Search Results (120721 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-18017 9 Arista, Canonical, Debian and 6 more 33 Eos, Ubuntu Linux, Debian Linux and 30 more 2025-01-03 9.8 Critical
The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.
CVE-2023-29129 1 Mendix 1 Saml 2025-01-03 9.1 Critical
A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.12/9.18 compatible, New Track) (All versions >= V3.3.1 < V3.3.15), Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.14), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application. This CVE entry describes the incomplete fix for CVE-2023-25957 in a specific non default configuration.
CVE-2024-27923 1 Getgrav 1 Grav 2025-01-02 8.8 High
Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue.
CVE-2024-28116 1 Getgrav 1 Grav 2025-01-02 8.8 High
Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue.
CVE-2022-41081 1 Microsoft 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more 2025-01-02 8.1 High
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-41038 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2025-01-02 8.8 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-41037 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2025-01-02 8.8 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-41036 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2025-01-02 8.8 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-41034 1 Microsoft 1 Visual Studio Code 2025-01-02 7.8 High
Visual Studio Code Remote Code Execution Vulnerability
CVE-2022-41031 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2025-01-02 7.8 High
Microsoft Word Remote Code Execution Vulnerability
CVE-2022-38053 1 Microsoft 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server 2025-01-02 8.8 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-38049 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2025-01-02 7.8 High
Microsoft Office Graphics Remote Code Execution Vulnerability
CVE-2022-38048 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2025-01-02 7.8 High
Microsoft Office Remote Code Execution Vulnerability
CVE-2022-38047 1 Microsoft 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more 2025-01-02 8.1 High
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-38040 1 Microsoft 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more 2025-01-02 8.8 High
Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-38033 1 Microsoft 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more 2025-01-02 6.5 Medium
Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability
CVE-2022-38031 1 Microsoft 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more 2025-01-02 8.8 High
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-38000 1 Microsoft 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more 2025-01-02 8.1 High
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-37982 1 Microsoft 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more 2025-01-02 8.8 High
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2022-33635 1 Microsoft 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more 2025-01-02 7.8 High
Windows GDI+ Remote Code Execution Vulnerability