Export limit exceeded: 20059 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10757 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10757 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31447 | 1 Magicpin | 1 Magicpin | 2024-11-21 | 7.5 High |
| An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file. | ||||
| CVE-2022-31261 | 1 Morpheusdata | 1 Morpheus | 2024-11-21 | 7.5 High |
| An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to. | ||||
| CVE-2022-31233 | 1 Dell | 8 Evasa Provider Virtual Appliance, Powermax Os, Solutions Enabler and 5 more | 2024-11-21 | 6.3 Medium |
| Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. | ||||
| CVE-2022-30992 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 6.1 Medium |
| Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | ||||
| CVE-2022-30974 | 3 Artifex, Debian, Fedoraproject | 3 Mujs, Debian Linux, Fedora | 2024-11-21 | 5.5 Medium |
| compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413. | ||||
| CVE-2022-30971 | 1 Jenkins | 1 Storable Configs | 2024-11-21 | 8.8 High |
| Jenkins Storable Configs Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-30952 | 2 Jenkins, Redhat | 3 Blue Ocean, Ocp Tools, Openshift | 2024-11-21 | 6.5 Medium |
| Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins. | ||||
| CVE-2022-30945 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 8.5 High |
| Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines. | ||||
| CVE-2022-30852 | 1 Withknown | 1 Known | 2024-11-21 | 4.3 Medium |
| Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR). | ||||
| CVE-2022-30780 | 1 Lighttpd | 1 Lighttpd | 2024-11-21 | 7.5 High |
| Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. | ||||
| CVE-2022-30760 | 1 Ihb-eg | 1 Fn2web | 2024-11-21 | 4.3 Medium |
| An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint. | ||||
| CVE-2022-30734 | 1 Samsung | 1 Account | 2024-11-21 | 4 Medium |
| Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | ||||
| CVE-2022-30732 | 1 Samsung | 1 Account | 2024-11-21 | 5.5 Medium |
| Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. | ||||
| CVE-2022-30728 | 1 Google | 1 Android | 2024-11-21 | 1.9 Low |
| Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | ||||
| CVE-2022-30714 | 1 Google | 1 Android | 2024-11-21 | 1.9 Low |
| Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | ||||
| CVE-2022-30706 | 1 Twinkletoessoftware | 1 Booked | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability in Booked versions prior to 3.3 allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | ||||
| CVE-2022-30699 | 3 Fedoraproject, Nlnetlabs, Redhat | 4 Fedora, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten. | ||||
| CVE-2022-30698 | 3 Fedoraproject, Nlnetlabs, Redhat | 4 Fedora, Unbound, Enterprise Linux and 1 more | 2024-11-21 | 6.5 Medium |
| NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information. | ||||
| CVE-2022-30632 | 2 Golang, Redhat | 18 Go, Acm, Application Interconnect and 15 more | 2024-11-21 | 7.5 High |
| Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | ||||
| CVE-2022-30600 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 9.8 Critical |
| A flaw was found in moodle where logic used to count failed login attempts could result in the account lockout threshold being bypassed. | ||||