Export limit exceeded: 353735 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 353735 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81642 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1718 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 7.5 High |
| The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service. | ||||
| CVE-2022-1714 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.1 High |
| Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. | ||||
| CVE-2022-1713 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| SSRF on /proxy in GitHub repository jgraph/drawio prior to 18.0.4. An attacker can make a request as the server and read its contents. This can lead to a leak of sensitive information. | ||||
| CVE-2022-1711 | 1 Diagrams | 1 Drawio | 2024-11-21 | 7.5 High |
| Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. | ||||
| CVE-2022-1708 | 3 Fedoraproject, Kubernetes, Redhat | 5 Fedora, Cri-o, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
| A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. | ||||
| CVE-2022-1703 | 1 Sonicwall | 6 Sma 210, Sma 210 Firmware, Sma 410 and 3 more | 2024-11-21 | 8.8 High |
| Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. | ||||
| CVE-2022-1701 | 1 Sonicwall | 10 Sma 6200, Sma 6200 Firmware, Sma 6210 and 7 more | 2024-11-21 | 7.5 High |
| SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data. | ||||
| CVE-2022-1700 | 1 Forcepoint | 5 Cloud Security Gateway, Data Loss Prevention, Email Security and 2 more | 2024-11-21 | 7.5 High |
| Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. The XML parser in the Policy Engine was found to be improperly configured to support external entities and external DTD (Document Type Definitions), which can lead to an XXE attack. This issue affects: Forcepoint Data Loss Prevention (DLP) versions prior to 8.8.2. Forcepoint One Endpoint (F1E) with Policy Engine versions prior to 8.8.2. Forcepoint Web Security Content Gateway versions prior to 8.5.5. Forcepoint Email Security with DLP enabled versions prior to 8.5.5. Forcepoint Cloud Security Gateway prior to June 20, 2022. | ||||
| CVE-2022-1699 | 1 Organizr | 1 Organizr | 2024-11-21 | 7.5 High |
| Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | ||||
| CVE-2022-1698 | 1 Organizr | 1 Organizr | 2024-11-21 | 7.5 High |
| Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | ||||
| CVE-2022-1683 | 1 Amtythumb Project | 1 Amtythumb | 2024-11-21 | 8.8 High |
| The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action | ||||
| CVE-2022-1681 | 1 Requarks | 1 Wiki.js | 2024-11-21 | 7.2 High |
| Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281. User can get root user permissions | ||||
| CVE-2022-1679 | 4 Debian, Linux, Netapp and 1 more | 21 Debian Linux, Linux Kernel, H300e and 18 more | 2024-11-21 | 7.8 High |
| A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||||
| CVE-2022-1672 | 1 Insights From Google Pagespeed Project | 1 Insights From Google Pagespeed | 2024-11-21 | 8.8 High |
| The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks | ||||
| CVE-2022-1671 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2024-11-21 | 7.1 High |
| A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information. | ||||
| CVE-2022-1670 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 7.5 High |
| When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users. | ||||
| CVE-2022-1665 | 1 Redhat | 1 Enterprise Linux | 2024-11-21 | 8.2 High |
| A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code. | ||||
| CVE-2022-1652 | 4 Debian, Linux, Netapp and 1 more | 13 Debian Linux, Linux Kernel, H300s and 10 more | 2024-11-21 | 7.8 High |
| Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. | ||||
| CVE-2022-1651 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.1 High |
| A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service. | ||||
| CVE-2022-1642 | 1 Apple | 1 Swift | 2024-11-21 | 7.5 High |
| A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the Swift standard library, the Codable protocol; and the JSONDecoder class offered by swift-corelibs-foundation, which can deserialize types that adopt the Codable protocol based on the content of a provided JSON document. When a type that adopts Codable requests the initialization of a field with an integer value, the JSONDecoder class uses a type-erased container with different accessor methods to attempt and coerce a corresponding JSON value and produce an integer. In the case the JSON value was a numeric literal with a floating-point portion, JSONDecoder used different type-eraser methods during validation than it did during the final casting of the value. The checked casting produces a deterministic crash due to this mismatch. The JSONDecoder class is often wrapped by popular Swift-based web frameworks to parse the body of HTTP requests and perform basic type validation. This makes the attack low-effort: sending a specifically crafted JSON document during a request to these endpoints will cause them to crash. The attack does not have any confidentiality or integrity risks in and of itself; the crash is produced deterministically by an abort function that ensures that execution does not continue in the face of this violation of assumptions. However, unexpected crashes can lead to violations of invariants in services, so it's possible that this attack can be used to trigger error conditions that escalate the risk. Producing a denial of service may also be the goal of an attacker in itself. This issue is solved in Swift 5.6.2 for Linux and Windows. This issue was solved by ensuring that the same methods are invoked both when validating and during casting, so that no type mismatch occurs. Swift for Linux and Windows versions are not ABI-interchangeable. To upgrade a service, its owner must update to this version of the Swift toolchain, then recompile and redeploy their software. The new version of Swift includes an updated swift-corelibs-foundation package. Versions of Swift running on Darwin-based operating systems are not affected. | ||||