Total
32689 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30532 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy. | |||||
| CVE-2022-30503 | 1 Nginx | 1 Njs | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. | |||||
| CVE-2022-30470 | 1 Afian | 1 Filerun | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. | |||||
| CVE-2022-30453 | 1 Shopwind | 1 Shopwind | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ShopWind <= 3.4.2 has a RCE vulnerability in Database.php | |||||
| CVE-2022-30450 | 1 Waimairencms Project | 1 Waimairencms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php | |||||
| CVE-2022-30408 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img. | |||||
| CVE-2022-30381 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. | |||||
| CVE-2022-30324 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. | |||||
| CVE-2022-30323 | 1 Hashicorp | 1 Go-getter | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0. | |||||
| CVE-2022-30322 | 1 Hashicorp | 1 Go-getter | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0. | |||||
| CVE-2022-30307 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 3.9 LOW |
| A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack. | |||||
| CVE-2022-30288 | 1 Ohler | 1 Agoo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors. | |||||
| CVE-2022-30286 | 1 Pyscript | 1 Pyscript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code. | |||||
| CVE-2022-30242 | 1 Honeywell | 2 Alerton Ascent Control Module, Alerton Ascent Control Module Firmware | 2024-11-21 | N/A | 6.8 MEDIUM |
| Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered. | |||||
| CVE-2022-30226 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2022-30225 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability | |||||
| CVE-2022-30224 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability | |||||
| CVE-2022-30223 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-11-21 | 2.7 LOW | 5.7 MEDIUM |
| Windows Hyper-V Information Disclosure Vulnerability | |||||
| CVE-2022-30222 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
| Windows Shell Remote Code Execution Vulnerability | |||||
| CVE-2022-30221 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2024-11-21 | 5.1 MEDIUM | 8.8 HIGH |
| Windows Graphics Component Remote Code Execution Vulnerability | |||||