Latest CVE Feed
-
9.8
CRITICALCVE-2023-20894
The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading t... Read more
Affected Products : vcenter_server- EPSS Score: %49.09
- Published: Jun. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2023-20893
The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system tha... Read more
Affected Products : vcenter_server- EPSS Score: %2.92
- Published: Jun. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-48716
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd938x: fix incorrect used of portid Mixer controls have the channel id in mixer->reg, which is not same as port id. port id should be derived from chan_info array. So fi... Read more
Affected Products : linux_kernel- Published: Jun. 20, 2024
- Modified: Apr. 01, 2025
-
9.8
CRITICALCVE-2022-46680
A CWE-319: Cleartext transmission of sensitive information vulnerability exists that could cause disclosure of sensitive information, denial of service, or modification of data if an attacker is able to intercept network traffic. ... Read more
- EPSS Score: %0.12
- Published: May. 22, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-45141
Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the ... Read more
Affected Products : samba- EPSS Score: %0.35
- Published: Mar. 06, 2023
- Modified: Mar. 06, 2025
-
9.8
CRITICALCVE-2022-4399
A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7... Read more
Affected Products : nodau- EPSS Score: %0.05
- Published: Dec. 10, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-43634
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from th... Read more
Affected Products : netatalk- EPSS Score: %4.35
- Published: Mar. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-41639
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary c... Read more
- EPSS Score: %0.27
- Published: Dec. 22, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-40300
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.... Read more
Affected Products : manageengine_password_manager_pro manageengine_pam360 manageengine_access_manager_plus- EPSS Score: %46.10
- Published: Sep. 16, 2022
- Modified: Jan. 13, 2025
-
9.8
CRITICALCVE-2022-39379
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitr... Read more
- EPSS Score: %8.87
- Published: Nov. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-32985
libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.... Read more
Affected Products : gigaswitch_641_desk_v5_sfp-vi_firmware gigaswitch_642_desk_v5_sfp-2vi_firmware gigaswitch_v5_2tp\(pd-f\+\)_sfp-vi_54vdc_firmware gigaswitch_v5_2tp\(pse\+\)_sfp-vi_54vdc_firmware gigaswitch_v5_2tp_sfp-vi_54vdc_firmware gigaswitch_v5_sfp-2vi_230vac_firmware gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_firmware gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_ind_firmware gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_med_firmware gigaswitch_v5_tp_sfp-2vi_54vdc_firmware +16 more products- EPSS Score: %0.61
- Published: Jul. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31206
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant ... Read more
- EPSS Score: %0.11
- Published: Jul. 26, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31003
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can se... Read more
- EPSS Score: %4.37
- Published: May. 31, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29958
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a bl... Read more
- EPSS Score: %0.13
- Published: Jul. 26, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29873
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM ... Read more
Affected Products : 7kg8500-0aa00-0aa0_firmware 7kg8500-0aa00-2aa0_firmware 7kg8500-0aa10-0aa0_firmware 7kg8500-0aa10-2aa0_firmware 7kg8500-0aa30-0aa0_firmware 7kg8500-0aa30-2aa0_firmware 7kg8501-0aa01-0aa0_firmware 7kg8501-0aa01-2aa0_firmware 7kg8501-0aa02-0aa0_firmware 7kg8501-0aa02-2aa0_firmware +62 more products- EPSS Score: %2.69
- Published: May. 20, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28738
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.... Read more
Affected Products : ruby- EPSS Score: %0.46
- Published: May. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-24724
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption whe... Read more
- EPSS Score: %4.19
- Published: Mar. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23303
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.... Read more
- EPSS Score: %0.33
- Published: Jan. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- EPSS Score: %1.33
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.... Read more
- EPSS Score: %2.55
- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024