Total
35559 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34054 | 1 Pypi | 1 Perdido | 2024-11-21 | 9.8 Critical |
| The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34053 | 1 Pypi | 1 Dr-web-engine | 2024-11-21 | 9.8 Critical |
| The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34032 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | ||||
| CVE-2022-34031 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_value_to_number at src/njs_value_conversion.h. | ||||
| CVE-2022-34030 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_djb_hash at src/njs_djb_hash.c. | ||||
| CVE-2022-34028 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| Nginx NJS v0.7.5 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h. | ||||
| CVE-2022-34027 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. | ||||
| CVE-2022-33993 | 1 Domain Name Relay Daemon Project | 1 Domain Name Relay Daemon | 2024-11-21 | 5.3 Medium |
| Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form. | ||||
| CVE-2022-33992 | 1 Domain Name Relay Daemon Project | 1 Domain Name Relay Daemon | 2024-11-21 | 7.5 High |
| DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. This leads to disabling of DNSSEC protection provided by upstream resolvers. | ||||
| CVE-2022-33987 | 2 Got Project, Redhat | 4 Got, Enterprise Linux, Rhel Eus and 1 more | 2024-11-21 | 5.3 Medium |
| The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket. | ||||
| CVE-2022-33980 | 4 Apache, Debian, Netapp and 1 more | 6 Commons Configuration, Debian Linux, Snapcenter and 3 more | 2024-11-21 | 9.8 Critical |
| Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. | ||||
| CVE-2022-33945 | 1 Intel | 66 Compute Module Hns2600bpb, Compute Module Hns2600bpb24, Compute Module Hns2600bpb24 Firmware and 63 more | 2024-11-21 | 8.2 High |
| Improper input validation in some Intel(R) Server board and Intel(R) Server System BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-33939 | 1 Yokogawa | 14 Centum Cs 3000 Cp31, Centum Cs 3000 Cp31 Firmware, Centum Cs 3000 Cp33 and 11 more | 2024-11-21 | 7.5 High |
| CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. If this vulnerability is exploited, an attacker may cause a denial of service (DoS) condition in ADL communication by sending a specially crafted packet to the affected product. | ||||
| CVE-2022-33936 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2024-11-21 | 8 High |
| Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2022-33917 | 1 Arm | 1 Valhall Gpu Kernel Driver | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory. | ||||
| CVE-2022-33916 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2024-11-21 | 7.5 High |
| OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information. | ||||
| CVE-2022-33903 | 1 Torproject | 1 Tor | 2024-11-21 | 7.5 High |
| Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. | ||||
| CVE-2022-33882 | 1 Autodesk | 1 Autodesk Desktop | 2024-11-21 | 9.8 Critical |
| Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code. | ||||
| CVE-2022-33755 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 5.3 Medium |
| CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. | ||||
| CVE-2022-33753 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 8.8 High |
| CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. | ||||