Total
10626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40233 | 1 Ibm | 2 Aix, Vios | 2023-11-07 | N/A | 6.2 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 235599. | |||||
| CVE-2022-40145 | 1 Apache | 1 Karaf | 2023-11-07 | N/A | 9.8 CRITICAL |
| This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7. We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8 | |||||
| CVE-2022-3752 | 1 Rockwellautomation | 10 Compact Guardlogix 5380, Compact Guardlogix 5380 Firmware, Compactlogix 5380 and 7 more | 2023-11-07 | N/A | 7.5 HIGH |
| An unauthorized user could use a specially crafted sequence of Ethernet/IP messages, combined with heavy traffic loading to cause a denial-of-service condition in Rockwell Automation Logix controllers resulting in a major non-recoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online and continue normal operation. | |||||
| CVE-2022-3675 | 1 Redhat | 1 Fedora Coreos | 2023-11-07 | N/A | 5.5 MEDIUM |
| Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line. | |||||
| CVE-2022-3444 | 1 Google | 1 Chrome | 2023-11-07 | N/A | 4.3 MEDIUM |
| Insufficient data validation in File System API in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass File System restrictions via a crafted HTML page and malicious file. (Chromium security severity: Low) | |||||
| CVE-2022-3181 | 1 Trihedral | 1 Vtscada | 2023-11-07 | N/A | 7.5 HIGH |
| An Improper Input Validation vulnerability exists in Trihedral VTScada version 12.0.38 and prior. A specifically malformed HTTP request could cause the affected VTScada to crash. Both local area network (LAN)-only and internet facing systems are affected. | |||||
| CVE-2022-3171 | 2 Fedoraproject, Google | 6 Fedora, Google-protobuf, Protobuf-java and 3 more | 2023-11-07 | N/A | 7.5 HIGH |
| A parsing issue with binary data in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | |||||
| CVE-2022-3157 | 1 Rockwellautomation | 12 Compact Guardlogix 5370, Compact Guardlogix 5370 Firmware, Compact Guardlogix 5380 and 9 more | 2023-11-07 | N/A | 7.5 HIGH |
| A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). | |||||
| CVE-2022-39346 | 2 Fedoraproject, Nextcloud | 3 Fedora, Nextcloud Enterprise Server, Nextcloud Server | 2023-11-07 | N/A | 6.5 MEDIUM |
| Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue. | |||||
| CVE-2022-38900 | 1 Decode-uri-component Project | 1 Decode-uri-component | 2023-11-07 | N/A | 7.5 HIGH |
| decode-uri-component 0.2.0 is vulnerable to Improper Input Validation resulting in DoS. | |||||
| CVE-2022-38787 | 1 Intel | 96 Agilex 7 Fpga F-series 006, Agilex 7 Fpga F-series 006 Firmware, Agilex 7 Fpga F-series 008 and 93 more | 2023-11-07 | N/A | 7.8 HIGH |
| Improper input validation in firmware for some Intel(R) FPGA products before version 2.7.0 Hotfix may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-38385 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2023-11-07 | N/A | 8.1 HIGH |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777. | |||||
| CVE-2022-38123 | 1 Secomea | 1 Gatemanager | 2023-11-07 | N/A | 7.2 HIGH |
| Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0. | |||||
| CVE-2022-38102 | 1 Intel | 98 Atom X6200fe, Atom X6211e, Atom X6212re and 95 more | 2023-11-07 | N/A | 4.4 MEDIUM |
| Improper Input validation in firmware for some Intel(R) Converged Security and Management Engine before versions 15.0.45, and 16.1.27 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-38076 | 3 Debian, Fedoraproject, Intel | 15 Debian Linux, Fedora, Dual Band Wireless-ac 3165 and 12 more | 2023-11-07 | N/A | 7.8 HIGH |
| Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-37336 | 1 Intel | 52 Nuc 10 Performance Kit Nuc10i3fnh, Nuc 10 Performance Kit Nuc10i3fnh Firmware, Nuc 10 Performance Kit Nuc10i3fnhf and 49 more | 2023-11-07 | N/A | 6.7 MEDIUM |
| Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-37327 | 1 Intel | 234 Cm11ebc4w, Cm11ebc4w Firmware, Cm11ebi38w and 231 more | 2023-11-07 | N/A | 5.5 MEDIUM |
| Improper input validation in BIOS firmware for Intel(R) NUC, Intel(R) NUC Performance Kit, Intel(R) NUC Performance Mini PC, Intel(R) NUC 8 Compute Element, Intel(R) NUC Pro Kit, Intel(R) NUC Pro Board, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element, Intel(R) NUC Extreme, Intel(R) NUC 12 Extreme Compute Element, Intel(R) NUC Laptop Kit, Intel(R) NUC Enthusiast, Intel(R) NUC Essential, Intel(R) NUC Laptop Kit, Intel(R) NUC Extreme Compute Element, Intel(R) NUC Boards, Intel(R) NUC Pro Compute Element, Intel(R) NUC Rugged may allow a privileged user to enable information disclosure via local access. | |||||
| CVE-2022-36392 | 1 Intel | 134 B150, B250, B360 and 131 more | 2023-11-07 | N/A | 7.5 HIGH |
| Improper input validation in some firmware for Intel(R) AMT and Intel(R) Standard Manageability before versions 11.8.94, 11.12.94, 11.22.94, 12.0.93, 14.1.70, 15.0.45, and 16.1.27 in Intel (R) CSME may allow an unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2022-36351 | 3 Debian, Fedoraproject, Intel | 15 Debian Linux, Fedora, Killer and 12 more | 2023-11-07 | N/A | 6.5 MEDIUM |
| Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access. | |||||
| CVE-2022-36339 | 1 Intel | 26 Cm11ebc4w, Cm11ebc4w Firmware, Cm11ebi38w and 23 more | 2023-11-07 | N/A | 7.8 HIGH |
| Improper input validation in firmware for Intel(R) NUC 8 Compute Element, Intel(R) NUC 11 Compute Element, Intel(R) NUC 12 Compute Element may allow a privileged user to enable escalation of privilege via local access. | |||||