Total
35559 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30570 | 1 Tibco | 2 Data Virtualization, Data Virtualization For Aws Marketplace | 2024-11-21 | 6.5 Medium |
| The Column Based Security component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains an easily exploitable vulnerability that allows a low privileged attacker with network access to obtain read access to application information on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Data Virtualization: versions 8.5.2 and below and TIBCO Data Virtualization for AWS Marketplace: versions 8.5.2 and below. | ||||
| CVE-2022-30563 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 7.4 High |
| When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet. | ||||
| CVE-2022-30561 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 5.9 Medium |
| When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet. | ||||
| CVE-2022-30560 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 7.4 High |
| When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. | ||||
| CVE-2022-30532 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 5.3 Medium |
| In affected versions of Octopus Deploy, there is no logging of changes to artifacts within Octopus Deploy. | ||||
| CVE-2022-30503 | 1 Nginx | 1 Njs | 2024-11-21 | 5.5 Medium |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. | ||||
| CVE-2022-30470 | 1 Afian | 1 Filerun | 2024-11-21 | 9.8 Critical |
| In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. | ||||
| CVE-2022-30453 | 1 Shopwind | 1 Shopwind | 2024-11-21 | 9.8 Critical |
| ShopWind <= 3.4.2 has a RCE vulnerability in Database.php | ||||
| CVE-2022-30450 | 1 Waimairencms Project | 1 Waimairencms | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php | ||||
| CVE-2022-30408 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2024-11-21 | 6.5 Medium |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img. | ||||
| CVE-2022-30381 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2024-11-21 | 6.5 Medium |
| Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. | ||||
| CVE-2022-30324 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 9.8 Critical |
| HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. | ||||
| CVE-2022-30323 | 2 Hashicorp, Redhat | 3 Go-getter, Openshift, Openstack | 2024-11-21 | 8.6 High |
| go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0. | ||||
| CVE-2022-30322 | 2 Hashicorp, Redhat | 3 Go-getter, Openshift, Openstack | 2024-11-21 | 8.6 High |
| go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0. | ||||
| CVE-2022-30307 | 1 Fortinet | 1 Fortios | 2024-11-21 | 3.9 Low |
| A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack. | ||||
| CVE-2022-30288 | 1 Ohler | 1 Agoo | 2024-11-21 | 7.5 High |
| Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors. | ||||
| CVE-2022-30286 | 1 Pyscript | 1 Pyscript | 2024-11-21 | 7.5 High |
| pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code. | ||||
| CVE-2022-30242 | 1 Honeywell | 2 Alerton Ascent Control Module, Alerton Ascent Control Module Firmware | 2024-11-21 | 6.8 Medium |
| Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered. | ||||
| CVE-2022-30075 | 1 Tp-link | 2 Archer Ax50, Archer Ax50 Firmware | 2024-11-21 | 8.8 High |
| In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. | ||||
| CVE-2022-30063 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 9.8 Critical |
| ftcms <=2.1 was discovered to be vulnerable to code execution attacks . | ||||