Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4613 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | N/A | 5.0 MEDIUM |
| A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216275. | |||||
| CVE-2022-4452 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
| Insufficient data validation in crosvm in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-4136 | 1 Leadshop | 1 Leadshop | 2024-11-21 | N/A | 9.8 CRITICAL |
| Dangerous method exposed which can lead to RCE in qmpass/leadshop v1.4.15 allows an attacker to control the target host by calling any function in leadshop.php via the GET method. | |||||
| CVE-2022-48820 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.1 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: phy: stm32: fix a refcount leak in stm32_usbphyc_pll_enable() This error path needs to decrement "usbphyc->n_pll_cons.counter" before returning. | |||||
| CVE-2022-48778 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: gpmi: don't leak PM reference in error path If gpmi_nfc_apply_timings() fails, the PM runtime usage counter must be dropped. | |||||
| CVE-2022-48725 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix refcounting leak in siw_create_qp() The atomic_inc() needs to be paired with an atomic_dec() on the error path. | |||||
| CVE-2022-48723 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: spi: uniphier: fix reference count leak in uniphier_spi_probe() The issue happens in several error paths in uniphier_spi_probe(). When either dma_get_slave_caps() or devm_spi_register_master() returns an error code, the function forgets to decrease the refcount of both `dma_rx` and `dma_tx` objects, which may lead to refcount leaks. Fix it by decrementing the reference count of specific objects in those error paths. | |||||
| CVE-2022-48615 | 1 Huawei | 2 Ar617vw, Ar617vw Firmware | 2024-11-21 | N/A | 4.8 MEDIUM |
| An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information. | |||||
| CVE-2022-48165 | 1 Wavlink | 2 Wl-wn530h4, Wl-wn530h4 Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | |||||
| CVE-2022-48023 | 1 Zammad | 1 Zammad | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags. | |||||
| CVE-2022-47909 | 1 Checkmk | 1 Checkmk | 2024-11-21 | N/A | 6.8 MEDIUM |
| Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost. | |||||
| CVE-2022-47529 | 1 Rsa | 1 Netwitness | 2024-11-21 | N/A | 6.7 MEDIUM |
| Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification. | |||||
| CVE-2022-46908 | 1 Sqlite | 1 Sqlite | 2024-11-21 | N/A | 7.3 HIGH |
| SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE. | |||||
| CVE-2022-46755 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 4.9 MEDIUM |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. | |||||
| CVE-2022-46754 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 8.7 HIGH |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user might access certain pro license features for which this admin is not authorized in order to configure user controlled external entities. | |||||
| CVE-2022-46752 | 1 Dell | 150 Inspiron 14 Plus 7420, Inspiron 14 Plus 7420 Firmware, Inspiron 14 Plus 7620 and 147 more | 2024-11-21 | N/A | 4.6 MEDIUM |
| Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2022-46705 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | N/A | 4.3 MEDIUM |
| A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2022-46679 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | N/A | 6.5 MEDIUM |
| Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2022-46678 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 4.9 MEDIUM |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability. A authenticated malicious admin user can edit general client policy for which the user is not authorized. | |||||
| CVE-2022-46677 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | N/A | 6.8 MEDIUM |
| Wyse Management Suite 3.8 and below contain an improper access control vulnerability with which an custom group admin can create a subgroup under a group for which the admin is not authorized. | |||||