Total
32539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25462 | 1 Yafu Project | 1 Yafu | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | |||||
| CVE-2022-25401 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. | |||||
| CVE-2022-25390 | 1 Dcnglobal | 2 Dcme-520, Dcme-520 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php. | |||||
| CVE-2022-25389 | 1 Dcnglobal | 2 Dcme-520, Dcme-520 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php. | |||||
| CVE-2022-25368 | 2 Amperecomputing, Arm | 44 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 41 more | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected. | |||||
| CVE-2022-25365 | 2 Docker, Microsoft | 2 Docker, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. | |||||
| CVE-2022-25361 | 1 Watchguard | 47 Firebox M200, Firebox M270, Firebox M290 and 44 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | |||||
| CVE-2022-25343 | 1 Olivetti | 2 D-color Mf3555, D-color Mf3555 Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi page by manipulating the failhtmfile variable, is able to cause interruption of the service provided by the Web Application. | |||||
| CVE-2022-25333 | 1 Ti | 2 Omap L138, Omap L138 Firmware | 2024-11-21 | N/A | 8.2 HIGH |
| The Texas Instruments OMAP L138 (secure variants) trusted execution environment (TEE) performs an RSA check implemented in mask ROM when loading a module through the SK_LOAD routine. However, only the module header authenticity is validated. An adversary can re-use any correctly signed header and append a forged payload, to be encrypted using the CEK (obtainable through CVE-2022-25332) in order to obtain arbitrary code execution in secure context. This constitutes a full break of the TEE security architecture. | |||||
| CVE-2022-25320 | 1 Cerebrate-project | 1 Cerebrate | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Cerebrate through 1.4. Username enumeration could occur. | |||||
| CVE-2022-25319 | 1 Cerebrate-project | 1 Cerebrate | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled. | |||||
| CVE-2022-25294 | 2 Microsoft, Proofpoint | 2 Windows, Insider Threat Management | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal. | |||||
| CVE-2022-25255 | 3 Linux, Opengroup, Qt | 3 Linux Kernel, Unix, Qt | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. | |||||
| CVE-2022-25204 | 1 Jenkins | 1 Doktor | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Jenkins Doktor Plugin 0.4.1 and earlier implements functionality that allows agent processes to render files on the controller as Markdown or Asciidoc, and error messages allow attackers able to control agent processes to determine whether a file with a given name exists. | |||||
| CVE-2022-25186 | 1 Jenkins | 1 Hashicorp Vault | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins HashiCorp Vault Plugin 3.8.0 and earlier implements functionality that allows agent processes to retrieve any Vault secrets for use on the agent, allowing attackers able to control agent processes to obtain Vault secrets for an attacker-specified path and key. | |||||
| CVE-2022-25183 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists. | |||||
| CVE-2022-25182 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured. | |||||
| CVE-2022-25181 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists. | |||||
| CVE-2022-25167 | 1 Apache | 1 Flume | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | |||||
| CVE-2022-25153 | 1 Itarian | 1 Endpoint Manager Communication Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup. | |||||