Total
32671 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29144 | 1 Microsoft | 1 Edge Chromium | 2024-11-21 | N/A | 7.5 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||
| CVE-2022-29014 | 1 Razer | 2 Sila, Sila Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. | |||||
| CVE-2022-28995 | 1 Yogeshojha | 1 Rengine | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. | |||||
| CVE-2022-28987 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. | |||||
| CVE-2022-28956 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. | |||||
| CVE-2022-28940 | 1 H3c | 2 Magic R100, Magic R100 Firmware | 2024-11-21 | 7.1 HIGH | 7.5 HIGH |
| In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack. | |||||
| CVE-2022-28918 | 1 Njtech | 1 Greencms | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. | |||||
| CVE-2022-28885 | 1 F-secure | 2 Atlant, Linux Security | 2024-11-21 | N/A | 4.3 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing the scanning request. | |||||
| CVE-2022-28883 | 3 Apple, F-secure, Microsoft | 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more | 2024-11-21 | N/A | 3.5 LOW |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker. | |||||
| CVE-2022-28881 | 3 Apple, F-secure, Microsoft | 10 Macos, Atlant, Cloud Protection For Salesforce and 7 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. The exploit can be triggered remotely by an attacker. | |||||
| CVE-2022-28880 | 3 Apple, F-secure, Microsoft | 10 Macos, Atlant, Cloud Protection For Salesforce and 7 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker. | |||||
| CVE-2022-28879 | 2 Apple, F-secure | 8 Macos, Atlant, Cloud Protection For Salesforce and 5 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aepack.dll component can crash the scanning engine. | |||||
| CVE-2022-28878 | 3 Apple, F-secure, Microsoft | 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed APK file it is possible that can crash the scanning engine. | |||||
| CVE-2022-28877 | 2 F-secure, Microsoft | 2 Elements Endpoint Protection, Windows | 2024-11-21 | N/A | 4.3 MEDIUM |
| This vulnerability allows local user to delete arbitrary file in the system and bypassing security protection which can be abused for local privilege escalation on affected F-Secure & WithSecure windows endpoint products. An attacker must have code execution rights on the victim machine prior to successful exploitation. | |||||
| CVE-2022-28876 | 3 Apple, F-secure, Microsoft | 8 Macos, Atlant, Cloud Protection For Salesforce and 5 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. The exploit can be triggered remotely by an attacker. | |||||
| CVE-2022-28873 | 1 F-secure | 1 Safe | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser was discovered. An attacker can potentially exploit Javascript window.open functionality in SAFE Browser which could lead address bar spoofing attacks. | |||||
| CVE-2022-28872 | 1 F-secure | 1 Safe | 2024-11-21 | 6.8 MEDIUM | 4.3 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails in a loop. | |||||
| CVE-2022-28870 | 1 F-secure | 1 Safe | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the address bar was not correct if navigation fails. | |||||
| CVE-2022-28869 | 1 F-secure | 1 Safe | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser was discovered. A maliciously crafted website could make a phishing attack with address bar spoofing as the browser did not show full URL, such as port number. | |||||
| CVE-2022-28868 | 1 F-secure | 1 Safe | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An Address bar spoofing vulnerability was discovered in Safe Browser for Android. When user clicks on a specially crafted malicious webpage/URL, user may be tricked for a short period of time (until the page loads) to think content may be coming from a valid domain, while the content comes from the attacker controlled site. | |||||