Export limit exceeded: 10154 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10154 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30974 | 3 Artifex, Debian, Fedoraproject | 3 Mujs, Debian Linux, Fedora | 2024-11-21 | 5.5 Medium |
| compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. | ||||
| CVE-2022-30971 | 1 Jenkins | 1 Storable Configs | 2024-11-21 | 8.8 High |
| Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-30952 | 2 Jenkins, Redhat | 3 Blue Ocean, Ocp Tools, Openshift | 2024-11-21 | 6.5 Medium |
| Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. | ||||
| CVE-2022-30945 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 8.5 High |
| Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. | ||||
| CVE-2022-30852 | 1 Withknown | 1 Known | 2024-11-21 | 4.3 Medium |
| Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR). | ||||
| CVE-2022-30780 | 1 Lighttpd | 1 Lighttpd | 2024-11-21 | 7.5 High |
| Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. | ||||
| CVE-2022-30760 | 1 Ihb-eg | 1 Fn2web | 2024-11-21 | 4.3 Medium |
| An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint. | ||||
| CVE-2022-30734 | 1 Samsung | 1 Account | 2024-11-21 | 4 Medium |
| Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | ||||
| CVE-2022-30732 | 1 Samsung | 1 Account | 2024-11-21 | 5.5 Medium |
| Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. | ||||
| CVE-2022-30728 | 1 Google | 1 Android | 2024-11-21 | 1.9 Low |
| Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | ||||
| CVE-2022-30714 | 1 Google | 1 Android | 2024-11-21 | 1.9 Low |
| Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | ||||
| CVE-2022-30706 | 1 Twinkletoessoftware | 1 Booked | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | ||||
| CVE-2022-30699 | 3 Fedoraproject, Nlnetlabs, Redhat | 4 Fedora, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten. | ||||
| CVE-2022-30698 | 3 Fedoraproject, Nlnetlabs, Redhat | 4 Fedora, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information. | ||||
| CVE-2022-30632 | 2 Golang, Redhat | 18 Go, Acm, Application Interconnect and 15 more | 2024-11-21 | 7.5 High |
| Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | ||||
| CVE-2022-30600 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 9.8 Critical |
| A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. | ||||
| CVE-2022-30562 | 1 Dahuasecurity | 80 Asi7213x, Asi7213x-t1, Asi7213x-t1 Firmware and 77 more | 2024-11-21 | 4.7 Medium |
| If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | ||||
| CVE-2022-30495 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2024-11-21 | 9.8 Critical |
| In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) | ||||
| CVE-2022-30277 | 1 Bd | 1 Synapsys | 2024-11-21 | 5.7 Medium |
| BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). | ||||
| CVE-2022-30245 | 1 Honeywell | 1 Alerton Compass | 2024-11-21 | 6.5 Medium |
| Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered. | ||||