Export limit exceeded: 80142 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80142 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27535 | 2 Kaspersky, Microsoft | 2 Vpn Secure Connection, Windows | 2024-11-21 | 7.8 High |
| Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its 'Delete All Service Data And Reports' feature by the local authenticated attacker. | ||||
| CVE-2022-27532 | 1 Autodesk | 1 3ds Max | 2024-11-21 | 7.8 High |
| A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution. | ||||
| CVE-2022-27531 | 1 Autodesk | 1 3ds Max | 2024-11-21 | 7.8 High |
| A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-27530 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2024-11-21 | 7.8 High |
| A maliciously crafted TIF or PICT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to write beyond the allocated buffer through Buffer overflow vulnerability. This vulnerability may be exploited to execute arbitrary code. | ||||
| CVE-2022-27529 | 1 Autodesk | 10 Advance Steel, Autocad, Autocad Architecture and 7 more | 2024-11-21 | 7.8 High |
| A maliciously crafted PICT, BMP, PSD or TIF file in Autodesk AutoCAD 2022, 2021, 2020, 2019 may be used to write beyond the allocated buffer while parsing PICT, BMP, PSD or TIF file. This vulnerability may be exploited to execute arbitrary code. | ||||
| CVE-2022-27528 | 1 Autodesk | 1 Navisworks | 2024-11-21 | 7.8 High |
| A maliciously crafted DWFX and SKP files in Autodesk Navisworks 2022 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. | ||||
| CVE-2022-27527 | 1 Autodesk | 1 Navisworks | 2024-11-21 | 7.8 High |
| A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020. | ||||
| CVE-2022-27526 | 1 Autodesk | 1 Design Review | 2024-11-21 | 7.8 High |
| A malicious crafted TGA file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-27525 | 1 Autodesk | 1 Design Review | 2024-11-21 | 7.8 High |
| A malicious crafted .dwf or .pct file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-27524 | 1 Autodesk | 1 Dwg Trueview | 2024-11-21 | 7.1 High |
| An out-of-bounds read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-27523 | 1 Autodesk | 1 Dwg Trueview | 2024-11-21 | 7.1 High |
| A buffer over-read can be exploited in Autodesk TrueView 2022 may lead to an exposure of sensitive information or a crash through using a maliciously crafted DWG file as an Input. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | ||||
| CVE-2022-27511 | 1 Citrix | 1 Application Delivery Management | 2024-11-21 | 8.1 High |
| Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted. | ||||
| CVE-2022-27502 | 2 Microsoft, Realvnc | 2 Windows, Vnc Server | 2024-11-21 | 7.8 High |
| RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. | ||||
| CVE-2022-27489 | 1 Fortinet | 2 Fortiextender, Fortiextender Firmware | 2024-11-21 | 7 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests. | ||||
| CVE-2022-27488 | 1 Fortinet | 6 Fortiai, Fortimail, Fortindr and 3 more | 2024-11-21 | 7.5 High |
| A cross-site request forgery (CSRF) in Fortinet FortiVoiceEnterprise version 6.4.x, 6.0.x, FortiSwitch version 7.0.0 through 7.0.4, 6.4.0 through 6.4.10, 6.2.0 through 6.2.7, 6.0.x, FortiMail version 7.0.0 through 7.0.3, 6.4.0 through 6.4.6, 6.2.x, 6.0.x FortiRecorder version 6.4.0 through 6.4.2, 6.0.x, 2.7.x, 2.6.x, FortiNDR version 1.x.x allows a remote unauthenticated attacker to execute commands on the CLI via tricking an authenticated administrator to execute malicious GET requests. | ||||
| CVE-2022-27487 | 1 Fortinet | 2 Fortideceptor, Fortisandbox | 2024-11-21 | 8.3 High |
| A improper privilege management in Fortinet FortiSandbox version 4.2.0 through 4.2.2, 4.0.0 through 4.0.2 and before 3.2.3 and FortiDeceptor version 4.1.0, 4.0.0 through 4.0.2 and before 3.3.3 allows a remote authenticated attacker to perform unauthorized API calls via crafted HTTP or HTTPS requests. | ||||
| CVE-2022-27483 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 7.2 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager version 7.0.0 through 7.0.3, 6.4.0 through 6.4.7, 6.2.x and 6.0.x and FortiAnalyzer version 7.0.0 through 7.0.3, version 6.4.0 through 6.4.7, 6.2.x and 6.0.x allows attacker to execute arbitrary shell code as `root` user via `diagnose system` CLI commands. | ||||
| CVE-2022-27482 | 1 Fortinet | 1 Fortiadc | 2024-11-21 | 7.4 High |
| A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiADC version 7.0.0 through 7.0.1, 6.2.0 through 6.2.2, 6.1.0 through 6.1.6, 6.0.x, 5.x.x allows attacker to execute arbitrary shell code as `root` via CLI commands. | ||||
| CVE-2022-27480 | 1 Siemens | 4 Sicam A8000 Cp-8031, Sicam A8000 Cp-8031 Firmware, Sicam A8000 Cp-8050 and 1 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. | ||||
| CVE-2022-27478 | 1 Victor Cms Project | 1 Victor Cms | 2024-11-21 | 8.8 High |
| Victor v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component admin/profile.php?section=admin. | ||||