Export limit exceeded: 16998 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2870 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34793 | 1 Jenkins | 1 Recipe | 2024-11-21 | 8.8 High |
| Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-34624 | 1 Mealie | 1 Mealie | 2024-11-21 | 5.9 Medium |
| Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request. | ||||
| CVE-2022-34144 | 1 Qualcomm | 136 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 133 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in Modem during OSI decode scheduling. | ||||
| CVE-2022-34001 | 1 Unit4 | 1 Enterprise Resource Planning | 2024-11-21 | 6.5 Medium |
| Unit4 ERP through 7.9 allows XXE via ExecuteServerProcessAsynchronously. | ||||
| CVE-2022-34000 | 1 Libjxl Project | 1 Libjxl | 2024-11-21 | 6.5 Medium |
| libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. | ||||
| CVE-2022-33272 | 1 Qualcomm | 98 Ar8035, Ar8035 Firmware, Qca6390 and 95 more | 2024-11-21 | 7.5 High |
| Transient DOS in modem due to reachable assertion. | ||||
| CVE-2022-33254 | 1 Qualcomm | 128 Aqt1000, Aqt1000 Firmware, Ar8035 and 125 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in Modem while processing SIB1 Message. | ||||
| CVE-2022-33251 | 1 Qualcomm | 148 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 145 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in Modem because of invalid network configuration. | ||||
| CVE-2022-33250 | 1 Qualcomm | 130 Ar8035, Ar8035 Firmware, Qca6390 and 127 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover. | ||||
| CVE-2022-33244 | 1 Qualcomm | 78 Ar8035, Ar8035 Firmware, Qca6391 and 75 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout | ||||
| CVE-2022-33137 | 1 Siemens | 12 Simatic Mv540 H, Simatic Mv540 H Firmware, Simatic Mv540 S and 9 more | 2024-11-21 | 8.0 High |
| A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions. | ||||
| CVE-2022-33069 | 1 Soliditylang | 1 Solidity | 2024-11-21 | 5.5 Medium |
| Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment() at SMTEncoder.cpp. | ||||
| CVE-2022-33024 | 1 Gnu | 1 Libredwg | 2024-11-21 | 7.5 High |
| There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. | ||||
| CVE-2022-32978 | 1 Jpeg | 1 Libjpeg | 2024-11-21 | 6.5 Medium |
| There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. | ||||
| CVE-2022-32759 | 1 Ibm | 4 Security Directory Integrator, Security Directory Server, Security Verify Access and 1 more | 2024-11-21 | 5.3 Medium |
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. | ||||
| CVE-2022-32755 | 1 Ibm | 3 Security Directory Server, Security Directory Suite, Security Verify Directory | 2024-11-21 | 5.5 Medium |
| IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505. | ||||
| CVE-2022-32458 | 1 Digiwin | 1 Business Process Management | 2024-11-21 | 7.5 High |
| Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files. | ||||
| CVE-2022-32285 | 1 Mendix | 1 Saml | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances. | ||||
| CVE-2022-32082 | 3 Fedoraproject, Mariadb, Redhat | 4 Fedora, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. | ||||
| CVE-2022-31775 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 9.1 Critical |
| IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228359. | ||||