Export limit exceeded: 10497 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10497 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38342 | 1 Safe | 1 Fme Server | 2024-11-21 | 8.5 High |
| Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks. | ||||
| CVE-2022-38334 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 5.5 Medium |
| XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc. | ||||
| CVE-2022-38230 | 1 Xpdf Project | 1 Xpdf | 2024-11-21 | 5.5 Medium |
| XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc. | ||||
| CVE-2022-38179 | 1 Jetbrains | 1 Ktor | 2024-11-21 | 4.7 Medium |
| JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack | ||||
| CVE-2022-38131 | 1 Rstudio | 1 Connect | 2024-11-21 | 6.1 Medium |
| RStudio Connect prior to 2023.01.0 is affected by an Open Redirect issue. The vulnerability could allow an attacker to redirect users to malicious websites. | ||||
| CVE-2022-37315 | 1 Graphql-go Project | 1 Graphql-go | 2024-11-21 | 7.5 High |
| graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser. | ||||
| CVE-2022-37300 | 1 Schneider-electric | 70 Ecostruxure Control Expert, Ecostruxure Process Expert, Modicon M340 Bmxp341000 and 67 more | 2024-11-21 | 9.8 Critical |
| A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. Affected Products: EcoStruxure Control Expert Including all Unity Pro versions (former name of EcoStruxure Control Expert) (V15.0 SP1 and prior), EcoStruxure Process Expert, Including all versions of EcoStruxure Hybrid DCS (former name of EcoStruxure Process Expert) (V2021 and prior), Modicon M340 CPU (part numbers BMXP34*) (V3.40 and prior), Modicon M580 CPU (part numbers BMEP* and BMEH*) (V3.20 and prior). | ||||
| CVE-2022-37189 | 1 Ddmal | 1 Mei2volpiano | 2024-11-21 | 7.5 High |
| DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input. | ||||
| CVE-2022-37128 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2024-11-21 | 9.8 Critical |
| In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. | ||||
| CVE-2022-36773 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 8.1 High |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571. | ||||
| CVE-2022-36539 | 1 Eigen\&wijzer Ouderapp Project | 1 Eigen\&wijzer Ouderapp | 2024-11-21 | 7.5 High |
| WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children. | ||||
| CVE-2022-36522 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | ||||
| CVE-2022-36440 | 4 Debian, Fedoraproject, Frrouting and 1 more | 4 Debian Linux, Fedora, Frrouting and 1 more | 2024-11-21 | 7.5 High |
| A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS. | ||||
| CVE-2022-36364 | 1 Apache | 1 Apache Calcite Avatica | 2024-11-21 | 8.8 High |
| Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution. To exploit the vulnerability: 1) the attacker needs to have privileges to control JDBC connection parameters; 2) and there should be a vulnerable class (constructor with URL parameter and ability to execute code) in the classpath. From Apache Calcite Avatica 1.22.0 onwards, it will be verified that the class implements the expected interface before invoking its constructor. | ||||
| CVE-2022-36302 | 1 Bosch | 1 Bf-os | 2024-11-21 | 8.8 High |
| File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information. | ||||
| CVE-2022-36202 | 1 Doctor\'s Appointment System Project | 1 Doctor\'s Appointment System | 2024-11-21 | 9.8 Critical |
| Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter. | ||||
| CVE-2022-36148 | 1 Fdkaac Project | 1 Fdkaac | 2024-11-21 | 5.5 Medium |
| fdkaac commit 53fe239 was discovered to contain a floating point exception (FPE) via wav_open at /src/wav_reader.c. | ||||
| CVE-2022-35741 | 1 Apache | 1 Cloudstack | 2024-11-21 | 9.8 Critical |
| Apache CloudStack version 4.5.0 and later has a SAML 2.0 authentication Service Provider plugin which is found to be vulnerable to XML external entity (XXE) injection. This plugin is not enabled by default and the attacker would require that this plugin be enabled to exploit the vulnerability. When the SAML 2.0 plugin is enabled in affected versions of Apache CloudStack could potentially allow the exploitation of XXE vulnerabilities. The SAML 2.0 messages constructed during the authentication flow in Apache CloudStack are XML-based and the XML data is parsed by various standard libraries that are now understood to be vulnerable to XXE injection attacks such as arbitrary file reading, possible denial of service, server-side request forgery (SSRF) on the CloudStack management server. | ||||
| CVE-2022-35728 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-11-21 | 8.1 High |
| In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user's iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-35652 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 6.1 Medium |
| An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information. | ||||