Export limit exceeded: 350717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80646 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38132 | 1 Linksys | 2 Mr8300, Mr8300 Firmware | 2024-11-21 | 8.2 High |
| Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. This issue affects: Linksys MR8300 Router 1.0. | ||||
| CVE-2022-38118 | 1 Hgiga | 1 Oaklouds Portal | 2024-11-21 | 8.8 High |
| OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service. | ||||
| CVE-2022-38105 | 1 Asus | 2 Rt-ax82u, Rt-ax82u Firmware | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability exists in the cm_processREQ_NC opcode of Asus RT-AX82U 3.0.0.4.386_49674-ge182230 router's configuration service. A specially-crafted network packets can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. | ||||
| CVE-2022-38094 | 1 Allied-telesis | 2 Centrecom Ar260s, Centrecom Ar260s Firmware | 2024-11-21 | 8.8 High |
| OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. | ||||
| CVE-2022-37893 | 2 Arubanetworks, Siemens | 4 Arubaos, Instant, Scalance W1750d and 1 more | 2024-11-21 | 7.8 High |
| An authenticated command injection vulnerability exists in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system of Aruba InstantOS 6.4.x: 6.4.4.8-4.2.4.20 and below; Aruba InstantOS 6.5.x: 6.5.4.23 and below; Aruba InstantOS 8.6.x: 8.6.0.18 and below; Aruba InstantOS 8.7.x: 8.7.1.9 and below; Aruba InstantOS 8.10.x: 8.10.0.1 and below; ArubaOS 10.3.x: 10.3.1.0 and below; Aruba has released upgrades for Aruba InstantOS that address this security vulnerability. | ||||
| CVE-2022-37864 | 1 Siemens | 1 Solid Edge | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge (All Versions < SE2022MP9). The affected application contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted DWG files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-17627) | ||||
| CVE-2022-37857 | 1 Hauk Project | 1 Hauk | 2024-11-21 | 7.5 High |
| bilde2910 Hauk v1.6.1 requires a hardcoded password which by default is blank. This hardcoded password is hashed but stored within the config.php file server-side as well as in clear-text on the android client device by default. | ||||
| CVE-2022-37841 | 1 Totolink | 2 A860r, A860r Firmware | 2024-11-21 | 7.5 High |
| In TOTOLINK A860R V4.1.2cu.5182_B20201027 there is a hard coded password for root in /etc/shadow.sample. | ||||
| CVE-2022-37835 | 1 Torguard | 1 Vpn | 2024-11-21 | 7.5 High |
| Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges. | ||||
| CVE-2022-37824 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 7.8 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. | ||||
| CVE-2022-37823 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 7.8 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetVirtualSer. | ||||
| CVE-2022-37822 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 7.8 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic. | ||||
| CVE-2022-37821 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 7.8 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ProvinceCode parameter in the function formSetProvince. | ||||
| CVE-2022-37820 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 7.8 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ddnsEn parameter in the function formSetSysToolDDNS. | ||||
| CVE-2022-37819 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 7.8 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime. | ||||
| CVE-2022-37818 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 7.8 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand. | ||||
| CVE-2022-37817 | 1 Tenda | 2 Ax1803, Ax1803 Firmware | 2024-11-21 | 7.8 High |
| Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind. | ||||
| CVE-2022-37797 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2024-11-21 | 7.5 High |
| In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. It leads to null pointer dereference which crashes the server. It could be used by an external attacker to cause denial of service condition. | ||||
| CVE-2022-37783 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 7.5 High |
| All Craft CMS versions between 3.0.0 and 3.7.32 disclose password hashes of users who authenticate using their E-Mail address or username in Anti-CSRF-Tokens. Craft CMS uses a cookie called CRAFT_CSRF_TOKEN and a HTML hidden field called CRAFT_CSRF_TOKEN to avoid Cross Site Request Forgery attacks. The CRAFT_CSRF_TOKEN cookie discloses the password hash in without encoding it whereas the corresponding HTML hidden field discloses the users' password hash in a masked manner, which can be decoded by using public functions of the YII framework. | ||||
| CVE-2022-37781 | 1 Fdkaac Project | 1 Fdkaac | 2024-11-21 | 7.8 High |
| fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __interceptor_memcpy.part.46 at /sanitizer_common/sanitizer_common_interceptors.inc. | ||||