Export limit exceeded: 349538 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80179 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80179 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29484 | 1 Cybozu | 1 Garoon | 2024-11-21 | 8.1 High |
| Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. | ||||
| CVE-2022-29483 | 1 Abb | 1 E-design | 2024-11-21 | 7.8 High |
| Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | ||||
| CVE-2022-29457 | 1 Zohocorp | 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more | 2024-11-21 | 8.8 High |
| Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps. | ||||
| CVE-2022-29404 | 4 Apache, Fedoraproject, Netapp and 1 more | 5 Http Server, Fedora, Clustered Data Ontap and 2 more | 2024-11-21 | 7.5 High |
| In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. | ||||
| CVE-2022-29377 | 1 Totolink | 2 A3600r, A3600r Firmware | 2024-11-21 | 7.5 High |
| Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH. | ||||
| CVE-2022-29369 | 1 F5 | 1 Njs | 2024-11-21 | 7.5 High |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c. | ||||
| CVE-2022-29368 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.1 High |
| Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was discovered to contain an out-of-bounds read via the function fxUint8Getter at /moddable/xs/sources/xsDataView.c. | ||||
| CVE-2022-29340 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.5 High |
| GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. | ||||
| CVE-2022-29339 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.5 High |
| In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. | ||||
| CVE-2022-29333 | 1 Cyberlink | 1 Powerdirector | 2024-11-21 | 7.8 High |
| A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. | ||||
| CVE-2022-29320 | 1 Minitool | 1 Partition Wizard | 2024-11-21 | 7.8 High |
| MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | ||||
| CVE-2022-29318 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-11-21 | 7.2 High |
| An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-29315 | 1 Invicti | 1 Acunetix | 2024-11-21 | 8.8 High |
| Invicti Acunetix before 14 allows CSV injection via the Description field on the Add Targets page, if the Export CSV feature is used. | ||||
| CVE-2022-29305 | 1 Imgurl Project | 1 Imgurl | 2024-11-21 | 8.1 High |
| imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost. | ||||
| CVE-2022-29304 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2024-11-21 | 8.8 High |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility. | ||||
| CVE-2022-29298 | 1 Contec | 2 Sv-cpt-mc310, Sv-cpt-mc310 Firmware | 2024-11-21 | 7.5 High |
| SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. | ||||
| CVE-2022-29286 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 7.5 High |
| Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling. | ||||
| CVE-2022-29281 | 1 Notable | 1 Notable | 2024-11-21 | 8.8 High |
| Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths). | ||||
| CVE-2022-29266 | 1 Apache | 1 Apisix | 2024-11-21 | 7.5 High |
| In APache APISIX before 3.13.1, the jwt-auth plugin has a security issue that leaks the user's secret key because the error message returned from the dependency lua-resty-jwt contains sensitive information. | ||||
| CVE-2022-29265 | 1 Apache | 1 Nifi | 2024-11-21 | 7.5 High |
| Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: - EvaluateXPath - EvaluateXQuery - ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services. | ||||