Export limit exceeded: 20105 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20105 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2344 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. | ||||
| CVE-2022-2314 | 1 Vr Calendar Project | 1 Vr Calendar | 2024-11-21 | 9.8 Critical |
| The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site. | ||||
| CVE-2022-2288 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. | ||||
| CVE-2022-2274 | 2 Netapp, Openssl | 12 H300s, H300s Firmware, H410c and 9 more | 2024-11-21 | 9.8 Critical |
| The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. | ||||
| CVE-2022-2210 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-2185 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.9 Critical |
| A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where an authenticated user authorized to import projects could import a maliciously crafted project leading to remote code execution. | ||||
| CVE-2022-2125 | 3 Apple, Fedoraproject, Vim | 3 Macos, Fedora, Vim | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-2061 | 1 Chafa Project | 1 Chafa | 2024-11-21 | 3.3 Low |
| Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0. | ||||
| CVE-2022-29937 | 1 Usu | 1 Oracle Optimization | 2024-11-21 | 8.8 High |
| USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product. | ||||
| CVE-2022-29824 | 6 Debian, Fedoraproject, Netapp and 3 more | 26 Debian Linux, Fedora, Active Iq Unified Manager and 23 more | 2024-11-21 | 6.5 Medium |
| In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. | ||||
| CVE-2022-29777 | 1 Onlyoffice | 2 Core, Document Server | 2024-11-21 | 9.8 Critical |
| Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. | ||||
| CVE-2022-29776 | 1 Onlyoffice | 2 Core, Document Server | 2024-11-21 | 9.8 Critical |
| Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | ||||
| CVE-2022-29643 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the macAddress parameter in the function setMacQos. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2022-29642 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the url parameter in the function setUrlFilterRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2022-29641 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the startTime and endTime parameters in the function setParentalRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2022-29640 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setPortForwardRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2022-29638 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 7.5 High |
| TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 were discovered to contain a stack overflow via the comment parameter in the function setIpQosRules. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | ||||
| CVE-2022-29616 | 1 Sap | 3 Netweaver As Abap Kernel, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc | 2024-11-21 | 7.5 High |
| SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption. | ||||
| CVE-2022-29592 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2024-11-21 | 9.8 Critical |
| Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route). | ||||
| CVE-2022-29539 | 1 Resi | 1 Gemini-net | 2024-11-21 | 9.8 Critical |
| resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection. It does not properly check the parameters sent as input before they are processed on the server. Due to the lack of validation of user input, an unauthenticated attacker can bypass the syntax intended by the software (e.g., concatenate `&|;\r\ commands) and inject arbitrary system commands with the privileges of the application user. | ||||