Total
32671 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2228 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 5.3 MEDIUM |
| Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range | |||||
| CVE-2022-2164 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 6.3 MEDIUM |
| Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page. | |||||
| CVE-2022-2162 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-11-21 | N/A | 8.8 HIGH |
| Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. | |||||
| CVE-2022-2104 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2024-11-21 | 7.5 HIGH | 9.9 CRITICAL |
| The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). | |||||
| CVE-2022-2075 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | N/A | 7.5 HIGH |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. | |||||
| CVE-2022-2074 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | N/A | 7.5 HIGH |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. | |||||
| CVE-2022-2049 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | N/A | 7.5 HIGH |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. | |||||
| CVE-2022-2013 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Deploy | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space. | |||||
| CVE-2022-29950 | 1 Experian | 1 Hunter | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed | |||||
| CVE-2022-29935 | 1 Usu | 1 Oracle Optimization | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an agent-installer download. NOTE: this is not an Oracle Corporation product. | |||||
| CVE-2022-29891 | 1 Cybozu | 1 Office | 2024-11-21 | N/A | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors. | |||||
| CVE-2022-29871 | 1 Intel | 431 Atom X5-e3930, Atom X5-e3940, Atom X6200fe and 428 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper access control in the Intel(R) CSME software installer before version 2239.3.7.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-29859 | 1 Amb1 Sdk Project | 1 Amb1 Sdk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data. | |||||
| CVE-2022-29849 | 1 Progress | 1 Openedge | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system. | |||||
| CVE-2022-29846 | 1 Progress | 1 Whatsup Gold | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number. | |||||
| CVE-2022-29798 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Successful exploitation could cause denial of service. | |||||
| CVE-2022-29796 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. | |||||
| CVE-2022-29793 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability. | |||||
| CVE-2022-29792 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-29791 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. | |||||