Total
35552 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25891 | 1 Containrrr | 1 Shoutrrr | 2024-11-21 | 7.5 High |
| The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages. | ||||
| CVE-2022-25815 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | ||||
| CVE-2022-25814 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | ||||
| CVE-2022-25780 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 4.3 Medium |
| Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. | ||||
| CVE-2022-25641 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2024-11-21 | 5.5 Medium |
| Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack. | ||||
| CVE-2022-25625 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | 8.8 High |
| A malicious unauthorized PAM user can access the administration configuration data and change the values. | ||||
| CVE-2022-25623 | 1 Symantec | 1 Management Agent | 2024-11-21 | 7.8 High |
| The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. | ||||
| CVE-2022-25594 | 1 Program | 1 Parking Lot Management System | 2024-11-21 | 5.3 Medium |
| Microprogram’s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information. | ||||
| CVE-2022-25584 | 1 Flexwatch | 2 Fw3170-ps-e, Fw3170-ps-e Firmware | 2024-11-21 | 7.5 High |
| Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information. | ||||
| CVE-2022-25571 | 1 Bluedon | 1 Internet Access Detector | 2024-11-21 | 7.5 High |
| Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors. | ||||
| CVE-2022-25511 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2024-11-21 | 6.5 Medium |
| An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system. | ||||
| CVE-2022-25478 | 1 Realtek | 2 Rtsper, Rtsuer | 2024-11-21 | 7.8 High |
| Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys) before 10.0.22000.21355 and Realtek RtsUer driver for USB Card Reader (RtsUer.sys) before 10.0.22000.31274 provides read and write access to the PCI configuration space of the device. | ||||
| CVE-2022-25462 | 1 Yafu Project | 1 Yafu | 2024-11-21 | 7.5 High |
| Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | ||||
| CVE-2022-25401 | 1 Cuppacms | 1 Cuppacms | 2024-11-21 | 7.5 High |
| The copy function of the file manager in Cuppa CMS v1.0 allows any file to be copied to the current directory, granting attackers read access to arbitrary files. | ||||
| CVE-2022-25390 | 1 Dcnglobal | 2 Dcme-520, Dcme-520 Firmware | 2024-11-21 | 9.8 Critical |
| DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php. | ||||
| CVE-2022-25389 | 1 Dcnglobal | 2 Dcme-520, Dcme-520 Firmware | 2024-11-21 | 7.5 High |
| DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php. | ||||
| CVE-2022-25368 | 2 Amperecomputing, Arm | 44 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 41 more | 2024-11-21 | 4.7 Medium |
| Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected. | ||||
| CVE-2022-25365 | 2 Docker, Microsoft | 2 Docker, Windows | 2024-11-21 | 7.8 High |
| Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. | ||||
| CVE-2022-25361 | 1 Watchguard | 47 Firebox M200, Firebox M270, Firebox M290 and 44 more | 2024-11-21 | 9.1 Critical |
| WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | ||||
| CVE-2022-25343 | 1 Olivetti | 2 D-color Mf3555, D-color Mf3555 Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi page by manipulating the failhtmfile variable, is able to cause interruption of the service provided by the Web Application. | ||||