Total
29911 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-43464 | 1 Unimo | 6 Udr-ja1604, Udr-ja1604 Firmware, Udr-ja1608 and 3 more | 2026-06-17 | N/A | 8.8 HIGH |
| Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | |||||
| CVE-2022-43435 | 1 Jenkins | 1 360 Fireline | 2026-06-17 | N/A | 5.3 MEDIUM |
| Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | |||||
| CVE-2022-43410 | 1 Jenkins | 1 Mercurial | 2026-06-17 | N/A | 5.3 MEDIUM |
| Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access. | |||||
| CVE-2022-43396 | 1 Apache | 1 Kylin | 2026-06-17 | N/A | 8.8 HIGH |
| In the fix for CVE-2022-24697, a blacklist is used to filter user input commands. But there is a risk of being bypassed. The user can control the command by controlling the kylin.engine.spark-cmd parameter of conf. | |||||
| CVE-2022-43381 | 1 Ibm | 2 Aix, Vios | 2026-06-17 | N/A | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639. | |||||
| CVE-2022-43380 | 1 Ibm | 2 Aix, Vios | 2026-06-17 | N/A | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX NFS kernel extension to cause a denial of service. IBM X-Force ID: 238640. | |||||
| CVE-2022-43364 | 1 Ip-com | 2 Ew9, Ew9 Firmware | 2026-06-17 | N/A | 7.5 HIGH |
| An access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password. | |||||
| CVE-2022-43138 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2026-06-17 | N/A | 9.8 CRITICAL |
| Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API. | |||||
| CVE-2022-42975 | 1 Phoenixframework | 1 Phoenix | 2026-06-17 | N/A | 7.5 HIGH |
| socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token. | |||||
| CVE-2022-42961 | 1 Wolfssl | 1 Wolfssl | 2026-06-17 | N/A | 5.3 MEDIUM |
| An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via an advanced technique for ECDSA key recovery. (In 5.5.0 and later, WOLFSSL_CHECK_SIG_FAULTS can be used to address the vulnerability.) | |||||
| CVE-2022-42834 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 3.3 LOW |
| An access issue was addressed with improved access restrictions. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13, macOS Big Sur 11.7.3. An app may be able to access mail folder attachments through a temporary directory used during compression | |||||
| CVE-2022-42788 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A malicious application may be able to read sensitive location information. | |||||
| CVE-2022-42784 | 1 Siemens | 32 6ag1052-1cc08-7ba1, 6ag1052-1cc08-7ba1 Firmware, 6ag1052-1fb08-7ba1 and 29 more | 2026-06-17 | N/A | 7.6 HIGH |
| A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions >= V8.3), LOGO! 12/24RCEo (6ED1052-2MD08-0BA1) (All versions >= V8.3), LOGO! 230RCE (6ED1052-1FB08-0BA1) (All versions >= V8.3), LOGO! 230RCEo (6ED1052-2FB08-0BA1) (All versions >= V8.3), LOGO! 24CE (6ED1052-1CC08-0BA1) (All versions >= V8.3), LOGO! 24CEo (6ED1052-2CC08-0BA1) (All versions >= V8.3), LOGO! 24RCE (6ED1052-1HB08-0BA1) (All versions >= V8.3), LOGO! 24RCEo (6ED1052-2HB08-0BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA1) (All versions >= V8.3), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA1) (All versions >= V8.3). Affected devices are vulnerable to an electromagnetic fault injection. This could allow an attacker to dump and debug the firmware, including the manipulation of memory. Further actions could allow to inject public keys of custom created key pairs which are then signed by the product CA. The generation of a custom certificate allows communication with, and impersonation of, any device of the same version. | |||||
| CVE-2022-42717 | 2 Hashicorp, Linux | 2 Vagrant, Linux Kernel | 2026-06-17 | N/A | 7.8 HIGH |
| An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root. | |||||
| CVE-2022-42707 | 1 Mahara | 1 Mahara | 2026-06-17 | N/A | 7.5 HIGH |
| In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions. | |||||
| CVE-2022-42469 | 1 Fortinet | 1 Fortios | 2026-06-17 | N/A | 4.3 MEDIUM |
| A permissive list of allowed inputs vulnerability [CWE-183] in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal. | |||||
| CVE-2022-42461 | 1 Miniorange | 1 Google Authenticator | 2026-06-17 | N/A | 5.4 MEDIUM |
| Broken Access Control vulnerability in miniOrange's Google Authenticator plugin <= 5.6.1 on WordPress. | |||||
| CVE-2022-42460 | 1 Sedlex | 1 Traffic Manager | 2026-06-17 | N/A | 6.5 MEDIUM |
| Broken Access Control vulnerability leading to Stored Cross-Site Scripting (XSS) in Traffic Manager plugin <= 1.4.5 on WordPress. | |||||
| CVE-2022-42454 | 1 Hcltechsw | 1 Bigfix Insights For Vulnerability Remediation | 2026-06-17 | N/A | 6.4 MEDIUM |
| Insights for Vulnerability Remediation (IVR) is vulnerable to man-in-the-middle attacks that may lead to information disclosure.? This requires privileged network access. | |||||
| CVE-2022-42285 | 1 Nvidia | 2 Dgx A100, Sbios | 2026-06-17 | N/A | 6.0 MEDIUM |
| DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization (PEI)phase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering. | |||||