yookassa | 1 Yukassa For Woocommerce | 2024-11-21 | N/A | 8.8 HIGH |
| Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | |||||
| CVE-2022-34854 | 1 Intel | 1 System Usage Report | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper access control in the Intel(R) SUR software before version 2.4.8902 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-34672 | 2 Microsoft, Nvidia | 3 Windows, Cloud Gaming, Virtual Gpu | 2024-11-21 | N/A | 7.8 HIGH |
| NVIDIA Control Panel for Windows contains a vulnerability where an unauthorized user or an unprivileged regular user can compromise the security of the software by gaining privileges, reading sensitive information, or executing commands. | |||||
| CVE-2022-34635 | 1 Openhwgroup | 1 Cva6 | 2024-11-21 | N/A | 9.8 CRITICAL |
| The mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a does not update when the mstatus.fs field is set to Dirty. | |||||
| CVE-2022-34487 | 1 Oxilab | 1 Shortcode Addons | 2024-11-21 | N/A | 9.8 CRITICAL |
| Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | |||||
| CVE-2022-34458 | 1 Dell | 3 Alienware Update, Command Update, Update | 2024-11-21 | N/A | 6.6 MEDIUM |
| Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. | |||||
| CVE-2022-34453 | 1 Dell | 2 Xtremio X2, Xtremio X2 Firmware | 2024-11-21 | N/A | 7.6 HIGH |
| Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default. | |||||
| CVE-2022-34450 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 6.7 MEDIUM |
| PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root. | |||||
| CVE-2022-34446 | 1 Dell | 1 Powerpath Management Appliance | 2024-11-21 | N/A | 8.8 HIGH |
| PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration. | |||||
| CVE-2022-34434 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2024-11-21 | N/A | 6.7 MEDIUM |
| Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. A threat actor with root level access to either the vApp or containerized versions of Cloud Mobility may potentially exploit this vulnerability, leading to the modification or deletion of tables that are required for many of the core functionalities of Cloud Mobility. Exploitation may lead to the compromise of integrity and availability of the normal functionality of the Cloud Mobility application. | |||||