Search Results (363618 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-30781 1 Gitea 1 Gitea 2024-11-21 7.5 High
Gitea before 1.16.7 does not escape git fetch remote.
CVE-2022-30780 1 Lighttpd 1 Lighttpd 2024-11-21 7.5 High
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.
CVE-2022-30777 1 Parallels 1 H-sphere 2024-11-21 6.1 Medium
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
CVE-2022-30776 1 Atmail 1 Atmail 2024-11-21 6.1 Medium
atmail 6.5.0 allows XSS via the index.php/admin/index/ error parameter.
CVE-2022-30775 1 Xpdfreader 1 Xpdf 2024-11-21 5.5 Medium
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
CVE-2022-30770 1 Terminalfour 1 Terminalfour 2024-11-21 6.1 Medium
Terminalfour versions 8.3.7, 8.3.x versions prior to version 8.3.8 and r 8.2.x versions prior to version 8.2.18.5 or 8.2.18.2.1 are vulnerable to (XSS) vulnerability that could be exploited by an attacker to mislead an administrator and steal their credentials.
CVE-2022-30765 1 Janeczku 1 Calibre-web 2024-11-21 9.8 Critical
Calibre-Web before 0.6.18 allows user table SQL Injection.
CVE-2022-30763 1 Janet-lang 1 Janet 2024-11-21 7.5 High
Janet before 1.22.0 mishandles arrays.
CVE-2022-30760 1 Ihb-eg 1 Fn2web 2024-11-21 4.3 Medium
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.
CVE-2022-30758 1 Google 1 Android 2024-11-21 4 Medium
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.
CVE-2022-30757 1 Google 1 Android 2024-11-21 4 Medium
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.
CVE-2022-30756 1 Google 1 Android 2024-11-21 8.5 High
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder.
CVE-2022-30755 1 Google 1 Android 2024-11-21 7.3 High
Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.
CVE-2022-30754 1 Google 1 Android 2024-11-21 8.5 High
Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker.
CVE-2022-30753 1 Google 1 Android 2024-11-21 3.3 Low
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.
CVE-2022-30752 1 Google 1 Android 2024-11-21 3.3 Low
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.
CVE-2022-30751 1 Google 1 Android 2024-11-21 3.3 Low
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.
CVE-2022-30750 1 Google 1 Android 2024-11-21 3.3 Low
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.
CVE-2022-30749 1 Samsung 1 Smartthings 2024-11-21 3.3 Low
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.
CVE-2022-30748 1 Samsung 1 Members 2024-11-21 4 Medium
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity.