Search Results (364918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-40744 1 Ibm 1 Aspera Faspex 2024-11-21 4.8 Medium
IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.
CVE-2022-40738 1 Axiosys 1 Bento4 2024-11-21 6.5 Medium
An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_DescriptorListWriter::Action in Core/Ap4Descriptor.h, called from AP4_EsDescriptor::WriteFields and AP4_Expandable::Write.
CVE-2022-40737 1 Axiosys 1 Bento4 2024-11-21 6.5 Medium
An issue was discovered in Bento4 through 1.6.0-639. A buffer over-read exists in the function AP4_StdcFileByteStream::WritePartial located in System/StdC/Ap4StdCFileByteStream.cpp, called from AP4_ByteStream::Write and AP4_HdlrAtom::WriteFields.
CVE-2022-40736 1 Axiosys 1 Bento4 2024-11-21 6.5 Medium
An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4_CttsAtom::Create in Core/Ap4CttsAtom.cpp.
CVE-2022-40735 1 Diffie-hellman Key Exchange Project 1 Diffie-hellman Key Exchange 2024-11-21 7.5 High
The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints, and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size, rather than an observation about numbers that are not public keys. The specific situations in which calculation expense would constitute a server-side vulnerability depend on the protocol (e.g., TLS, SSH, or IKE) and the DHE implementation details. In general, there might be an availability concern because of server-side resource consumption from DHE modular-exponentiation calculations. Finally, it is possible for an attacker to exploit this vulnerability and CVE-2002-20001 together.
CVE-2022-40734 1 Unisharp 1 Laravel Filemanager 2024-11-21 6.5 Medium
UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. directory traversal to read arbitrary files, as exploited in the wild in June 2022. This is related to league/flysystem before 2.0.0.
CVE-2022-40721 1 Creativedream File Uploader Project 1 Creativedream File Uploader 2024-11-21 9.8 Critical
Arbitrary file upload vulnerability in php uploader
CVE-2022-40715 1 Nokia 1 1350 Optical Management System 2024-11-21 6.5 Medium
An issue was discovered in NOKIA 1350OMS R14.2. An Absolute Path Traversal vulnerability exists for a specific endpoint via the logfile parameter, allowing a remote authenticated attacker to read files on the filesystem arbitrarily.
CVE-2022-40714 1 Nokia 1 1350 Optical Management System 2024-11-21 6.1 Medium
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/* endpoints.
CVE-2022-40710 2 Microsoft, Trendmicro 2 Windows, Deep Security Agent 2024-11-21 7.8 High
A link following vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-40709 2 Microsoft, Trendmicro 2 Windows, Deep Security Agent 2024-11-21 3.3 Low
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40707 and 40708.
CVE-2022-40707 2 Microsoft, Trendmicro 2 Windows, Deep Security Agent 2024-11-21 3.3 Low
An Out-of-bounds read vulnerability in Trend Micro Deep Security 20 and Cloud One - Workload Security Agent for Windows could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit these vulnerabilities. This vulnerability is similar to, but not identical to CVE-2022-40708.
CVE-2022-40705 1 Apache 1 Soap 2024-11-21 7.5 High
An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2022-40701 1 Siretta 2 Quartz-gold, Quartz-gold Firmware 2024-11-21 8.1 High
A directory traversal vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-40698 1 Expresstech 1 Quiz And Survey Master 2024-11-21 5.4 Medium
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Quiz And Survey Master plugin <= 7.3.10 on WordPress.
CVE-2022-40694 1 Storeapps 1 News Announcement Scroll 2024-11-21 4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in News Announcement Scroll plugin <= 8.8.8 on WordPress.
CVE-2022-40693 1 Moxa 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more 2024-11-21 7.5 High
A cleartext transmission vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted network sniffing can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
CVE-2022-40691 1 Moxa 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more 2024-11-21 5.3 Medium
An information disclosure vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-40683 1 Fortinet 1 Fortiweb 2024-11-21 7.1 High
A double free in Fortinet FortiWeb version 7.0.0 through 7.0.3 may allows attacker to execute unauthorized code or commands via specially crafted commands
CVE-2022-40682 1 Fortinet 1 Forticlient 2024-11-21 7.1 High
A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to execute unauthorized code or commands via sending a crafted request to a specific named pipe.