Search Results (363331 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27919 1 Gradle 1 Enterprise 2024-11-21 9.8 Critical
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API.
CVE-2022-27913 1 Joomla 1 Joomla\! 2024-11-21 6.1 Medium
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.
CVE-2022-27912 1 Joomla 1 Joomla\! 2024-11-21 5.3 Medium
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.
CVE-2022-27908 1 Zohocorp 1 Manageengine Opmanager 2024-11-21 8.8 High
Zoho ManageEngine OpManager before 125588 (and before 125603) is vulnerable to authenticated SQL Injection in the Inventory Reports module.
CVE-2022-27907 1 Sonatype 1 Nexus Repository Manager 2024-11-21 4.3 Medium
Sonatype Nexus Repository Manager 3.x before 3.38.0 allows SSRF.
CVE-2022-27906 1 Mendelson 1 Oftp2 2024-11-21 5.9 Medium
Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code path, the attacker has to know one of the configured Odette IDs of the OFTP2 server. An attacker can upload files to the server outside of the intended upload directory.
CVE-2022-27905 1 Controlup 1 Controlup 2024-11-21 7.2 High
In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this.
CVE-2022-27904 2 Apple, Automox 2 Macos, Automox 2024-11-21 7.0 High
Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process.
CVE-2022-27903 1 Eve-ng 1 Eve-ng 2024-11-21 8.8 High
An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files.
CVE-2022-27889 1 Palantir 1 Foundry Multipass 2024-11-21 5.3 Medium
The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0.
CVE-2022-27888 1 Palantir 1 Foundry Issues 2024-11-21 5.5 Medium
Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1.
CVE-2022-27887 1 Maccms 1 Maccms 2024-11-21 6.1 Medium
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/vod/data.html via the repeat parameter.
CVE-2022-27886 1 Maccms 1 Maccms 2024-11-21 6.1 Medium
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/ulog/index.html via the wd parameter.
CVE-2022-27885 1 Maccms 1 Maccms 2024-11-21 6.1 Medium
Maccms v10 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities in /admin.php/admin/website/data.html via the select and input parameters.
CVE-2022-27884 1 Maccms 1 Maccms 2024-11-21 6.1 Medium
Maccms v10 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in /admin.php/admin/plog/index.html via the wd parameter.
CVE-2022-27883 1 Trendmicro 1 Antivirus For Mac 2024-11-21 7.3 High
A link following vulnerability in Trend Micro Antivirus for Mac 11.5 could allow an attacker to create a specially-crafted file as a symlink that can lead to privilege escalation. Please note that an attacker must at least have low-level privileges on the system to attempt to exploit this vulnerability.
CVE-2022-27882 1 Openbsd 1 Openbsd 2024-11-21 7.5 High
slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation.
CVE-2022-27881 1 Openbsd 1 Openbsd 2024-11-21 7.5 High
engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation.
CVE-2022-27880 1 F5 1 Traffix Signaling Delivery Controller 2024-11-21 4.8 Medium
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-27875 1 F5 1 Access For Android 2024-11-21 5.5 Medium
On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated