Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39217 | 1 Ghas-to-csv Project | 1 Ghas-to-csv | 2024-11-21 | N/A | 5.8 MEDIUM |
| some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. In affected versions this GitHub Action creates a CSV file without sanitizing the output of the APIs. If an alert is dismissed or any other custom field contains executable code / formulas, it might be run when an endpoint opens that CSV file in a spreadsheet program. This issue has been addressed in version `v1`. Users are advised to use `v1` or later. There are no known workarounds for this issue. | |||||
| CVE-2022-39190 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. | |||||
| CVE-2022-39070 | 1 Zte | 4 Zxa10 C300m, Zxa10 C300m Firmware, Zxa10 C350m and 1 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| There is an access control vulnerability in some ZTE PON OLT products. Due to improper access control settings, remote attackers could use the vulnerability to log in to the device and execute any operation. | |||||
| CVE-2022-39065 | 1 Ikea | 2 Tradfri Gateway E1526, Tradfri Gateway E1526 Firmware | 2024-11-21 | N/A | 6.5 MEDIUM |
| A single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI gateway unresponsive, such that connected lighting cannot be controlled with the IKEA Home Smart app and TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score: 6.5 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | |||||
| CVE-2022-39064 | 1 Ikea | 2 Tradfri Led1732g11, Tradfri Led1732g11 Firmware | 2024-11-21 | N/A | 8.1 HIGH |
| An attacker sending a single malformed IEEE 802.15.4 (Zigbee) frame makes the TRÅDFRI bulb blink, and if they replay (i.e. resend) the same frame multiple times, the bulb performs a factory reset. This causes the bulb to lose configuration information about the Zigbee network and current brightness level. After this attack, all lights are on with full brightness, and a user cannot control the bulbs with either the IKEA Home Smart app or the TRÅDFRI remote control. The malformed Zigbee frame is an unauthenticated broadcast message, which means all vulnerable devices within radio range are affected. CVSS 3.1 Base Score 7.1 vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H | |||||
| CVE-2022-39057 | 1 Changingtec | 1 Rava Certificate Validation System | 2024-11-21 | N/A | 7.2 HIGH |
| RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service. | |||||
| CVE-2022-39019 | 1 M-files | 1 Hubshare | 2024-11-21 | N/A | 6.3 MEDIUM |
| Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. | |||||
| CVE-2022-39011 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| The HISP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause unauthorized access to the HISP module. | |||||
| CVE-2022-39010 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 7.5 HIGH |
| The HwChrService module has a vulnerability in permission control. Successful exploitation of this vulnerability may cause disclosure of user network information. | |||||
| CVE-2022-38999 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 9.8 CRITICAL |
| The AOD module has the improper update of reference count vulnerability. Successful exploitation of this vulnerability may affect data integrity, confidentiality, and availability. | |||||
| CVE-2022-38986 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | N/A | 9.1 CRITICAL |
| The HIPP module has a vulnerability of bypassing the check of the data transferred in the kernel space.Successful exploitation of this vulnerability may cause out-of-bounds access to the HIPP module and page table tampering, affecting device confidentiality and availability. | |||||
| CVE-2022-38974 | 1 Wpml | 1 Wpml | 2024-11-21 | N/A | 4.3 MEDIUM |
| Broken Access Control vulnerability in WPML Multilingual CMS premium plugin <= 4.5.10 on WordPress allows users with subscriber or higher user roles to change the status of the translation jobs. | |||||
| CVE-2022-38880 | 1 Democritus Urls Project | 1 Democritus Urls | 2024-11-21 | N/A | 9.8 CRITICAL |
| The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The affected version is 0.1.0. | |||||
| CVE-2022-38792 | 1 Exotel Project | 1 Exotel | 2024-11-21 | N/A | 9.8 CRITICAL |
| The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party. | |||||
| CVE-2022-38788 | 1 Nokia | 2 Fastmile 5g Receiver, Fastmile 5g Receiver Firmware | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key). | |||||
| CVE-2022-38786 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-11-21 | N/A | 6.7 MEDIUM |
| Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-38773 | 1 Siemens | 140 Simatic Drive Controller Cpu 1504d Tf, Simatic Drive Controller Cpu 1504d Tf Firmware, Simatic Drive Controller Cpu 1507d Tf and 137 more | 2024-11-21 | N/A | 4.6 MEDIUM |
| Affected devices do not contain an Immutable Root of Trust in Hardware. With this the integrity of the code executed on the device can not be validated during load-time. An attacker with physical access to the device could use this to replace the boot image of the device and execute arbitrary code. | |||||
| CVE-2022-38770 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2024-11-21 | N/A | 5.3 MEDIUM |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request. | |||||
| CVE-2022-38769 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2024-11-21 | N/A | 7.5 HIGH |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request. | |||||
| CVE-2022-38768 | 1 Transtek | 1 Mojodat Fixed Asset Management | 2024-11-21 | N/A | 9.8 CRITICAL |
| The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization. | |||||