Export limit exceeded: 341258 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33272 | 1 Qualcomm | 98 Ar8035, Ar8035 Firmware, Qca6390 and 95 more | 2024-11-21 | 7.5 High |
| Transient DOS in modem due to reachable assertion. | ||||
| CVE-2022-33254 | 1 Qualcomm | 128 Aqt1000, Aqt1000 Firmware, Ar8035 and 125 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in Modem while processing SIB1 Message. | ||||
| CVE-2022-33251 | 1 Qualcomm | 148 315 5g Iot Modem, 315 5g Iot Modem Firmware, Ar8035 and 145 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in Modem because of invalid network configuration. | ||||
| CVE-2022-33250 | 1 Qualcomm | 130 Ar8035, Ar8035 Firmware, Qca6390 and 127 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover. | ||||
| CVE-2022-33244 | 1 Qualcomm | 78 Ar8035, Ar8035 Firmware, Qca6391 and 75 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in modem during MIB reception and SIB timeout | ||||
| CVE-2022-33137 | 1 Siemens | 12 Simatic Mv540 H, Simatic Mv540 H Firmware, Simatic Mv540 S and 9 more | 2024-11-21 | 8.0 High |
| A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). The web session management of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users' sessions. | ||||
| CVE-2022-33069 | 1 Soliditylang | 1 Solidity | 2024-11-21 | 5.5 Medium |
| Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment() at SMTEncoder.cpp. | ||||
| CVE-2022-33024 | 1 Gnu | 1 Libredwg | 2024-11-21 | 7.5 High |
| There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. | ||||
| CVE-2022-32978 | 1 Jpeg | 1 Libjpeg | 2024-11-21 | 6.5 Medium |
| There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. | ||||
| CVE-2022-32759 | 1 Ibm | 4 Security Directory Integrator, Security Directory Server, Security Verify Access and 1 more | 2024-11-21 | 5.3 Medium |
| IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. | ||||
| CVE-2022-32755 | 1 Ibm | 3 Security Directory Server, Security Directory Suite, Security Verify Directory | 2024-11-21 | 5.5 Medium |
| IBM Security Directory Server 6.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228505. | ||||
| CVE-2022-32458 | 1 Digiwin | 1 Business Process Management | 2024-11-21 | 7.5 High |
| Digiwin BPM has a XML External Entity Injection (XXE) vulnerability due to insufficient validation for user input. An unauthenticated remote attacker can perform XML injection attack to access arbitrary system files. | ||||
| CVE-2022-32285 | 1 Mendix | 1 Saml | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances. | ||||
| CVE-2022-32082 | 3 Fedoraproject, Mariadb, Redhat | 4 Fedora, Mariadb, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. | ||||
| CVE-2022-31775 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 9.1 Critical |
| IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228359. | ||||
| CVE-2022-31677 | 1 Vmware | 1 Pinniped | 2024-11-21 | 5.4 Medium |
| An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow. | ||||
| CVE-2022-31620 | 1 Libjpeg Project | 1 Libjpeg | 2024-11-21 | 6.5 Medium |
| In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan. | ||||
| CVE-2022-31471 | 1 Untangle Project | 1 Untangle | 2024-11-21 | 7.5 High |
| untangle is a python library to convert XML data to python objects. untangle versions 1.2.0 and earlier improperly restricts XML external entity references. By exploiting this vulnerability, a remote unauthenticated attacker may read the contents of local files. | ||||
| CVE-2022-31447 | 1 Magicpin | 1 Magicpin | 2024-11-21 | 7.5 High |
| An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file. | ||||
| CVE-2022-31261 | 1 Morpheusdata | 1 Morpheus | 2024-11-21 | 7.5 High |
| An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to. | ||||