Export limit exceeded: 80208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80208 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2074 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. | ||||
| CVE-2022-2073 | 1 Getgrav | 1 Grav | 2024-11-21 | 7.2 High |
| Code Injection in GitHub repository getgrav/grav prior to 1.7.34. | ||||
| CVE-2022-2053 | 1 Redhat | 5 Integration Camel K, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus and 2 more | 2024-11-21 | 7.5 High |
| When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in "All workers are in error state" and mod_cluster responds "503 Service Unavailable" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the "retry" timeout passes. However, luckily, mod_proxy_balancer has "forcerecovery" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding "503 Service Unavailable". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2. | ||||
| CVE-2022-2049 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. | ||||
| CVE-2022-2048 | 5 Debian, Eclipse, Jenkins and 2 more | 12 Debian Linux, Jetty, Jenkins and 9 more | 2024-11-21 | 7.5 High |
| In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. | ||||
| CVE-2022-2042 | 2 Apple, Vim | 2 Macos, Vim | 2024-11-21 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-2037 | 1 Tooljet | 1 Tooljet | 2024-11-21 | 8.0 High |
| Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. | ||||
| CVE-2022-2031 | 1 Samba | 1 Samba | 2024-11-21 | 8.8 High |
| A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services. | ||||
| CVE-2022-2027 | 1 Kromit | 1 Titra | 2024-11-21 | 8.0 High |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0. | ||||
| CVE-2022-2013 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Deploy | 2024-11-21 | 7.5 High |
| In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space. | ||||
| CVE-2022-2011 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-2008 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-2007 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 8.8 High |
| Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-29972 | 1 Insightsoftware | 1 Magnitude Simba Amazon Redshift Odbc Driver | 2024-11-21 | 7.8 High |
| An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code. | ||||
| CVE-2022-29971 | 1 Insightsoftware | 1 Magnitude Simba Amazon Athena Odbc Driver | 2024-11-21 | 7.8 High |
| An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code. | ||||
| CVE-2022-29968 | 3 Fedoraproject, Linux, Netapp | 13 Fedora, Linux Kernel, H300s and 10 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. | ||||
| CVE-2022-29967 | 1 Glewlwyd Project | 1 Glewlwyd | 2024-11-21 | 7.5 High |
| static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal. | ||||
| CVE-2022-29957 | 1 Emerson | 1 Deltav Distributed Control System | 2024-11-21 | 7.8 High |
| The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication. It utilizes several proprietary protocols for a wide variety of functionality. These protocols include Firmware upgrade (18508/TCP, 18518/TCP); Plug-and-Play (18510/UDP); Hawk services (18507/UDP); Management (18519/TCP); Cold restart (18512/UDP); SIS communications (12345/TCP); and Wireless Gateway Protocol (18515/UDP). None of these protocols have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. | ||||
| CVE-2022-29938 | 1 Librehealth | 1 Librehealth Ehr | 2024-11-21 | 8.8 High |
| In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\billing\new_payment.php via interface\billing\payment_master.inc.php leads to SQL injection. | ||||
| CVE-2022-29937 | 1 Usu | 1 Oracle Optimization | 2024-11-21 | 8.8 High |
| USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product. | ||||