Total
29483 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36564 | 2 Microsoft, Strawberryperl | 2 Windows, Strawberryperl | 2024-11-21 | N/A | 8.8 HIGH |
| Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-36563 | 1 Rubyinstaller | 1 Rubyinstaller2 | 2024-11-21 | N/A | 8.8 HIGH |
| Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-36562 | 1 Rubyinstaller | 1 Rubyinstaller2 | 2024-11-21 | N/A | 8.8 HIGH |
| Incorrect access control in the install directory (C:\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | |||||
| CVE-2022-36542 | 1 Edoc-doctor-appointment-system Project | 1 Edoc-doctor-appointment-system | 2024-11-21 | N/A | 6.5 MEDIUM |
| An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data. | |||||
| CVE-2022-36454 | 1 Mitel | 1 Micollab | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name. | |||||
| CVE-2022-36453 | 1 Mitel | 1 Micollab | 2024-11-21 | N/A | 8.8 HIGH |
| A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number. | |||||
| CVE-2022-36429 | 1 Netgear | 2 Rbs750, Rbs750 Firmware | 2024-11-21 | N/A | 7.2 HIGH |
| A command execution vulnerability exists in the ubus backend communications functionality of Netgear Orbi Satellite RBS750 4.6.8.5. A specially-crafted JSON object can lead to arbitrary command execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. | |||||
| CVE-2022-36427 | 1 About-rentals Project | 1 About-rentals | 2024-11-21 | N/A | 7.3 HIGH |
| Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at WordPress. | |||||
| CVE-2022-36425 | 1 Fastlinemedia | 1 Beaver Builder | 2024-11-21 | N/A | 5.4 MEDIUM |
| Broken Access Control vulnerability in Beaver Builder plugin <= 2.5.4.3 at WordPress. | |||||
| CVE-2022-36416 | 1 Vmware | 1 Ixgben | 2024-11-21 | N/A | 4.4 MEDIUM |
| Protection mechanism failure in the Intel(R) Ethernet 500 Series Controller drivers for VMware before version 1.10.0.13 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36387 | 1 About-me Project | 1 About-me | 2024-11-21 | N/A | 7.6 HIGH |
| Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress. | |||||
| CVE-2022-36375 | 1 Oxilab | 1 Responsive Tabs | 2024-11-21 | N/A | 7.2 HIGH |
| Authenticated (high role user) WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin <= 3.6.0 at WordPress. | |||||
| CVE-2022-36369 | 1 Intel | 1 Qatzip | 2024-11-21 | N/A | 7.8 HIGH |
| Improper access control in some QATzip software maintained by Intel(R) before version 1.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36348 | 1 Intel | 1 Server Platform Services | 2024-11-21 | N/A | 8.8 HIGH |
| Active debug code in some Intel (R) SPS firmware before version SPS_E5_04.04.04.300.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36325 | 1 Siemens | 180 Scalance M-800, Scalance M-800 Firmware, Scalance S615 and 177 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| Affected devices do not properly sanitize data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS. | |||||
| CVE-2022-36323 | 1 Siemens | 180 Scalance M-800, Scalance M-800 Firmware, Scalance S615 and 177 more | 2024-11-21 | N/A | 9.1 CRITICAL |
| Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. | |||||
| CVE-2022-36289 | 1 Intel | 1 Media Software Development Kit | 2024-11-21 | N/A | 2.8 LOW |
| Protection mechanism failure in the Intel(R) Media SDK software before version 22.2.2 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-36278 | 1 Intel | 1 Battery Life Diagnostic Tool | 2024-11-21 | N/A | 8.2 HIGH |
| Insufficient control flow management in the Intel(R) Battery Life Diagnostic Tool software before version 2.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-36267 | 1 Airspan | 2 Airspot 5410, Airspot 5410 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. The ping functionality can be called without user authentication when crafting a malicious http request by injecting code in one of the parameters allowing for remote code execution. This vulnerability is exploited via the binary file /home/www/cgi-bin/diagnostics.cgi that accepts unauthenticated requests and unsanitized data. As a result, a malicious actor can craft a specific request and interact remotely with the device. | |||||
| CVE-2022-36263 | 2 Logitech, Microsoft | 2 Streamlabs Desktop, Windows | 2024-11-21 | N/A | 7.3 HIGH |
| StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file. | |||||