Export limit exceeded: 349374 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80135 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80135 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25331 | 2 Microsoft, Trendmicro | 4 Windows, Serverprotect, Serverprotect For Network Appliance Filer and 1 more | 2024-11-21 | 7.5 High |
| Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process. | ||||
| CVE-2022-25325 | 1 Omron | 1 Cx-programmer | 2024-11-21 | 7.8 High |
| Use after free vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25230. | ||||
| CVE-2022-25324 | 1 Bignum Project | 1 Bignum | 2024-11-21 | 7.5 High |
| All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks. | ||||
| CVE-2022-25308 | 2 Gnu, Redhat | 2 Fribidi, Enterprise Linux | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially crafted file to the Fribidi application, which leads to a possible memory leak or a denial of service. | ||||
| CVE-2022-25304 | 2 Asyncua Project, Opcua Project | 2 Asyncua, Opcua | 2024-11-21 | 7.5 High |
| All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | ||||
| CVE-2022-25302 | 1 Opc Ua Stack Project | 1 Opc Ua Stack | 2024-11-21 | 7.5 High |
| All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA message with a special encoded NodeId. | ||||
| CVE-2022-25301 | 1 Jsgui-lang-essentials Project | 1 Jsgui-lang-essentials | 2024-11-21 | 7.7 High |
| All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype. | ||||
| CVE-2022-25298 | 1 Webcc Project | 1 Webcc | 2024-11-21 | 7.5 High |
| This affects the package sprinfall/webcc before 0.3.0. It is possible to traverse directories to fetch arbitrary files from the server. | ||||
| CVE-2022-25297 | 1 Drogon | 1 Drogon | 2024-11-21 | 7.5 High |
| This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save() method may enable attackers to write files to arbitrary locations outside the designated target folder. | ||||
| CVE-2022-25294 | 2 Microsoft, Proofpoint | 2 Windows, Insider Threat Management | 2024-11-21 | 7.8 High |
| Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal. | ||||
| CVE-2022-25293 | 1 Watchguard | 1 Fireware | 2024-11-21 | 8.8 High |
| A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | ||||
| CVE-2022-25292 | 1 Watchguard | 1 Fireware | 2024-11-21 | 8.8 High |
| A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | ||||
| CVE-2022-25291 | 1 Watchguard | 1 Fireware | 2024-11-21 | 8.8 High |
| An integer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to trigger a heap-based buffer overflow and potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | ||||
| CVE-2022-25271 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2024-11-21 | 7.5 High |
| Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. | ||||
| CVE-2022-25268 | 1 Passwork | 1 Passwork | 2024-11-21 | 8.8 High |
| Passwork On-Premise Edition before 4.6.13 allows CSRF via the groups, password, and history subsystems. | ||||
| CVE-2022-25267 | 1 Passwork | 1 Passwork | 2024-11-21 | 8.8 High |
| Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal (to upload files). | ||||
| CVE-2022-25265 | 3 Linux, Netapp, Redhat | 20 Linux Kernel, Baseboard Management Controller Firmware, H300e and 17 more | 2024-11-21 | 7.8 High |
| In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file. | ||||
| CVE-2022-25264 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2021.2.3, environment variables of the "password" type could be logged in some cases. | ||||
| CVE-2022-25255 | 4 Linux, Opengroup, Qt and 1 more | 4 Linux Kernel, Unix, Qt and 1 more | 2024-11-21 | 7.8 High |
| In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH. | ||||
| CVE-2022-25242 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 8.8 High |
| In FileCloud before 21.3, file upload is not protected against Cross-Site Request Forgery (CSRF). | ||||