Total
32539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23927 | 1 Hp | 1 Pc Bios | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-23926 | 1 Hp | 1 Pc Bios | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-23925 | 1 Hp | 1 Pc Bios | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-23924 | 1 Hp | 1 Pc Bios | 2024-11-21 | 7.2 HIGH | 8.2 HIGH |
| Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. | |||||
| CVE-2022-23923 | 1 Jailed Project | 1 Jailed | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Exported methods are stored in the application.remote object. | |||||
| CVE-2022-23878 | 1 Seacms | 1 Seacms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| seacms V11.5 is affected by an arbitrary code execution vulnerability in admin_config.php. | |||||
| CVE-2022-23863 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any user's login password. | |||||
| CVE-2022-23858 | 1 Starwindsoftware | 1 Command Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A flaw was found in the REST API. An improperly handled REST API call could allow any logged user to elevate privileges up to the system account. This affects StarWind Command Center build 6003 v2. | |||||
| CVE-2022-23849 | 1 Devolutions | 1 Password Hub | 2024-11-21 | 4.6 MEDIUM | 6.6 MEDIUM |
| The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authentication attempts. | |||||
| CVE-2022-23848 | 1 Alluxio | 1 Alluxio | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Alluxio before 2.7.3, the logserver does not validate the input stream. NOTE: this is not the same as the CVE-2021-44228 Log4j vulnerability. | |||||
| CVE-2022-23830 | 1 Amd | 130 Epyc 7203, Epyc 7203 Firmware, Epyc 7203p and 127 more | 2024-11-21 | N/A | 1.9 LOW |
| SMM configuration may not be immutable, as intended, when SNP is enabled resulting in a potential limited loss of guest memory integrity. | |||||
| CVE-2022-23824 | 3 Amd, Fedoraproject, Xen | 336 A10-9600p, A10-9600p Firmware, A10-9630p and 333 more | 2024-11-21 | N/A | 5.5 MEDIUM |
| IBPB may not prevent return branch predictions from being specified by pre-IBPB branch targets leading to a potential information disclosure. | |||||
| CVE-2022-23799 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. | |||||
| CVE-2022-23774 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Docker Desktop before 4.4.4 on Windows allows attackers to move arbitrary files. | |||||
| CVE-2022-23744 | 1 Checkpoint | 2 Endpoint Security, Harmony Endpoint | 2024-11-21 | 2.1 LOW | 2.3 LOW |
| Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. | |||||
| CVE-2022-23731 | 1 Lg | 1 Webos | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. | |||||
| CVE-2022-23728 | 1 Google | 1 Android | 2024-11-21 | 6.6 MEDIUM | 6.1 MEDIUM |
| Attacker can reset the device with AT Command in the process of rebooting the device. The LG ID is LVE-SMP-210011. | |||||
| CVE-2022-23727 | 1 Lg | 1 Webos | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege | |||||
| CVE-2022-23714 | 2 Elastic, Microsoft | 2 Endpoint Security, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | |||||
| CVE-2022-23712 | 1 Elastic | 1 Elasticsearch | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. | |||||