Total
32539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24379 | 1 Intel | 4 Server Board M70klp2sb, Server Board M70klp2sb Firmware, Server System M70klp4s2uhh and 1 more | 2024-11-21 | N/A | 7.5 HIGH |
| Improper input validation in some Intel(R) Server System M70KLP Family BIOS firmware before version 01.04.0029 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-24346 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In JetBrains IntelliJ IDEA before 2021.3.1, local code execution via RLO (Right-to-Left Override) characters was possible. | |||||
| CVE-2022-24345 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In JetBrains IntelliJ IDEA before 2021.2.4, local code execution (without permission from a user) upon opening a project was possible. | |||||
| CVE-2022-24336 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via an XML-RPC request to the TeamCity server. | |||||
| CVE-2022-24334 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2021.2.1, the Agent Push feature allowed selection of any private key on the server. | |||||
| CVE-2022-24328 | 1 Jetbrains | 1 Hub | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains Hub before 2021.1.13956, an unprivileged user could perform DoS. | |||||
| CVE-2022-24308 | 4 Apple, Automox, Linux and 1 more | 4 Macos, Automox, Linux Kernel and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. | |||||
| CVE-2022-24305 | 1 Zohocorp | 1 Manageengine Sharepoint Manager Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine SharePoint Manager Plus before 4329 is vulnerable to a sensitive data leak that leads to privilege escalation. | |||||
| CVE-2022-24303 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. | |||||
| CVE-2022-24293 | 1 Hp | 136 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 133 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | |||||
| CVE-2022-24292 | 1 Hp | 136 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 133 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | |||||
| CVE-2022-24291 | 1 Hp | 136 Laserjet Pro M304-m305 W1a46a, Laserjet Pro M304-m305 W1a46a Firmware, Laserjet Pro M304-m305 W1a47a and 133 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Certain HP Print devices may be vulnerable to potential information disclosure, denial of service, or remote code execution. | |||||
| CVE-2022-24218 | 1 Elitecms | 1 Elite Cms | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue in /admin/delete_image.php of eliteCMS v1.0 allows attackers to delete arbitrary files. | |||||
| CVE-2022-24141 | 1 Iobit | 1 Itop Vpn | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| The iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient(). | |||||
| CVE-2022-24132 | 1 Phpshe | 1 Phpshe | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| phpshe V1.8 is affected by a denial of service (DoS) attack in the registry's verification code, which can paralyze the target service. | |||||
| CVE-2022-24110 | 1 Accellion | 1 Managed File Transfer | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed in version 7.6 and later. | |||||
| CVE-2022-24073 | 1 Navercorp | 1 Whale | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. | |||||
| CVE-2022-24072 | 1 Navercorp | 1 Whale | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool. | |||||
| CVE-2022-24071 | 1 Navercorp | 1 Whale | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A Built-in extension in Whale browser before 3.12.129.46 allows attackers to compromise the rendering process which could lead to controlling browser internal APIs. | |||||
| CVE-2022-24069 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| An issue was discovered in AhciBusDxe in Insyde InsydeH2O with kernel 5.0 before 05.08.41, 5.1 before 05.16.29, 5.2 before 05.26.29, 5.3 before 05.35.29, 5.4 before 05.43.29, and 5.5 before 05.51.29. An SMM callout vulnerability allows an attacker to hijack the execution flow of code running in System Management Mode. Exploiting this issue could lead to escalating privileges to SMM. | |||||