Search Results (364661 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-37077 1 Totolink 2 A7000r, A7000r Firmware 2024-11-21 7.8 High
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter.
CVE-2022-37076 1 Totolink 2 A7000r, A7000r Firmware 2024-11-21 7.8 High
TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.
CVE-2022-37075 1 Totolink 2 A7000r, A7000r Firmware 2024-11-21 7.8 High
TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg.
CVE-2022-37074 1 H3c 2 Gr-1200w Firmware, Gr-120w 2024-11-21 7.8 High
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switch_debug_info_set.
CVE-2022-37073 1 H3c 2 Gr-1200w, Gr-1200w Firmware 2024-11-21 9.8 Critical
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanModeMulti.
CVE-2022-37072 1 H3c 2 Gr-1200w, Gr-1200w Firmware 2024-11-21 9.8 Critical
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanLinkspyMulti.
CVE-2022-37071 1 H3c 2 Gr-1200w, Gr-1200w Firmware 2024-11-21 9.8 Critical
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateOne2One.
CVE-2022-37070 1 H3c 2 Gr-1200w, Gr-1200w Firmware 2024-11-21 9.8 Critical
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.
CVE-2022-37069 1 H3c 2 Gr-1200w, Gr-1200w Firmware 2024-11-21 9.8 Critical
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateSnat.
CVE-2022-37068 1 H3c 2 Gr-1200w, Gr-1200w Firmware 2024-11-21 9.8 Critical
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateMacCloneFinal.
CVE-2022-37067 1 H3c 2 Gr-1200w, Gr-1200w Firmware 2024-11-21 9.8 Critical
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanParamsMulti.
CVE-2022-37066 1 H3c 2 Gr-1200w, Gr-1200w Firmware 2024-11-21 9.8 Critical
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateDDNS.
CVE-2022-37059 1 Intelliants 1 Subrion Cms 2024-11-21 4.8 Medium
Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field
CVE-2022-37053 1 Trendnet 2 Tew733gr, Tew733gr Firmware 2024-11-21 9.8 Critical
TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php.
CVE-2022-37049 2 Broadcom, Fedoraproject 2 Tcpreplay, Fedora 2024-11-21 7.8 High
The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. NOTE: this is different from CVE-2022-27942.
CVE-2022-37048 2 Broadcom, Fedoraproject 2 Tcpreplay, Fedora 2024-11-21 7.8 High
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. NOTE: this is different from CVE-2022-27941.
CVE-2022-37047 2 Broadcom, Fedoraproject 2 Tcpreplay, Fedora 2024-11-21 7.8 High
The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. NOTE: this is different from CVE-2022-27940.
CVE-2022-37044 1 Zimbra 1 Collaboration 2024-11-21 6.1 Medium
In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine.
CVE-2022-37043 1 Zimbra 1 Collaboration 2024-11-21 5.7 Medium
An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. When using preauth, CSRF tokens are not checked on some POST endpoints. Thus, when an authenticated user views an attacker-controlled page, a request will be sent to the application that appears to be intended. The CSRF token is omitted from the request, but the request still succeeds.
CVE-2022-37041 1 Zimbra 1 Collaboration 2024-11-21 7.5 High
An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. The value of the X-Forwarded-Host header overwrites the value of the Host header in proxied requests. The value of X-Forwarded-Host header is not checked against the whitelist of hosts that ZCS is allowed to proxy to (the zimbraProxyAllowedDomains setting).