Search Results (365162 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-48197 1 Yui Project 1 Yui 2024-11-21 6.1 Medium
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2022-48193 1 Softing 1 Smartlink Sw-ht 2024-11-21 5.9 Medium
Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).
CVE-2022-48192 1 Softing 1 Smartlink Sw-ht 2024-11-21 7.2 High
Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.
CVE-2022-48189 1 Lenovo 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more 2024-11-21 6.7 Medium
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2022-48183 3 Lenovo, Linux, Microsoft 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more 2024-11-21 6.1 Medium
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVE-2022-48182 3 Lenovo, Linux, Microsoft 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more 2024-11-21 6.1 Medium
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVE-2022-48165 1 Wavlink 2 Wl-wn530h4, Wl-wn530h4 Firmware 2024-11-21 7.5 High
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
CVE-2022-48074 1 Nomachine 1 Nomachine 2024-11-21 5.3 Medium
An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.
CVE-2022-48065 3 Fedoraproject, Gnu, Netapp 3 Fedora, Binutils, Ontap Select Deploy Administration Utility 2024-11-21 5.5 Medium
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
CVE-2022-48064 3 Fedoraproject, Gnu, Netapp 3 Fedora, Binutils, Ontap Select Deploy Administration Utility 2024-11-21 5.5 Medium
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
CVE-2022-48063 1 Gnu 1 Binutils 2024-11-21 5.5 Medium
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
CVE-2022-48023 1 Zammad 1 Zammad 2024-11-21 4.3 Medium
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.
CVE-2022-48010 1 Limesurvey 1 Limesurvey 2024-11-21 5.4 Medium
LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are already allowed to customize surveys with JavaScript as they wish.
CVE-2022-47937 1 Apache 1 Sling Commons Json 2024-11-21 9.8 Critical
Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to consider the Apache Sling Commons Johnzon OSGi bundle provided by the Apache Sling project, but may of course use other JSON libraries.
CVE-2022-47928 1 Misp-project 1 Malware Information Sharing Platform 2024-11-21 6.1 Medium
In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
CVE-2022-47925 1 Csaf-validator-lib Project 1 Csaf-validator-lib 2024-11-21 7.5 High
The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected by this vulnerability.
CVE-2022-47909 1 Checkmk 1 Checkmk 2024-11-21 6.8 Medium
Livestatus Query Language (LQL) injection in the AuthUser HTTP query header of Tribe29's Checkmk <= 2.1.0p11, Checkmk <= 2.0.0p28, and all versions of Checkmk 1.6.0 (EOL) allows an attacker to perform direct queries to the application's core from localhost.
CVE-2022-47893 1 Riello-ups 2 Netman 204, Netman 204 Firmware 2024-11-21 10 Critical
There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.
CVE-2022-47892 1 Riello-ups 2 Netman 204, Netman 204 Firmware 2024-11-21 5.3 Medium
All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials.
CVE-2022-47891 1 Riello-ups 2 Netman 204, Netman 204 Firmware 2024-11-21 8.1 High
All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.