Search Results (363299 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-32751 1 Ibm 1 Security Verify Directory 2024-11-21 5.3 Medium
IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437.
CVE-2022-32750 1 Ibm 1 Datapower Gateway 2024-11-21 5.4 Medium
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228435.
CVE-2022-32746 2 Redhat, Samba 2 Enterprise Linux, Samba 2024-11-21 5.4 Medium
A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.
CVE-2022-32745 1 Samba 1 Samba 2024-11-21 8.1 High
A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.
CVE-2022-32744 1 Samba 1 Samba 2024-11-21 8.8 High
A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.
CVE-2022-32742 2 Redhat, Samba 4 Enterprise Linux, Rhev Hypervisor, Storage and 1 more 2024-11-21 4.3 Medium
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).
CVE-2022-32741 1 Otrs 1 Otrs 2024-11-21 5.3 Medium
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.
CVE-2022-32740 1 Otrs 1 Otrs 2024-11-21 3.5 Low
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.
CVE-2022-32739 1 Otrs 2 Calendar Resource Planning, Otrs 2024-11-21 3.5 Low
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.
CVE-2022-32593 2 Google, Mediatek 2 Android, Mt6983 2024-11-21 6.7 Medium
In vowe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138493; Issue ID: ALPS07138493.
CVE-2022-32592 3 Google, Linuxfoundation, Mediatek 17 Android, Yocto, Mt6855 and 14 more 2024-11-21 6.7 Medium
In cpu dvfs, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07139405; Issue ID: ALPS07139405.
CVE-2022-32591 2 Google, Mediatek 38 Android, Mt6580, Mt6739 and 35 more 2024-11-21 7.5 High
In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259.
CVE-2022-32590 3 Google, Linuxfoundation, Mediatek 47 Android, Yocto, Mt6761 and 44 more 2024-11-21 6.7 Medium
In wlan, there is a possible use after free due to an incorrect status check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07299425; Issue ID: ALPS07299425.
CVE-2022-32589 3 Google, Linuxfoundation, Mediatek 43 Android, Yocto, Mt6761 and 40 more 2024-11-21 7.5 High
In Wi-Fi driver, there is a possible way to disconnect Wi-Fi due to an improper resource release. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07030600; Issue ID: ALPS07030600.
CVE-2022-32583 1 Cybozu 1 Office 2024-11-21 4.3 Medium
Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.
CVE-2022-32567 1 Appfire 1 Jira Misc Custom Fields 2024-11-21 5.4 Medium
The Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function.
CVE-2022-32565 1 Couchbase 1 Couchbase Server 2024-11-21 7.5 High
An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids.
CVE-2022-32564 1 Couchbase 1 Couchbase Server 2024-11-21 7.5 High
An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie.
CVE-2022-32563 1 Couchbase 1 Sync Gateway 2024-11-21 9.8 Critical
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration.
CVE-2022-32562 1 Couchbase 1 Couchbase Server 2024-11-21 8.8 High
An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission.