Export limit exceeded: 35190 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35190 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28626 | 1 Hpe | 75 Apollo 2000 Gen10 Plus System, Apollo 4200 Gen10 Server, Apollo 4510 Gen10 System and 72 more | 2024-11-21 | 6.7 Medium |
| A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability. HPE has provided a firmware update to resolve this vulnerability in HPE Integrated Lights-Out 5 (iLO 5). | ||||
| CVE-2022-28621 | 1 Hpe | 1 Nonstop Distributed Systems Management \/ Software Configuration Manager | 2024-11-21 | 7.5 High |
| A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM. | ||||
| CVE-2022-28620 | 1 Hpe | 10 Cray Ex Supercomputers, Cray Ex Supercomputers Firmware, Cray Sh Supercomputer Air Cooled Base System Code and 7 more | 2024-11-21 | 9.8 Critical |
| A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27; All Slingshot versions prior to 1.7.2; All versions of node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27. HPE has provided a software update to resolve this vulnerability in HPE Cray Legacy Shasta System Solutions, HPE Slingshot, and HPE Cray EX Supercomputers. | ||||
| CVE-2022-28619 | 1 Hpe | 1 Control Repository Manager | 2024-11-21 | 7.8 High |
| A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0. | ||||
| CVE-2022-28617 | 1 Hp | 1 Oneview | 2024-11-21 | 9.8 Critical |
| A remote bypass security restrictions vulnerability was discovered in HPE OneView version(s): Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView. | ||||
| CVE-2022-28590 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | 7.2 High |
| A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. | ||||
| CVE-2022-28521 | 1 Zcms Project | 1 Zcms | 2024-11-21 | 9.8 Critical |
| ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. | ||||
| CVE-2022-28470 | 1 Python | 1 Pypi | 2024-11-21 | 9.8 Critical |
| marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor. | ||||
| CVE-2022-28443 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 9.1 Critical |
| UCMS v1.6 was discovered to contain an arbitrary file deletion vulnerability. | ||||
| CVE-2022-28387 | 1 Verbatim | 4 Executive Fingerprint Secure Ssd, Executive Fingerprint Secure Ssd Firmware, Fingerprint Secure Portable Hard Drive and 1 more | 2024-11-21 | 4.6 Medium |
| An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650. | ||||
| CVE-2022-28366 | 3 Antisamy Project, Cyberneko Html Project, Htmlunit | 3 Antisamy, Cyberneko Html, Htmlunit | 2024-11-21 | 7.5 High |
| Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839. | ||||
| CVE-2022-28327 | 3 Fedoraproject, Golang, Redhat | 20 Extra Packages For Enterprise Linux, Fedora, Go and 17 more | 2024-11-21 | 7.5 High |
| The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | ||||
| CVE-2022-28323 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 7.5 High |
| An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, | ||||
| CVE-2022-28209 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. | ||||
| CVE-2022-28206 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 9.8 Critical |
| An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. | ||||
| CVE-2022-28205 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 9.8 Critical |
| An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. | ||||
| CVE-2022-28198 | 2 Microsoft, Nvidia | 3 Windows, Omniverse Cache, Omniverse Nucleus | 2024-11-21 | 6.6 Medium |
| NVIDIA Omniverse Nucleus and Cache contain a vulnerability in its configuration of OpenSSL, where an attacker with physical access to the system can cause arbitrary code execution which can impact confidentiality, integrity, and availability. | ||||
| CVE-2022-28184 | 1 Nvidia | 2 Gpu Display Driver, Virtual Gpu | 2024-11-21 | 7.1 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering. | ||||
| CVE-2022-28118 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 9.8 Critical |
| SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. | ||||
| CVE-2022-28114 | 1 Dscms Project | 1 Dscms | 2024-11-21 | 9.1 Critical |
| DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php. | ||||