Export limit exceeded: 349376 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35128 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35128 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32864 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to disclose kernel memory. | ||||
| CVE-2022-32854 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2024-11-21 | 5.5 Medium |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur 11.7. An app may be able to bypass Privacy preferences. | ||||
| CVE-2022-32795 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 4.3 Medium |
| This issue was addressed with improved checks. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. Visiting a malicious website may lead to address bar spoofing. | ||||
| CVE-2022-32751 | 1 Ibm | 1 Security Verify Directory | 2024-11-21 | 5.3 Medium |
| IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437. | ||||
| CVE-2022-32742 | 2 Redhat, Samba | 4 Enterprise Linux, Rhev Hypervisor, Storage and 1 more | 2024-11-21 | 4.3 Medium |
| A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). | ||||
| CVE-2022-32741 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.3 Medium |
| Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time. | ||||
| CVE-2022-32740 | 1 Otrs | 1 Otrs | 2024-11-21 | 3.5 Low |
| A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. | ||||
| CVE-2022-32739 | 1 Otrs | 2 Calendar Resource Planning, Otrs | 2024-11-21 | 3.5 Low |
| When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. | ||||
| CVE-2022-32564 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. | ||||
| CVE-2022-32561 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network. | ||||
| CVE-2022-32558 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure. | ||||
| CVE-2022-32554 | 1 Purestorage | 2 Purity\/\/fa, Purity\/\/fb | 2024-11-21 | 9.8 Critical |
| Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. | ||||
| CVE-2022-32553 | 1 Purestorage | 2 Purity\/\/fa, Purity\/\/fb | 2024-11-21 | 8.8 High |
| Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. | ||||
| CVE-2022-32552 | 1 Purestorage | 2 Purity\/\/fa, Purity\/\/fb | 2024-11-21 | 8.8 High |
| Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. | ||||
| CVE-2022-32550 | 1 1password | 6 1password, 1password In The Browser, Command-line and 3 more | 2024-11-21 | 4.8 Medium |
| An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service. | ||||
| CVE-2022-32533 | 1 Apache | 2 Jetspeed, Portals Jetspeed | 2024-11-21 | 9.8 Critical |
| Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue | ||||
| CVE-2022-32511 | 2 Fedoraproject, Jmespath Project | 2 Fedora, Jmespath | 2024-11-21 | 9.8 Critical |
| jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. | ||||
| CVE-2022-32481 | 1 Dell | 1 Powerprotect Cyber Recovery | 2024-11-21 | 7.8 High |
| Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover. | ||||
| CVE-2022-32420 | 1 College Management System Project | 1 College Management System | 2024-11-21 | 8.8 High |
| College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. | ||||
| CVE-2022-32412 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 7.2 High |
| An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. | ||||