Export limit exceeded: 350717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80646 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80646 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37779 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2024-11-21 | 7.2 High |
| Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the sendnum parameter of the ping function. | ||||
| CVE-2022-37778 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2024-11-21 | 7.2 High |
| Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers V3.0.1.17 were discovered to contain a remote command execution (RCE) vulnerability via the current_time parameter of the time function. | ||||
| CVE-2022-37777 | 1 Phicomm | 8 Fir151b, Fir151b Firmware, Fir300b and 5 more | 2024-11-21 | 7.2 High |
| Phicomm FIR151B A2, FIR302E A2, FIR300B A2, FIR303B A2 routers 3.0.1.17 and earlier were discovered to contain a remote command execution (RCE) vulnerability via the trHops parameter of the tracert function. | ||||
| CVE-2022-37768 | 1 Jpeg | 1 Libjpeg | 2024-11-21 | 7.5 High |
| libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer. | ||||
| CVE-2022-37734 | 2 Graphql-java Project, Redhat | 4 Graphql-java, Openshift Application Runtimes, Quarkus and 1 more | 2024-11-21 | 7.5 High |
| graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9. | ||||
| CVE-2022-37730 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 8.8 High |
| In ftcms 2.1, there is a Cross Site Request Forgery (CSRF) vulnerability in the PHP page, which causes the attacker to forge a link to trick him to click on a malicious link or visit a page containing attack code, and send a request to the server (corresponding to the identity authentication information) as the victim without the victim's knowledge. | ||||
| CVE-2022-37700 | 1 Easycorp | 1 Zentao | 2024-11-21 | 7.5 High |
| Zentao Demo15 is vulnerable to Directory Traversal. The impact is: obtain sensitive information (remote). The component is: URL : view-source:https://demo15.zentao.pm/user-login.html/zentao/index.php?mode=getconfig. | ||||
| CVE-2022-37459 | 1 Amperecomputing | 4 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 1 more | 2024-11-21 | 7.8 High |
| Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue. | ||||
| CVE-2022-37458 | 1 Discourse | 1 Discourse | 2024-11-21 | 7.2 High |
| Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate. | ||||
| CVE-2022-37451 | 2 Exim, Fedoraproject | 2 Exim, Fedora | 2024-11-21 | 7.5 High |
| Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. | ||||
| CVE-2022-37437 | 1 Splunk | 1 Splunk | 2024-11-21 | 7.4 High |
| When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions. | ||||
| CVE-2022-37435 | 1 Apache | 1 Shenyu | 2024-11-21 | 8.8 High |
| Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. | ||||
| CVE-2022-37423 | 1 Neo4j | 1 Awesome Procedures On Cypher | 2024-11-21 | 7.5 High |
| Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream. | ||||
| CVE-2022-37422 | 1 Payara | 1 Payara | 2024-11-21 | 7.5 High |
| Payara through 5.2022.2 allows directory traversal without authentication. This affects Payara Server, Payara Micro, and Payara Server Embedded. | ||||
| CVE-2022-37415 | 1 Uniwill | 1 Sparkio.sys | 2024-11-21 | 7.8 High |
| The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008. | ||||
| CVE-2022-37401 | 1 Apache | 1 Openoffice | 2024-11-21 | 8.8 High |
| Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOffice | ||||
| CVE-2022-37400 | 1 Apache | 1 Openoffice | 2024-11-21 | 8.8 High |
| Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOffice | ||||
| CVE-2022-37398 | 1 Asustor | 1 Adm | 2024-11-21 | 7.1 High |
| A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below. | ||||
| CVE-2022-37397 | 1 Yugabyte | 1 Yugabytedb | 2024-11-21 | 8.3 High |
| An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password. | ||||
| CVE-2022-37393 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 7.8 High |
| Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. As part of its intended functionality, zmslapd can load a user-defined configuration file, which includes plugins in the form of .so files, which also execute as root. | ||||