Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-41839 | 1 Wpbrigade | 1 Loginpress | 2024-11-21 | N/A | 5.3 MEDIUM |
| Broken Access Control vulnerability in WordPress LoginPress plugin <= 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings. | |||||
| CVE-2022-41804 | 3 Debian, Fedoraproject, Intel | 382 Debian Linux, Fedora, Xeon Bronze 3408u and 379 more | 2024-11-21 | N/A | 7.2 HIGH |
| Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41799 | 1 Weseek | 1 Growi | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users. | |||||
| CVE-2022-41781 | 1 Permalink Manager Lite Project | 1 Permalink Manager Lite | 2024-11-21 | N/A | 6.5 MEDIUM |
| Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress. | |||||
| CVE-2022-41769 | 1 Intel | 1 Connect M | 2024-11-21 | N/A | 4.8 MEDIUM |
| Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41723 | 1 Golang | 3 Go, Hpack, Http2 | 2024-11-21 | N/A | 7.5 HIGH |
| A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | |||||
| CVE-2022-41716 | 2 Golang, Microsoft | 2 Go, Windows | 2024-11-21 | N/A | 7.5 HIGH |
| Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D". | |||||
| CVE-2022-41715 | 1 Golang | 1 Go | 2024-11-21 | N/A | 7.5 HIGH |
| Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. | |||||
| CVE-2022-41690 | 1 Intel | 1 Retail Edge Program | 2024-11-21 | N/A | 7.1 HIGH |
| Improper access control in the Intel(R) Retail Edge Mobile iOS application before version 3.4.7 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41689 | 1 Intel | 1 In-band Manageability | 2024-11-21 | N/A | 7.3 HIGH |
| Improper access control in some Intel In-Band Manageability software before version 3.0.14 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-41659 | 1 Intel | 1 Unison | 2024-11-21 | N/A | 1.9 LOW |
| Improper access control for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2022-41646 | 1 Intel | 1 Integrated Performance Primitives Cryptography | 2024-11-21 | N/A | 4.7 MEDIUM |
| Insufficient control flow management in the Intel(R) IPP Cryptography software before version 2021.6 may allow an unauthenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-41621 | 1 Intel | 1 Quickassist Technology | 2024-11-21 | N/A | 3.3 LOW |
| Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2022-41446 | 1 Record Management System Project | 1 Record Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
| An access control issue in /Admin/dashboard.php of Record Management System using CodeIgniter v1.0 allows attackers to access and modify user data. | |||||
| CVE-2022-41326 | 1 Mitel | 1 Micollab | 2024-11-21 | N/A | 9.8 CRITICAL |
| The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls. A successful exploit could allow remote code execution within the context of the application. | |||||
| CVE-2022-41323 | 1 Djangoproject | 1 Django | 2024-11-21 | N/A | 7.5 HIGH |
| In Django 3.2 before 3.2.16, 4.0 before 4.0.8, and 4.1 before 4.1.2, internationalized URLs were subject to a potential denial of service attack via the locale parameter, which is treated as a regular expression. | |||||
| CVE-2022-41261 | 2 Microsoft, Sap | 2 Windows, Solution Manager | 2024-11-21 | N/A | 6.0 MEDIUM |
| SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized. | |||||
| CVE-2022-41235 | 1 Jenkins | 1 Wildfly Deployer | 2024-11-21 | N/A | 5.3 MEDIUM |
| Jenkins WildFly Deployer Plugin 1.0.2 and earlier implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system. | |||||
| CVE-2022-40972 | 1 Intel | 1 Quickassist Technology | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-40964 | 3 Debian, Fedoraproject, Intel | 17 Debian Linux, Fedora, Killer and 14 more | 2024-11-21 | N/A | 7.9 HIGH |
| Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | |||||