Total
537 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41917 | 1 Amazon | 1 Opensearch | 2024-11-21 | 4.3 Medium |
| OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of potentially impacted files is limited to text files with read permissions allowed in the Java Security Manager policy configuration. OpenSearch version 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2022-3279 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.7 Low |
| An unhandled exception in job log parsing in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to prevent access to job logs | ||||
| CVE-2022-3175 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 5.3 Medium |
| Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2. | ||||
| CVE-2022-39912 | 1 Google | 1 Android | 2024-11-21 | 6.2 Medium |
| Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. | ||||
| CVE-2022-39886 | 1 Google | 1 Android | 2024-11-21 | 5.9 Medium |
| Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. | ||||
| CVE-2022-39885 | 1 Google | 1 Android | 2024-11-21 | 5.9 Medium |
| Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. | ||||
| CVE-2022-39872 | 1 Samsung | 1 Sharelive | 2024-11-21 | 5.9 Medium |
| Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-39271 | 1 Traefik | 1 Traefik | 2024-11-21 | 7.5 High |
| Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds. | ||||
| CVE-2022-36923 | 1 Zohocorp | 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more | 2024-11-21 | 7.5 High |
| Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs. | ||||
| CVE-2022-36874 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | 5.9 Medium |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number. | ||||
| CVE-2022-36287 | 1 Intel | 1 Field Programmable Gate Array Crypto Service Server | 2024-11-21 | 4 Medium |
| Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access. | ||||
| CVE-2022-36031 | 1 Monospace | 1 Directus | 2024-11-21 | 6.5 Medium |
| Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`. | ||||
| CVE-2022-35295 | 1 Sap | 1 Host Agent | 2024-11-21 | 4.9 Medium |
| In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. | ||||
| CVE-2022-35268 | 1 Robustel | 2 R1510, R1510 Firmware | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists in the web_server hashFirst functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network request can lead to denial of service. An attacker can send a sequence of requests to trigger this vulnerability.This denial of service is in the `/action/import_sdk_file/` API. | ||||
| CVE-2022-34643 | 1 Riscv | 1 Spike Risc-v Isa Simulator | 2024-11-21 | 5.5 Medium |
| RISCV ISA Sim commit ac466a21df442c59962589ba296c702631e041b5 implements the incorrect exception priotrity when accessing memory. | ||||
| CVE-2022-34641 | 2 Boom-core, Openhwgroup | 2 Riscvc-boom, Cva6 | 2024-11-21 | 5.5 Medium |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation. | ||||
| CVE-2022-34639 | 1 Openhwgroup | 1 Cva6 | 2024-11-21 | 5.5 Medium |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a treats non-standard fence instructions as illegal which can affect the function of the application. | ||||
| CVE-2022-34637 | 1 Openhwgroup | 1 Cva6 | 2024-11-21 | 5.5 Medium |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a implements an incorrect exception type when an illegal virtual address is loaded. | ||||
| CVE-2022-34636 | 1 Openhwgroup | 1 Cva6 | 2024-11-21 | 5.5 Medium |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMA violation occurs during address translation. | ||||
| CVE-2022-34634 | 1 Openhwgroup | 1 Cva6 | 2024-11-21 | 5.5 Medium |
| CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a executes crafted or incorrectly formatted det instructions rather create an exception. | ||||