Latest CVE Feed
-
8.8
HIGHCVE-2022-22725
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functio... Read more
- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22724
A CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause a denial of service on ports 80 (HTTP) and 502 (Modbus), when sending a large number of TCP RST or FIN packets to any open TCP port of the PLC. Affected Product: Modicon M3... Read more
Affected Products : modicon_m340_bmxp341000_firmware modicon_m340_bmxp342010_firmware modicon_m340_bmxp342030_firmware modicon_m340_bmxp342000_firmware modicon_m340_bmxp3420102_firmware modicon_m340_bmxp3420302_firmware modicon_m340_bmxp341000 modicon_m340_bmxp342010 modicon_m340_bmxp342030 modicon_m340_bmxp3420302 +2 more products- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2022-22723
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functio... Read more
- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22722
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the pro... Read more
- Published: Feb. 04, 2022
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2022-22721
If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux macos http_server enterprise_manager_ops_center mac_os_x http_server- Published: Mar. 14, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22720
Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux macos http_server enterprise_manager_ops_center mac_os_x http_server- Published: Mar. 14, 2022
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2022-22719
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux macos http_server mac_os_x http_server- Published: Mar. 14, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2022-22718
Windows Print Spooler Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products- Actively Exploited
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
7.0
HIGHCVE-2022-22717
Windows Print Spooler Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-22716
Microsoft Excel Information Disclosure Vulnerability... Read more
- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2022-22715
Named Pipe File System Elevation of Privilege Vulnerability... Read more
Affected Products : windows_10 windows_server_2019 windows_server windows_10_1809 windows_10_20h2 windows_10_21h2 windows_server_2022 windows_11_21h2 windows_11 windows +3 more products- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
5.6
MEDIUMCVE-2022-22712
Windows Hyper-V Denial of Service Vulnerability... Read more
Affected Products : windows_10 windows_server_2019 windows_server windows_10_1809 windows_10_21h2 windows_server_2022 windows_11_21h2 windows_11 windows windows_10_21h1 +2 more products- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
5.7
MEDIUMCVE-2022-22711
Windows BitLocker Information Disclosure Vulnerability... Read more
Affected Products : windows_10 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_20h2 windows_10_21h2 windows_server_2022 windows_11_21h2 +5 more products- Published: Jul. 12, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-22710
Windows Common Log File System Driver Denial of Service Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
7.8
HIGHCVE-2022-22709
VP9 Video Extensions Remote Code Execution Vulnerability... Read more
Affected Products : vp9_video_extensions- Published: Feb. 09, 2022
- Modified: Nov. 21, 2024
-
5.9
MEDIUMCVE-2022-22707
In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. T... Read more
- Published: Jan. 06, 2022
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2022-22704
The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the configuration.... Read more
- Published: Jan. 06, 2022
- Modified: Nov. 21, 2024
-
5.5
MEDIUMCVE-2022-22703
In Stormshield SSO Agent 2.x before 2.1.1 and 3.x before 3.0.2, the cleartext user password and PSK are contained in the log file of the .exe installer.... Read more
- Published: Jan. 17, 2022
- Modified: Nov. 21, 2024
-
4.3
MEDIUMCVE-2022-22702
PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration.... Read more
Affected Products : partkeepr- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2022-22701
PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files.... Read more
Affected Products : partkeepr- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024