Search Results (367161 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27776 7 Brocade, Debian, Fedoraproject and 4 more 19 Fabric Operating System, Debian Linux, Fedora and 16 more 2024-11-21 6.5 Medium
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.
CVE-2022-27772 1 Vmware 1 Spring Boot 2024-11-21 7.8 High
spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer
CVE-2022-27671 1 Sap 1 Businessobjects Business Intelligence Platform 2024-11-21 6.5 Medium
A CSRF token visible in the URL may possibly lead to information disclosure vulnerability.
CVE-2022-27670 1 Sap 1 Sql Anywhere 2024-11-21 6.5 Medium
SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use indirect identifiers.
CVE-2022-27669 1 Sap 1 Netweaver Application Server For Java 2024-11-21 7.5 High
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver Application Server for Java - version 7.50, to which access should be restricted. This may result in an escalation of privileges.
CVE-2022-27668 1 Sap 4 Netweaver As Abap, Netweaver As Abap Krnl64nuc, Netweaver As Abap Krnl64uc and 1 more 2024-11-21 9.8 Critical
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.
CVE-2022-27667 1 Sap 1 Businessobjects Business Intelligence Platform 2024-11-21 7.5 High
Under certain conditions, SAP BusinessObjects Business Intelligence platform, Client Management Console (CMC) - version 430, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
CVE-2022-27666 5 Debian, Fedoraproject, Linux and 2 more 24 Debian Linux, Fedora, Linux Kernel and 21 more 2024-11-21 7.8 High
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat.
CVE-2022-27664 3 Fedoraproject, Golang, Redhat 19 Fedora, Go, Acm and 16 more 2024-11-21 7.5 High
In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
CVE-2022-27662 1 F5 1 Traffix Signaling Delivery Controller 2024-11-21 4.8 Medium
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-27661 1 Cybozu 1 Garoon 2024-11-21 4.3 Medium
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.
CVE-2022-27659 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2024-11-21 4.3 Medium
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-27658 1 Sap 1 Innovation Management 2024-11-21 7.5 High
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
CVE-2022-27657 1 Sap 1 Focused Run 2024-11-21 2.7 Low
A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.
CVE-2022-27656 1 Sap 3 Netweaver As Abap Kernel, Netweaver As Abap Krnl64uc, Webdispatcher 2024-11-21 6.1 Medium
The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2022-27655 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.5 Medium
When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-27654 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 6.5 Medium
When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application.
CVE-2022-27653 1 Siemens 1 Simcenter Femap 2024-11-21 7.8 High
A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15594)
CVE-2022-27652 4 Fedoraproject, Kubernetes, Mobyproject and 1 more 5 Fedora, Cri-o, Moby and 2 more 2024-11-21 5.3 Medium
A flaw was found in cri-o, where containers were incorrectly started with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
CVE-2022-27651 3 Buildah Project, Fedoraproject, Redhat 4 Buildah, Fedora, Enterprise Linux and 1 more 2024-11-21 6.8 Medium
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.