Export limit exceeded: 20093 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20093 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-23663 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 9.1 Critical |
| A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-23662 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 9.1 Critical |
| A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-23661 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 9.1 Critical |
| A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability. | ||||
| CVE-2022-23432 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 6.4 Medium |
| An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | ||||
| CVE-2022-23428 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 8.4 High |
| An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | ||||
| CVE-2022-23389 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 9.8 Critical |
| PublicCMS v4.0 was discovered to contain a remote code execution (RCE) vulnerability via the cmdarray parameter. | ||||
| CVE-2022-23318 | 1 Pcf2bdf Project | 1 Pcf2bdf | 2024-11-21 | 7.1 High |
| A heap-buffer-overflow in pcf2bdf, versions >= 1.05 allows an attacker to trigger unsafe memory access via a specially crafted PCF font file. This out-of-bound read may lead to an application crash, information disclosure via program memory or other context-dependent impact. | ||||
| CVE-2022-23100 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 9.8 Critical |
| OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment). | ||||
| CVE-2022-22997 | 2 Linux, Westerndigital | 5 Linux Kernel, My Cloud Home, My Cloud Home Duo and 2 more | 2024-11-21 | 6.8 Medium |
| Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices. | ||||
| CVE-2022-22991 | 1 Westerndigital | 11 My Cloud, My Cloud Dl2100, My Cloud Dl4100 and 8 more | 2024-11-21 | 7.8 High |
| A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP. | ||||
| CVE-2022-22986 | 1 Ntt-east | 8 Og410xa, Og410xa Firmware, Og410xi and 5 more | 2024-11-21 | 8.8 High |
| Netcommunity OG410X and OG810X series (Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier) allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file. | ||||
| CVE-2022-22951 | 2 Microsoft, Vmware | 2 Windows, Carbon Black App Control | 2024-11-21 | 9.1 Critical |
| VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains an OS command injection vulnerability. An authenticated, high privileged malicious actor with network access to the VMware App Control administration interface may be able to execute commands on the server due to improper input validation leading to remote code execution. | ||||
| CVE-2022-22945 | 1 Vmware | 2 Cloud Foundation, Nsx Data Center | 2024-11-21 | 7.8 High |
| VMware NSX Edge contains a CLI shell injection vulnerability. A malicious actor with SSH access to an NSX-Edge appliance can execute arbitrary commands on the operating system as root. | ||||
| CVE-2022-22899 | 1 Coreftp | 1 Core Ftp | 2024-11-21 | 5.5 Medium |
| Core FTP / SFTP Server v2 Build 725 was discovered to allow unauthenticated attackers to cause a Denial of Service (DoS) via a crafted packet through the SSH service. | ||||
| CVE-2022-22895 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.8 High |
| Jerryscript 3.0.0 was discovered to contain a heap-buffer-overflow via ecma_utf8_string_to_number_by_radix in /jerry-core/ecma/base/ecma-helpers-conversion.c. | ||||
| CVE-2022-22894 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.8 High |
| Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_lcache_lookup in /jerry-core/ecma/base/ecma-lcache.c. | ||||
| CVE-2022-22893 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.8 High |
| Jerryscript 3.0.0 was discovered to contain a stack overflow via vm_loop.lto_priv.304 in /jerry-core/vm/vm.c. | ||||
| CVE-2022-22888 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.8 High |
| Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c. | ||||
| CVE-2022-22721 | 6 Apache, Apple, Debian and 3 more | 11 Http Server, Mac Os X, Macos and 8 more | 2024-11-21 | 9.1 Critical |
| If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. | ||||
| CVE-2022-22707 | 2 Debian, Lighttpd | 2 Debian Linux, Lighttpd | 2024-11-21 | 5.9 Medium |
| In lighttpd 1.4.46 through 1.4.63, the mod_extforward_Forwarded function of the mod_extforward plugin has a stack-based buffer overflow (4 bytes representing -1), as demonstrated by remote denial of service (daemon crash) in a non-default configuration. The non-default configuration requires handling of the Forwarded header in a somewhat unusual manner. Also, a 32-bit system is much more likely to be affected than a 64-bit system. | ||||