Total
10666 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2479 | 1 Google | 2 Android, Chrome | 2023-11-07 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. | |||||
| CVE-2022-29154 | 2 Fedoraproject, Samba | 2 Fedora, Rsync | 2023-11-07 | N/A | 7.4 HIGH |
| An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). | |||||
| CVE-2022-28699 | 1 Intel | 38 Nuc7cjyh, Nuc7cjyh Firmware, Nuc7cjyhn and 35 more | 2023-11-07 | N/A | 6.7 MEDIUM |
| Improper input validation for some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2022-28129 | 3 Apache, Debian, Fedoraproject | 3 Traffic Server, Debian Linux, Fedora | 2023-11-07 | N/A | 7.5 HIGH |
| Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. This issue affects Apache Traffic Server 8.0.0 to 9.1.2. | |||||
| CVE-2022-25976 | 1 Intel | 1 Virtual Raid On Cpu | 2023-11-07 | N/A | 5.5 MEDIUM |
| Improper input validation in the Intel(R) VROC software before version 7.7.6.1003 may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2022-24828 | 3 Fedoraproject, Getcomposer, Tenable | 3 Fedora, Composer, Tenable.sc | 2023-11-07 | 6.8 MEDIUM | 8.8 HIGH |
| Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json's `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. | |||||
| CVE-2022-24098 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2023-11-07 | 9.3 HIGH | 7.8 HIGH |
| Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an improper input validation vulnerability when parsing a PCX file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PCX file. | |||||
| CVE-2022-23814 | 1 Amd | 2 Milanpi-sp3, Milanpi-sp3 Firmware | 2023-11-07 | N/A | 5.3 MEDIUM |
| Failure to validate addresses provided by software to BIOS commands may result in a potential loss of integrity of guest memory in a confidential compute environment. | |||||
| CVE-2022-22727 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) | |||||
| CVE-2022-20945 | 1 Cisco | 8 Catalyst 9800-40, Catalyst 9800-40 Firmware, Catalyst 9800-80 and 5 more | 2023-11-07 | N/A | 6.5 MEDIUM |
| A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition. | |||||
| CVE-2022-20913 | 1 Cisco | 1 Nexus Dashboard | 2023-11-07 | N/A | 6.5 MEDIUM |
| A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. This vulnerability is due to insufficient input validation in the web-based management interface of Cisco Nexus Dashboard. An attacker with Administrator credentials could exploit this vulnerability by uploading a crafted file. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device. | |||||
| CVE-2022-20909 | 1 Cisco | 1 Nexus Dashboard | 2023-11-07 | N/A | 6.7 MEDIUM |
| Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device. | |||||
| CVE-2022-20908 | 1 Cisco | 1 Nexus Dashboard | 2023-11-07 | N/A | 6.7 MEDIUM |
| Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an affected device. An attacker could exploit these vulnerabilities by authenticating as the rescue-user and executing vulnerable CLI commands using a malicious payload. A successful exploit could allow the attacker to elevate privileges to root on an affected device. | |||||
| CVE-2022-20850 | 1 Cisco | 14 1100-4g Integrated Services Router, 1100-6g Integrated Services Router, 1100 Integrated Services Router and 11 more | 2023-11-07 | N/A | 7.1 HIGH |
| A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device. | |||||
| CVE-2022-20842 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2023-11-07 | N/A | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20841 | 1 Cisco | 18 Rv160, Rv160 Firmware, Rv160w and 15 more | 2023-11-07 | N/A | 9.0 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-20797 | 1 Cisco | 1 Secure Network Analytics | 2023-11-07 | 9.0 HIGH | 9.1 CRITICAL |
| A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly. | |||||
| CVE-2022-20784 | 1 Cisco | 1 Web Security Appliance | 2023-11-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability in the Web-Based Reputation Score (WBRS) engine of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to bypass established web request policies and access blocked content on an affected device. This vulnerability is due to incorrect handling of certain character combinations inserted into a URL. An attacker could exploit this vulnerability by sending crafted URLs to be processed by an affected device. A successful exploit could allow the attacker to bypass the web proxy and access web content that has been blocked by policy. | |||||
| CVE-2022-20783 | 1 Cisco | 2 Roomos, Telepresence Collaboration Endpoint | 2023-11-07 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted H.323 traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to either reboot normally or reboot into maintenance mode, which could result in a DoS condition on the device. | |||||
| CVE-2022-20779 | 1 Cisco | 1 Enterprise Nfv Infrastructure Software | 2023-11-07 | 9.3 HIGH | 8.8 HIGH |
| Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. | |||||