Latest CVE Feed
-
7.5
HIGHCVE-2022-23308
valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes.... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux active_iq_unified_manager h410c_firmware ontap_select_deploy_administration_utility solidfire_\&_hci_management_node macos libxml2 snapmanager +34 more products- EPSS Score: %0.05
- Published: Feb. 26, 2022
- Modified: May. 05, 2025
-
10.0
HIGHCVE-2022-23221
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.... Read more
- EPSS Score: %27.50
- Published: Jan. 19, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-23219
The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a... Read more
Affected Products : debian_linux communications_cloud_native_core_network_repository_function communications_cloud_native_core_unified_data_repository glibc communications_cloud_native_core_network_function_cloud_native_environment communications_cloud_native_core_binding_support_function communications_cloud_native_core_security_edge_protection_proxy enterprise_operations_monitor- EPSS Score: %0.40
- Published: Jan. 14, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-23218
The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a ... Read more
- EPSS Score: %0.40
- Published: Jan. 14, 2022
- Modified: May. 05, 2025
-
8.8
HIGHCVE-2022-23182
Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.... Read more
Affected Products : data_center_manager- EPSS Score: %0.29
- Published: Aug. 18, 2022
- Modified: May. 05, 2025
-
7.8
HIGHCVE-2022-23095
Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current proc... Read more
- EPSS Score: %0.64
- Published: Jan. 15, 2022
- Modified: May. 05, 2025
-
8.8
HIGHCVE-2022-22967
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This aff... Read more
Affected Products : salt- EPSS Score: %0.44
- Published: Jun. 23, 2022
- Modified: May. 05, 2025
-
8.8
HIGHCVE-2022-22941
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorr... Read more
Affected Products : salt- EPSS Score: %0.02
- Published: Mar. 29, 2022
- Modified: May. 05, 2025
-
8.8
HIGHCVE-2022-22936
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File ser... Read more
Affected Products : salt- EPSS Score: %0.07
- Published: Mar. 29, 2022
- Modified: May. 05, 2025
-
4.3
MEDIUMCVE-2022-22935
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a master.... Read more
Affected Products : salt- EPSS Score: %0.07
- Published: Mar. 29, 2022
- Modified: May. 05, 2025
-
8.8
HIGHCVE-2022-22827
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- EPSS Score: %0.28
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
8.8
HIGHCVE-2022-22826
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- EPSS Score: %0.21
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
8.8
HIGHCVE-2022-22825
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- EPSS Score: %0.21
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22824
defineAttribute in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- EPSS Score: %0.43
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22823
build_model in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- EPSS Score: %0.43
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- EPSS Score: %1.33
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22730
Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.... Read more
Affected Products : edge_insights_for_industrial- EPSS Score: %0.40
- Published: Aug. 18, 2022
- Modified: May. 05, 2025
-
7.3
HIGHCVE-2022-22139
Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more
Affected Products : extreme_tuning_utility- EPSS Score: %0.21
- Published: May. 12, 2022
- Modified: May. 05, 2025
-
7.8
HIGHCVE-2022-21812
Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more
Affected Products : hardware_accelerated_execution_manager- EPSS Score: %0.14
- Published: Aug. 18, 2022
- Modified: May. 05, 2025
-
7.8
HIGHCVE-2022-21807
Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.... Read more
Affected Products : vtune_profiler- EPSS Score: %0.07
- Published: Aug. 18, 2022
- Modified: May. 05, 2025