Search Results (364529 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29835 1 Westerndigital 1 Wd Discovery 2024-11-21 5.3 Medium
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.
CVE-2022-29824 6 Debian, Fedoraproject, Netapp and 3 more 26 Debian Linux, Fedora, Active Iq Unified Manager and 23 more 2024-11-21 6.5 Medium
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
CVE-2022-29821 1 Jetbrains 1 Pycharm 2024-11-21 6.9 Medium
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible
CVE-2022-29820 1 Jetbrains 1 Pycharm 2024-11-21 3 Low
In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible
CVE-2022-29819 1 Jetbrains 1 Intellij Idea 2024-11-21 6.9 Medium
In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible
CVE-2022-29818 1 Jetbrains 1 Intellij Idea 2024-11-21 3.9 Low
In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed
CVE-2022-29817 1 Jetbrains 1 Intellij Idea 2024-11-21 3.9 Low
In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible
CVE-2022-29816 1 Jetbrains 1 Intellij Idea 2024-11-21 2.8 Low
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
CVE-2022-29815 1 Jetbrains 1 Intellij Idea 2024-11-21 6.9 Medium
In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible
CVE-2022-29814 1 Jetbrains 1 Intellij Idea 2024-11-21 6.9 Medium
In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible
CVE-2022-29813 1 Jetbrains 1 Intellij Idea 2024-11-21 6.9 Medium
In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible
CVE-2022-29812 1 Jetbrains 1 Intellij Idea 2024-11-21 2.3 Low
In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient
CVE-2022-29811 1 Jetbrains 1 Hub 2024-11-21 6.1 Medium
In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible.
CVE-2022-29810 2 Hashicorp, Redhat 4 Go-getter, Acm, Openshift and 1 more 2024-11-21 5.5 Medium
The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter.
CVE-2022-29808 1 Quest 1 Kace Systems Management Appliance 2024-11-21 7.5 High
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled.
CVE-2022-29807 1 Quest 1 Kace Systems Management Appliance 2024-11-21 9.8 Critical
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php.
CVE-2022-29806 1 Zoneminder 1 Zoneminder 2024-11-21 9.8 Critical
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Ability to create a debug log file at an arbitrary pathname contributes to exploitability.
CVE-2022-29805 1 Fishbowlinventory 1 Fishbowl 2024-11-21 9.8 Critical
A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload.
CVE-2022-29804 2 Golang, Microsoft 2 Go, Windows 2024-11-21 7.5 High
Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.
CVE-2022-29801 1 Siemens 1 Teamcenter 2024-11-21 7.5 High
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.