Total
32789 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-38772 | 1 Zohocorp | 6 Manageengine Netflow Analyzer, Manageengine Network Configuration Manager, Manageengine Opmanager and 3 more | 2024-11-21 | N/A | 8.8 HIGH |
| Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature. | |||||
| CVE-2022-38755 | 1 Microfocus | 1 Filr | 2024-11-21 | N/A | 5.3 MEDIUM |
| A vulnerability has been identified in Micro Focus Filr in versions prior to 4.3.1.1. The vulnerability could be exploited to allow a remote unauthenticated attacker to enumerate valid users of the system. Remote unauthenticated user enumeration. This issue affects: Micro Focus Filr versions prior to 4.3.1.1. | |||||
| CVE-2022-38661 | 1 Hcltechsw | 1 Hcl Workload Automation | 2024-11-21 | N/A | 6.2 MEDIUM |
| HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash. | |||||
| CVE-2022-38656 | 1 Hcltechsw | 1 Hcl Commerce | 2024-11-21 | N/A | 8.6 HIGH |
| HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. | |||||
| CVE-2022-38654 | 1 Hcltech | 1 Domino | 2024-11-21 | N/A | 5.5 MEDIUM |
| HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record. | |||||
| CVE-2022-38621 | 1 Doufox | 1 Doufox | 2024-11-21 | N/A | 9.8 CRITICAL |
| Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-38546 | 1 Zyxel | 2 Nbg7510, Nbg7510 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
| A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode. | |||||
| CVE-2022-38532 | 1 Msi | 1 Center | 2024-11-21 | N/A | 7.8 HIGH |
| Micro-Star International Co., Ltd MSI Center 1.0.50.0 was discovered to contain a vulnerability in the component C_Features of MSI.CentralServer.exe. This vulnerability allows attackers to escalate privileges via running a crafted executable. | |||||
| CVE-2022-38392 | 1 * | 1 5400rmp Oem Harddrive | 2024-11-21 | N/A | 5.3 MEDIUM |
| Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. A reported product is Seagate STDT4000100 763649053447. | |||||
| CVE-2022-38383 | 1 Ibm | 2 Cloud Pak For Security, Qradar Suite | 2024-11-21 | N/A | 4.0 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 233673. | |||||
| CVE-2022-38362 | 1 Apache | 1 Apache-airflow-providers-docker | 2024-11-21 | N/A | 8.8 HIGH |
| Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. | |||||
| CVE-2022-38333 | 1 Openwrt | 1 Openwrt | 2024-11-21 | N/A | 7.5 HIGH |
| Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request. | |||||
| CVE-2022-38299 | 1 Appsmith | 1 Appsmith | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. | |||||
| CVE-2022-38187 | 1 Esri | 1 Portal For Arcgis | 2024-11-21 | N/A | 7.5 HIGH |
| Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs. | |||||
| CVE-2022-38176 | 1 Ysoft | 1 Safeq | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in YSoft SAFEQ 6 before 6.0.72. Incorrect privileges were configured as part of the installer package for the Client V3 services, allowing for local user privilege escalation by overwriting the executable file via an alternative data stream. NOTE: this is not the same as CVE-2021-31859. | |||||
| CVE-2022-38164 | 1 F-secure | 1 Safe | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser for Android and iOS was discovered. A maliciously crafted website could make a phishing attack with URL spoofing as the browser only display certain part of the entire URL. | |||||
| CVE-2022-38150 | 2 Fedoraproject, Varnish Cache Project | 2 Fedora, Varnish Cache | 2024-11-21 | N/A | 7.5 HIGH |
| In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1. | |||||
| CVE-2022-38105 | 1 Asus | 2 Rt-ax82u, Rt-ax82u Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2022-38102 | 1 Intel | 98 Atom X6200fe, Atom X6211e, Atom X6212re and 95 more | 2024-11-21 | N/A | 7.2 HIGH |
| Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-38076 | 3 Debian, Fedoraproject, Intel | 15 Debian Linux, Fedora, Dual Band Wireless-ac 3165 and 12 more | 2024-11-21 | N/A | 3.8 LOW |
| Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||