Export limit exceeded: 349431 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80141 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80141 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26979 | 2 Foxit, Microsoft | 3 Pdf Editor, Pdf Reader, Windows | 2024-11-21 | 7.5 High |
| Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL. | ||||
| CVE-2022-26975 | 1 Barco | 1 Control Room Management Suite | 2024-11-21 | 7.5 High |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. | ||||
| CVE-2022-26967 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.8 High |
| GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box. | ||||
| CVE-2022-26965 | 1 Pluck-cms | 1 Pluck | 2024-11-21 | 7.2 High |
| In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. | ||||
| CVE-2022-26953 | 1 Digi | 2 Passport, Passport Firmware | 2024-11-21 | 7.5 High |
| Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow. An attacker can supply a string in the page parameter for reboot.asp endpoint, allowing him to force an overflow when the string is concatenated to the HTML body. | ||||
| CVE-2022-26952 | 1 Digi | 2 Passport, Passport Firmware | 2024-11-21 | 7.5 High |
| Digi Passport Firmware through 1.5.1,1 is affected by a buffer overflow in the function for building the Location header string when an unauthenticated user is redirected to the authentication page. | ||||
| CVE-2022-26943 | 1 Motorola | 5 Mtm5000 Series Firmware, Mtm5400, Mtm5400 Firmware and 2 more | 2024-11-21 | 8.8 High |
| The Motorola MTM5000 series firmwares generate TETRA authentication challenges using a PRNG using a tick count register as its sole entropy source. Low boottime entropy and limited re-seeding of the pool renders the authentication challenge vulnerable to two attacks. First, due to the limited boottime pool entropy, an adversary can derive the contents of the entropy pool by an exhaustive search of possible values, based on an observed authentication challenge. Second, an adversary can use knowledge of the entropy pool to predict authentication challenges. As such, the unit is vulnerable to CVE-2022-24400. | ||||
| CVE-2022-26942 | 1 Motorola | 5 Mtm5000 Series Firmware, Mtm5400, Mtm5400 Firmware and 2 more | 2024-11-21 | 8.2 High |
| The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment (TEE) modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure supervisor level code execution can exploit the issue in order to gain secure supervisor code execution within the TEE. This constitutes a full break of the TEE module, exposing the device key as well as any TETRA cryptographic keys and the confidential TETRA cryptographic primitives. | ||||
| CVE-2022-26890 | 1 F5 | 3 Big-ip Access Policy Manager, Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2024-11-21 | 7.5 High |
| On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the "Use APM Username and Session ID" option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2022-26889 | 1 Splunk | 1 Splunk | 2024-11-21 | 8.8 High |
| In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing). | ||||
| CVE-2022-26861 | 1 Dell | 798 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3980 and 795 more | 2024-11-21 | 7.9 High |
| Dell BIOS versions contain an Insecure Automated Optimization vulnerability. A local authenticated malicious user could exploit this vulnerability by sending malicious input via SMI to obtain arbitrary code execution during SMM. | ||||
| CVE-2022-26860 | 1 Dell | 798 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3980 and 795 more | 2024-11-21 | 7.5 High |
| Dell BIOS versions contain a stack-based buffer overflow vulnerability. A local attacker could exploit this vulnerability by sending malicious input via SMI to bypass security checks resulting in arbitrary code execution in SMM. | ||||
| CVE-2022-26856 | 1 Dell | 1 Emc Repository Manager | 2024-11-21 | 8.2 High |
| Dell EMC Repository Manager version 3.4.0 contains a plain-text password storage vulnerability. A local attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application's database with privileges of the compromised account. | ||||
| CVE-2022-26854 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 8.1 High |
| Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain risky cryptographic algorithms. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access | ||||
| CVE-2022-26852 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 8.1 High |
| Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a predictable seed in pseudo-random number generator. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to an account compromise. | ||||
| CVE-2022-26846 | 2 Debian, Spip | 2 Debian Linux, Spip | 2024-11-21 | 8.8 High |
| SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. | ||||
| CVE-2022-26834 | 1 Rakuten | 1 Casa | 2024-11-21 | 7.5 High |
| Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default. | ||||
| CVE-2022-26779 | 1 Apache | 1 Cloudstack | 2024-11-21 | 7.5 High |
| Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack. | ||||
| CVE-2022-26757 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-11-21 | 7.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-26756 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 7.8 High |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. | ||||