Total
32525 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23678 | 2 Hp, Microsoft | 2 Aruba Virtual Intranet Access, Windows | 2024-11-21 | N/A | 5.9 MEDIUM |
| A vulnerability in the Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system client communications that could allow for an attacker in a privileged network position to intercept sensitive information in Aruba Virtual Intranet Access (VIA) client for Microsoft Windows operating system versions: 4.3.0 build 2208101 and below. Aruba has released upgrades for Virtual Intranet Access (VIA) Client that address this security vulnerability. | |||||
| CVE-2022-23671 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-23670 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A remote authenticated information disclosure vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-23660 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-23658 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-23657 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | |||||
| CVE-2022-23648 | 3 Debian, Fedoraproject, Linuxfoundation | 3 Debian Linux, Fedora, Containerd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. | |||||
| CVE-2022-23604 | 1 X26-cogs Project | 1 X26-cogs | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| x26-Cogs is a repository of cogs made by Twentysix for the Red Discord bot. Among these cogs is the Defender cog, a tool for Discord server moderation. A vulnerability in the Defender cog prior to version 1.10.0 allows users with admin privileges to issue commands as other users who share the same server. If a bot owner shares the same server as the attacker, it is possible for the attacker to issue bot-owner restricted commands. The issue has been patched in version 1.10.0. One may unload the Defender cog as a workaround. | |||||
| CVE-2022-23551 | 1 Microsoft | 1 Azure Ad Pod Identity | 2024-11-21 | N/A | 5.3 MEDIUM |
| aad-pod-identity assigns Azure Active Directory identities to Kubernetes applications and has now been deprecated as of 24 October 2022. The NMI component in AAD Pod Identity intercepts and validates token requests based on regex. In this case, a token request made with backslash in the request (example: `/metadata/identity\oauth2\token/`) would bypass the NMI validation and be sent to IMDS allowing a pod in the cluster to access identities that it shouldn't have access to. This issue has been fixed and has been included in AAD Pod Identity release version 1.8.13. If using the AKS pod-managed identities add-on, no action is required. The clusters should now be running the version 1.8.13 release. | |||||
| CVE-2022-23536 | 1 Linuxfoundation | 1 Cortex | 2024-11-21 | N/A | 6.5 MEDIUM |
| Cortex provides multi-tenant, long term storage for Prometheus. A local file inclusion vulnerability exists in Cortex versions 1.13.0, 1.13.1 and 1.14.0, where a malicious actor could remotely read local files as a result of parsing maliciously crafted Alertmanager configurations when submitted to the Alertmanager Set Configuration API. Only users of the Alertmanager service where `-experimental.alertmanager.enable-api` or `enable_api: true` is configured are affected. Affected Cortex users are advised to upgrade to patched versions 1.13.2 or 1.14.1. However as a workaround, Cortex administrators may reject Alertmanager configurations containing the `api_key_file` setting in the `opsgenie_configs` section before sending to the Set Alertmanager Configuration API. | |||||
| CVE-2022-23456 | 1 Hp | 1 Support Assistant | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Potential arbitrary file deletion vulnerability has been identified in HP Support Assistant software. | |||||
| CVE-2022-23435 | 1 Android-gif-drawable Project | 1 Android-gif-drawable | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| decoding.c in android-gif-drawable before 1.2.24 does not limit the maximum length of a comment, leading to denial of service. | |||||
| CVE-2022-23434 | 2 Google, Samsung | 2 Android, Bixby | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2022-23427 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 3.9 LOW |
| PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. | |||||
| CVE-2022-23426 | 1 Google | 1 Android | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. | |||||
| CVE-2022-23382 | 1 Hichip | 1 Shenzhen Hichip Vision Technology Firmware | 2024-11-21 | N/A | 8.1 HIGH |
| Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170926 has a denial of service vulnerability through sending a crafted multicast message in a local network. | |||||
| CVE-2022-23342 | 1 Hyland | 1 Onbase | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login request to the /mobilebroker/ServiceToBroker.svc/Json/Connect endpoint. This can lead to user enumeration against the underlying Active Directory integrated systems. | |||||
| CVE-2022-23340 | 1 Joplin Project | 1 Joplin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results. | |||||
| CVE-2022-23330 | 1 Jpress | 1 Jpress | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. | |||||
| CVE-2022-23327 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node's memory pool, causing a denial of service (DoS). | |||||