Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 7.5

    HIGH
    CVE-2022-22257

    The customization framework has a vulnerability of improper permission control.Successful exploitation of this vulnerability may affect data integrity.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-22256

    The DFX module has an access control vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-22255

    The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.... Read more

    Affected Products : emui harmonyos
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-22254

    A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation of this vulnerability may affect data confidentiality.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-22253

    The DFX module has a vulnerability of improper validation of integrity check values.Successful exploitation of this vulnerability may affect system stability.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: Apr. 11, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-22252

    The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.... Read more

    Affected Products : emui harmonyos magic_ui
    • Published: May. 13, 2022
    • Modified: Nov. 21, 2024

  • 7.8

    HIGH
    CVE-2022-22251

    On cSRX Series devices software permission issues in the container filesystem and stored files combined with storing passwords in a recoverable format in Juniper Networks Junos OS allows a local, low-privileged attacker to elevate their permissions to tak... Read more

    Affected Products : junos csrx
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-22250

    An Improper Control of a Resource Through its Lifetime vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows unauthenticated adjacent attacker to cause a Denial of Service (DoS). In an EVPN-MPLS scenario,... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-22249

    An Improper Control of a Resource Through its Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). When there is a continuous... Read more

    Affected Products : junos mx10 mx104 mx2010 mx2020 mx240 mx40 mx480 mx80 mx960 +8 more products
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.3

    HIGH
    CVE-2022-22248

    An Incorrect Permission Assignment vulnerability in shell processing of Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands within... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 7.5

    HIGH
    CVE-2022-22247

    An Improper Input Validation vulnerability in ingress TCP segment processing of Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker to send a crafted TCP segment to the device, triggering a kernel panic, leading to a Denial o... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-22246

    A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged authenticated attacker to execute an untrusted PHP file. By chaining this vulnerability with other unspecified vulnerabilities, a... Read more

    Affected Products : junos
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-22245

    A Path Traversal vulnerability in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to upload arbitrary files to the device by bypassing validation checks built into Junos OS. The attacker should not be able to execute the ... Read more

    Affected Products : junos
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.3

    MEDIUM
    CVE-2022-22244

    An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker sending a crafted POST to reach the XPath channel, which may allow chaining to other unspecified vulnerabilities, leading to a partial ... Read more

    Affected Products : junos
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 4.3

    MEDIUM
    CVE-2022-22243

    An XPath Injection vulnerability due to Improper Input Validation in the J-Web component of Juniper Networks Junos OS allows an authenticated attacker to add an XPath command to the XPath stream, which may allow chaining to other unspecified vulnerabiliti... Read more

    Affected Products : junos
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.1

    MEDIUM
    CVE-2022-22242

    A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This is... Read more

    Affected Products : junos
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 9.8

    CRITICAL
    CVE-2022-22241

    An Improper Input Validation vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data without proper authorization. Utilizing a crafted POST request, deserialization may occur which could lead ... Read more

    Affected Products : junos
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 5.5

    MEDIUM
    CVE-2022-22240

    An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privil... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 8.8

    HIGH
    CVE-2022-22239

    An Execution with Unnecessary Privileges vulnerability in Management Daemon (mgd) of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. T... Read more

    Affected Products : junos_os_evolved
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024

  • 6.5

    MEDIUM
    CVE-2022-22238

    An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When an incoming ... Read more

    Affected Products : junos junos_os_evolved
    • Published: Oct. 18, 2022
    • Modified: Nov. 21, 2024
Showing 20 of 294863 Results