Export limit exceeded: 80499 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80499 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33213 | 1 Qualcomm | 418 Apq8009, Apq8009 Firmware, Apq8009w and 415 more | 2024-11-21 | 7.5 High |
| Memory corruption in modem due to buffer overflow while processing a PPP packet | ||||
| CVE-2022-33208 | 1 Omron | 113 Na5-12w, Na5-12w Firmware, Na5-15w and 110 more | 2024-11-21 | 8.1 High |
| Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller. | ||||
| CVE-2022-33203 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Ssl Orchestrator | 2024-11-21 | 7.5 High |
| In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-33202 | 1 Softcreate | 1 L2blocker | 2024-11-21 | 8.1 High |
| Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor. | ||||
| CVE-2022-33173 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 7.5 High |
| An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. Analytics Remote Links may temporarily downgrade to non-TLS connection to determine the TLS port number, using SCRAM-SHA instead. | ||||
| CVE-2022-33164 | 1 Ibm | 1 Security Directory Server | 2024-11-21 | 8.7 High |
| IBM Security Directory Server 7.2.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view or write to arbitrary files on the system. IBM X-Force ID: 228579. | ||||
| CVE-2022-33158 | 2 Microsoft, Trendmicro | 2 Windows, Vpn Proxy One Pro | 2024-11-21 | 7.8 High |
| Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. | ||||
| CVE-2022-33140 | 3 Apache, Apple, Linux | 4 Nifi, Nifi Registry, Macos and 1 more | 2024-11-21 | 8.8 High |
| The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments. | ||||
| CVE-2022-33138 | 1 Siemens | 12 Simatic Mv540 H, Simatic Mv540 H Firmware, Simatic Mv540 S and 9 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). Affected devices do not perform authentication for several web API endpoints. This could allow an unauthenticated remote attacker to read and download data from the device. | ||||
| CVE-2022-33137 | 1 Siemens | 12 Simatic Mv540 H, Simatic Mv540 H Firmware, Simatic Mv540 S and 9 more | 2024-11-21 | 8.0 High |
| A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions. | ||||
| CVE-2022-33121 | 1 1234n | 1 Minicms | 2024-11-21 | 8.1 High |
| A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link. | ||||
| CVE-2022-33114 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 7.2 High |
| Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. | ||||
| CVE-2022-33108 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 7.8 High |
| XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. | ||||
| CVE-2022-33105 | 1 Redis | 1 Redis | 2024-11-21 | 7.5 High |
| Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. | ||||
| CVE-2022-33099 | 3 Fedoraproject, Lua, Redhat | 3 Fedora, Lua, Enterprise Linux | 2024-11-21 | 7.5 High |
| An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. | ||||
| CVE-2022-33097 | 1 74cms | 1 74cmsse | 2024-11-21 | 7.5 High |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job. | ||||
| CVE-2022-33096 | 1 74cms | 1 74cmsse | 2024-11-21 | 7.5 High |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index. | ||||
| CVE-2022-33095 | 1 74cms | 1 74cmsse | 2024-11-21 | 7.5 High |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. | ||||
| CVE-2022-33094 | 1 74cms | 1 74cmsse | 2024-11-21 | 7.5 High |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map. | ||||
| CVE-2022-33093 | 1 74cms | 1 74cmsse | 2024-11-21 | 7.5 High |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list. | ||||