Export limit exceeded: 10592 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6086 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-35505 | 1 Triplecross Project | 1 Triplecross | 2024-11-21 | 7.5 High |
| A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command. | ||||
| CVE-2022-35221 | 1 Teamplus | 1 Team\+ Pro | 2024-11-21 | 5.4 Medium |
| Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service. | ||||
| CVE-2022-35220 | 1 Teamplus | 1 Team\+ Pro | 2024-11-21 | 7.7 High |
| Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application. | ||||
| CVE-2022-35219 | 2 Microsoft, Nhi | 2 Windows, Health Insurance Web Service Component | 2024-11-21 | 5.5 Medium |
| The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. | ||||
| CVE-2022-35218 | 2 Microsoft, Nhi | 2 Windows, Health Insurance Web Service Component | 2024-11-21 | 5.5 Medium |
| The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. | ||||
| CVE-2022-35111 | 1 Swftools | 1 Swftools | 2024-11-21 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a stack overflow via __sanitizer::StackDepotNode::hash(__sanitizer::StackTrace const&) at /sanitizer_common/sanitizer_stackdepot.cpp. | ||||
| CVE-2022-35107 | 1 Swftools | 1 Swftools | 2024-11-21 | 5.5 Medium |
| SWFTools commit 772e55a2 was discovered to contain a stack overflow via vfprintf at /stdio-common/vfprintf.c. | ||||
| CVE-2022-35009 | 1 Pngdec Project | 1 Pngdec | 2024-11-21 | 6.5 Medium |
| PNGDec commit 8abf6be was discovered to contain a memory allocation problem via asan_malloc_linux.cpp. | ||||
| CVE-2022-34750 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 High |
| An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty. | ||||
| CVE-2022-34592 | 1 Wavlink | 2 Wl-wn575a3, Wl-wn575a3 Firmware | 2024-11-21 | 9.8 Critical |
| Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request. | ||||
| CVE-2022-34467 | 1 Mendix | 1 Excel Importer | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the availability of the affected component. | ||||
| CVE-2022-34383 | 1 Dell | 2 Edge Gateway 5200, Edge Gateway 5200 Firmware | 2024-11-21 | 8.1 High |
| Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM. | ||||
| CVE-2022-34308 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2024-11-21 | 5.5 Medium |
| IBM CICS TX 11.1 could allow a local user to cause a denial of service due to improper load handling. IBM X-Force ID: 229437. | ||||
| CVE-2022-33977 | 1 Untangle Project | 1 Untangle | 2024-11-21 | 7.5 High |
| untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts recursive entity references in DTDs. By exploiting this vulnerability, a remote unauthenticated attacker may cause a denial-of-service (DoS) condition on the server where the product is running. | ||||
| CVE-2022-33749 | 1 Xen | 1 Xapi | 2024-11-21 | 5.3 Medium |
| XAPI open file limit DoS It is possible for an unauthenticated client on the network to cause XAPI to hit its file-descriptor limit. This causes XAPI to be unable to accept new requests for other (trusted) clients, and blocks XAPI from carrying out any tasks that require the opening of file descriptors. | ||||
| CVE-2022-32958 | 1 Teamplus | 1 Team\+ Pro | 2024-11-21 | 7.7 High |
| A remote attacker with general user privilege can send a message to Teamplus Pro’s chat group that exceeds message size limit, to terminate other recipients’ Teamplus Pro chat process. | ||||
| CVE-2022-32559 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 9.1 Critical |
| An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics. | ||||
| CVE-2022-32449 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet. | ||||
| CVE-2022-32154 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 6.8 Medium |
| Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will. | ||||
| CVE-2022-31874 | 1 Asus | 2 Rt-n53, Rt-n53 Firmware | 2024-11-21 | 9.8 Critical |
| ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface. | ||||