Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-35276 | 1 Intel | 10 Nuc 8 Compute Element Cm8ccb, Nuc 8 Compute Element Cm8ccb Firmware, Nuc 8 Compute Element Cm8i3cb and 7 more | 2022-11-16 | N/A | 6.7 MEDIUM |
Improper access control in BIOS firmware for some Intel(R) NUC 8 Compute Elements before version CBWHL357.0096 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-34152 | 1 Intel | 4 Nuc Board De3815tybe, Nuc Board De3815tybe Firmware, Nuc Kit De3815tykhe and 1 more | 2022-11-16 | N/A | 6.7 MEDIUM |
Improper input validation in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Kits before version TY0070 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-40127 | 1 Apache | 1 Airflow | 2022-11-16 | N/A | 8.8 HIGH |
A vulnerability in Example Dags of Apache Airflow allows an attacker with UI access who can trigger DAGs, to execute arbitrary commands via manually provided run_id parameter. This issue affects Apache Airflow Apache Airflow versions prior to 2.4.0. | |||||
CVE-2022-37860 | 1 Tp-link | 2 M7350, M7350 Firmware | 2022-11-16 | N/A | 9.8 CRITICAL |
The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. | |||||
CVE-2022-27949 | 1 Apache | 1 Airflow | 2022-11-16 | N/A | 7.5 HIGH |
A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1. | |||||
CVE-2022-45184 | 1 Ironmansoftware | 1 Powershell Universal | 2022-11-16 | N/A | 7.2 HIGH |
The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7. | |||||
CVE-2022-30945 | 1 Jenkins | 1 Pipeline\ | 2022-11-16 | 6.8 MEDIUM | 8.5 HIGH |
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. | |||||
CVE-2021-38828 | 1 Xiongmaitech | 2 Xm-jpr2-lx, Xm-jpr2-lx Firmware | 2022-11-16 | N/A | 5.3 MEDIUM |
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to plain-text traffic sniffing. | |||||
CVE-2021-38827 | 1 Xiongmaitech | 2 Xm-jpr2-lx, Xm-jpr2-lx Firmware | 2022-11-16 | N/A | 7.5 HIGH |
Xiongmai Camera XM-JPR2-LX V4.02.R12.A6420987.10002.147502.00000 is vulnerable to account takeover. | |||||
CVE-2022-45183 | 1 Ironmansoftware | 1 Powershell Universal | 2022-11-16 | N/A | 8.8 HIGH |
Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6. | |||||
CVE-2022-33973 | 2 Intel, Microsoft | 3 Wlan Authentication And Privacy Infrastructure, Windows 10, Windows 11 | 2022-11-16 | N/A | 3.3 LOW |
Improper access control in the Intel(R) WAPI Security software for Windows 10/11 before version 22.2150.0.1 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
CVE-2022-45194 | 1 Bruhn-newtech | 1 Cbrn-analysis | 2022-11-16 | N/A | 4.7 MEDIUM |
CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. | |||||
CVE-2022-26079 | 1 Intel | 2 Xmm 7560, Xmm 7560 Firmware | 2022-11-16 | N/A | 8.2 HIGH |
Improper conditions check in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2022-26045 | 1 Intel | 2 Xmm 7560, Xmm 7560 Firmware | 2022-11-16 | N/A | 7.2 HIGH |
Improper buffer restrictions in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access. | |||||
CVE-2022-45193 | 1 Bruhn-newtech | 1 Cbrn-analysis | 2022-11-16 | N/A | 8.8 HIGH |
CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of file contents or privilege escalation. | |||||
CVE-2022-3559 | 2 Exim, Fedoraproject | 2 Exim, Fedora | 2022-11-16 | N/A | 7.5 HIGH |
A vulnerability was found in Exim and classified as problematic. This issue affects some unknown processing of the component Regex Handler. The manipulation leads to use after free. The name of the patch is 4e9ed49f8f12eb331b29bd5b6dc3693c520fddc2. It is recommended to apply a patch to fix this issue. The identifier VDB-211073 was assigned to this vulnerability. | |||||
CVE-2022-45182 | 1 Pistar | 1 Pi-star Digital Voice Dashboard | 2022-11-16 | N/A | 9.8 CRITICAL |
Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter. | |||||
CVE-2022-41905 | 1 Wsgidav Project | 1 Wsgidav | 2022-11-16 | N/A | 6.1 MEDIUM |
WsgiDAV is a generic and extendable WebDAV server based on WSGI. Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue has been patched, users can upgrade to version 4.1.0. As a workaround, set `dir_browser.enable = False` in the configuration. | |||||
CVE-2022-26513 | 1 Intel | 2 Xmm 7560, Xmm 7560 Firmware | 2022-11-16 | N/A | 9.6 CRITICAL |
Out-of-bounds write in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
CVE-2022-26369 | 1 Intel | 2 Xmm 7560, Xmm 7560 Firmware | 2022-11-16 | N/A | 8.1 HIGH |
Out-of-bounds read in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access. |