Total
3411 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43893 | 3 Apple, Ibm, Microsoft | 3 Macos, Security Verify Privilege On-premises, Windows | 2024-11-21 | 2.7 Low |
| IBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a malicious payload. IBM X-Force ID: 240634. | ||||
| CVE-2022-43740 | 1 Ibm | 1 Security Verify Access Oidc Provider | 2024-11-21 | 7.5 High |
| IBM Security Verify Access OIDC Provider could allow a remote user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 238921. | ||||
| CVE-2022-40735 | 1 Diffie-hellman Key Exchange Project | 1 Diffie-hellman Key Exchange | 2024-11-21 | 7.5 High |
| The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys. The specific situations in which calculation expense would constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details. In general, there might be an availability concern because of server-side resource consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to exploit this vulnerability and CVE-2002-20001 together. | ||||
| CVE-2022-40513 | 1 Qualcomm | 118 Csr8811, Csr8811 Firmware, Ipq5010 and 115 more | 2024-11-21 | 7.5 High |
| Transient DOS due to uncontrolled resource consumption in WLAN firmware when peer is freed in non qos state. | ||||
| CVE-2022-40318 | 3 Debian, Frrouting, Redhat | 3 Debian Linux, Frrouting, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302. | ||||
| CVE-2022-3698 | 1 Lenovo | 2 Diagnostics, Hardwarescan Plugin | 2024-11-21 | 4.4 Medium |
| A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash. | ||||
| CVE-2022-3275 | 2 Fedoraproject, Puppet | 2 Fedora, Puppetlabs-mysql | 2024-11-21 | 8.4 High |
| Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. | ||||
| CVE-2022-39194 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.9 Medium |
| An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed. | ||||
| CVE-2022-38266 | 3 Debian, Leptonica, Tesseract Project | 3 Debian Linux, Leptonica, Tesseract | 2024-11-21 | 6.5 Medium |
| An issue in the Leptonica linked library (v1.79.0) allows attackers to cause an arithmetic exception leading to a Denial of Service (DoS) via a crafted JPEG file. | ||||
| CVE-2022-37599 | 2 Redhat, Webpack.js | 2 Jboss Enterprise Bpms Platform, Loader-utils | 2024-11-21 | 7.5 High |
| A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the resourcePath variable in interpolateName.js. | ||||
| CVE-2022-37394 | 2 Openstack, Redhat | 2 Nova, Openstack | 2024-11-21 | 3.3 Low |
| An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected. | ||||
| CVE-2022-37052 | 1 Freedesktop | 1 Poppler | 2024-11-21 | 6.5 Medium |
| A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. | ||||
| CVE-2022-37051 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. | ||||
| CVE-2022-35913 | 1 Kayako | 1 Samourai | 2024-11-21 | 4.3 Medium |
| Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other's paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in Stonewallx2 before the victim can broadcast the collaborative transaction. The attacker does not signal opt in RBF, and uses the lowest fee rate. This would result in the victim being unable to perform Stonewallx2. (Note that the attacker could use multiple paynyms.) | ||||
| CVE-2022-35241 | 1 F5 | 1 Nginx Instance Manager | 2024-11-21 | 6.5 Medium |
| In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-35236 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 7.5 High |
| In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-35013 | 1 Pngdec Project | 1 Pngdec | 2024-11-21 | 6.5 Medium |
| PNGDec commit 8abf6be was discovered to contain a FPE via SaveBMP at /linux/main.cpp. | ||||
| CVE-2022-33303 | 1 Qualcomm | 42 Qca6574au, Qca6574au Firmware, Qca6595au and 39 more | 2024-11-21 | 5.5 Medium |
| Transient DOS due to uncontrolled resource consumption in Linux kernel when malformed messages are sent from the Gunyah Resource Manager message queue. | ||||
| CVE-2022-33203 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Ssl Orchestrator | 2024-11-21 | 7.5 High |
| In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-33070 | 2 Fedoraproject, Protobuf-c Project | 2 Fedora, Protobuf-c | 2024-11-21 | 5.5 Medium |
| Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | ||||