Total
32671 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29790 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions. | |||||
| CVE-2022-29789 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services. | |||||
| CVE-2022-29784 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. | |||||
| CVE-2022-29780 | 1 Nginx | 1 Njs | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. | |||||
| CVE-2022-29779 | 1 Nginx | 1 Njs | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | |||||
| CVE-2022-29778 | 1 Dlink | 2 Dir-890l, Dir-890l Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php | |||||
| CVE-2022-29619 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. | |||||
| CVE-2022-29586 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2024-11-21 | 6.9 MEDIUM | 7.4 HIGH |
| Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode. | |||||
| CVE-2022-29562 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2024-11-21 | N/A | 3.7 LOW |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner. | |||||
| CVE-2022-29546 | 1 Htmlunit | 1 Htmlunit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product. | |||||
| CVE-2022-29505 | 1 Linecorp | 1 Line | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. | |||||
| CVE-2022-29405 | 1 Apache | 1 Archiva | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8 | |||||
| CVE-2022-29264 | 1 Coreboot | 1 Coreboot | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur. | |||||
| CVE-2022-29262 | 1 Intel | 66 Compute Module Hns2600bpb, Compute Module Hns2600bpb24, Compute Module Hns2600bpb24 Firmware and 63 more | 2024-11-21 | N/A | 7.9 HIGH |
| Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-29257 | 1 Electronjs | 1 Electron | 2024-11-21 | 6.5 MEDIUM | 6.6 MEDIUM |
| Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds. | |||||
| CVE-2022-29241 | 1 Jupyter | 1 Jupyter Server | 2024-11-21 | 9.0 HIGH | 7.1 HIGH |
| Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cross-site scripting payload or from a hooked or otherwise compromised browser to leak this access token to a malicious third party. This token can be used along with the REST API to interact with Jupyter services/notebooks such as modifying or overwriting critical files, such as .bashrc or .ssh/authorized_keys, allowing a malicious user to read potentially sensitive data and possibly gain control of the impacted system. This issue is patched in version 1.17.1. | |||||
| CVE-2022-29177 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack. | |||||
| CVE-2022-29164 | 1 Argo Workflows Project | 1 Argo Workflows | 2024-11-21 | 4.6 MEDIUM | 7.1 HIGH |
| Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running. As the script has access to the Argo Server API (as the victim), so may read information about the victim’s workflows, or create and delete workflows. Note the attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows. The attacker must have an understanding of the victim’s system. We have seen no evidence of this in the wild. We urge all users to upgrade to the fixed versions. | |||||
| CVE-2022-29147 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 3.1 LOW |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | |||||
| CVE-2022-29146 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||