Total
32703 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34028 | 1 F5 | 1 Njs | 2024-11-21 | N/A | 7.5 HIGH |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. | |||||
| CVE-2022-34027 | 1 F5 | 1 Njs | 2024-11-21 | N/A | 7.5 HIGH |
| Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. | |||||
| CVE-2022-33993 | 1 Domain Name Relay Daemon Project | 1 Domain Name Relay Daemon | 2024-11-21 | N/A | 5.3 MEDIUM |
| Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form. | |||||
| CVE-2022-33992 | 1 Domain Name Relay Daemon Project | 1 Domain Name Relay Daemon | 2024-11-21 | N/A | 7.5 HIGH |
| DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers. | |||||
| CVE-2022-33987 | 1 Got Project | 1 Got | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket. | |||||
| CVE-2022-33980 | 3 Apache, Debian, Netapp | 3 Commons Configuration, Debian Linux, Snapcenter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. | |||||
| CVE-2022-33959 | 1 Ibm | 1 Sterling Order Management | 2024-11-21 | N/A | 5.4 MEDIUM |
| IBM Sterling Order Management 10.0 could allow a user to bypass validation and perform unauthorized actions on behalf of other users. IBM X-Force ID: 229320. | |||||
| CVE-2022-33945 | 1 Intel | 66 Compute Module Hns2600bpb, Compute Module Hns2600bpb24, Compute Module Hns2600bpb24 Firmware and 63 more | 2024-11-21 | N/A | 8.2 HIGH |
| Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33939 | 1 Yokogawa | 14 Centum Cs 3000 Cp31, Centum Cs 3000 Cp31 Firmware, Centum Cs 3000 Cp33 and 11 more | 2024-11-21 | N/A | 7.5 HIGH |
| CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product. | |||||
| CVE-2022-33936 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2024-11-21 | 10.0 HIGH | 8.0 HIGH |
| Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2022-33917 | 1 Arm | 1 Valhall Gpu Kernel Driver | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory. | |||||
| CVE-2022-33916 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2024-11-21 | N/A | 7.5 HIGH |
| OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information. | |||||
| CVE-2022-33903 | 1 Torproject | 1 Tor | 2024-11-21 | N/A | 7.5 HIGH |
| Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. | |||||
| CVE-2022-33894 | 1 Intel | 546 Core I3-1000g1, Core I3-1000g1 Firmware, Core I3-1000g4 and 543 more | 2024-11-21 | N/A | 7.5 HIGH |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-33882 | 1 Autodesk | 1 Autodesk Desktop | 2024-11-21 | N/A | 9.8 CRITICAL |
| Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code. | |||||
| CVE-2022-33755 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. | |||||
| CVE-2022-33753 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. | |||||
| CVE-2022-33751 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data. | |||||
| CVE-2022-33745 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | N/A | 8.8 HIGH |
| insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. | |||||
| CVE-2022-33744 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. | |||||