Export limit exceeded: 35128 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35128 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30453 | 1 Shopwind | 1 Shopwind | 2024-11-21 | 9.8 Critical |
| ShopWind <= 3.4.2 has a RCE vulnerability in Database.php | ||||
| CVE-2022-30450 | 1 Waimairencms Project | 1 Waimairencms | 2024-11-21 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php | ||||
| CVE-2022-30408 | 1 Covid 19 Travel Pass Management System Project | 1 Covid 19 Travel Pass Management System | 2024-11-21 | 6.5 Medium |
| Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img. | ||||
| CVE-2022-30381 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2024-11-21 | 6.5 Medium |
| Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img. | ||||
| CVE-2022-30324 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 9.8 Critical |
| HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. | ||||
| CVE-2022-30323 | 2 Hashicorp, Redhat | 3 Go-getter, Openshift, Openstack | 2024-11-21 | 8.6 High |
| go-getter up to 1.5.11 and 2.0.2 panicked when processing password-protected ZIP files. Fixed in 1.6.1 and 2.1.0. | ||||
| CVE-2022-30322 | 2 Hashicorp, Redhat | 3 Go-getter, Openshift, Openstack | 2024-11-21 | 8.6 High |
| go-getter up to 1.5.11 and 2.0.2 allowed asymmetric resource exhaustion when go-getter processed malicious HTTP responses. Fixed in 1.6.1 and 2.1.0. | ||||
| CVE-2022-30307 | 1 Fortinet | 1 Fortios | 2024-11-21 | 3.9 Low |
| A key management error vulnerability [CWE-320] affecting the RSA SSH host key in FortiOS 7.2.0 and below, 7.0.6 and below, 6.4.9 and below may allow an unauthenticated attacker to perform a man in the middle attack. | ||||
| CVE-2022-30288 | 1 Ohler | 1 Agoo | 2024-11-21 | 7.5 High |
| Agoo before 2.14.3 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: the vendor has disputed this on the grounds that it is not the server's responsibility to "enforce all the various ways a developer could write code with logic errors. | ||||
| CVE-2022-30286 | 1 Pyscript | 1 Pyscript | 2024-11-21 | 7.5 High |
| pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code. | ||||
| CVE-2022-30242 | 1 Honeywell | 2 Alerton Ascent Control Module, Alerton Ascent Control Module Firmware | 2024-11-21 | 6.8 Medium |
| Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the knowledge of other users, altering the controller's function capabilities. The changed configuration is not updated in the User Interface, which creates an inconsistency between the configuration display and the actual configuration on the controller. After the configuration change, remediation requires reverting to the correct configuration, requiring either physical or remote access depending on the configuration that was altered. | ||||
| CVE-2022-30075 | 1 Tp-link | 2 Archer Ax50, Archer Ax50 Firmware | 2024-11-21 | 8.8 High |
| In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. | ||||
| CVE-2022-30063 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 9.8 Critical |
| ftcms <=2.1 was discovered to be vulnerable to code execution attacks . | ||||
| CVE-2022-30060 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 8.8 High |
| ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php | ||||
| CVE-2022-2806 | 3 Ovirt, Redhat, Sos Project | 3 Log Collector, Rhev Manager, Sos | 2024-11-21 | 5.5 Medium |
| It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev | ||||
| CVE-2022-2764 | 2 Netapp, Redhat | 11 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 8 more | 2024-11-21 | 4.9 Medium |
| A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. | ||||
| CVE-2022-2668 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Single Sign-on | 2024-11-21 | 7.2 High |
| An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled | ||||
| CVE-2022-2616 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. | ||||
| CVE-2022-2611 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2022-2576 | 1 Eclipse | 1 Californium | 2024-11-21 | 7.5 High |
| In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0. | ||||