Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-27196 1 Jenkins 1 Favorite 2024-11-21 5.4 Medium
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.
CVE-2022-27195 1 Jenkins 1 Parameterized Trigger 2024-11-21 5.5 Medium
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.
CVE-2022-27194 1 Siemens 3 Simatic Pcs Neo, Sinetplan, Totally Integrated Automation Portal 2024-11-21 7.5 High
A vulnerability has been identified in SIMATIC PCS neo (Administration Console) (All versions < V3.1 SP1), SINETPLAN (All versions), TIA Portal (V15, V15.1, V16 and V17). The affected system cannot properly process specially crafted packets sent to port 8888/tcp. A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually.
CVE-2022-27193 1 Cvrf-csaf-converter Project 1 Cvrf-csaf-converter 2024-11-21 6.1 Medium
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.
CVE-2022-27192 1 Asseco 1 Dvs Avilys 2024-11-21 7.5 High
The Reporting module in Aseco Lietuva document management system DVS Avilys before 3.5.58 allows unauthorized file download. An unauthenticated attacker can impersonate an administrator by reading administrative files.
CVE-2022-27191 3 Fedoraproject, Golang, Redhat 12 Extra Packages For Enterprise Linux, Fedora, Ssh and 9 more 2024-11-21 7.5 High
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey.
CVE-2022-27189 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2024-11-21 7.5 High
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-27188 1 Yokogawa 2 B\/m9000 Vp, Centum Vp 2024-11-21 7.8 High
OS command injection vulnerability exists in CENTUM VP R4.01.00 to R4.03.00, CENTUM VP Small R4.01.00 to R4.03.00, CENTUM VP Basic R4.01.00 to R4.03.00, and B/M9000 VP R6.01.01 to R6.03.02, which may allow an attacker who can access the computer where the affected product is installed to execute an arbitrary OS command by altering a file generated using Graphic Builder.
CVE-2022-27183 1 Splunk 1 Splunk 2024-11-21 8.8 High
The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted.
CVE-2022-27182 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2024-11-21 5.3 Medium
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, when BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-27181 1 F5 1 Big-ip Access Policy Manager 2024-11-21 5.3 Medium
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-27177 1 Netflix 1 Consoleme 2024-11-21 9.8 Critical
A Python format string issue leading to information disclosure and potentially remote code execution in ConsoleMe for all versions prior to 1.2.2
CVE-2022-27176 1 Jscom 3 Revoworks Browser, Revoworks Desktop, Revoworks Scvx 2024-11-21 7.8 High
Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.
CVE-2022-27174 1 Easy Blog Project 1 Easy Blog 2024-11-21 4.3 Medium
Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page.
CVE-2022-27168 1 Litecart 1 Litecart 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.
CVE-2022-27167 1 Eset 9 Endpoint Antivirus, Endpoint Security, File Security and 6 more 2024-11-21 7.1 High
Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit "Repair" and "Uninstall" features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0.
CVE-2022-27166 1 Apache 1 Jspwiki 2024-11-21 6.1 Medium
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim.
CVE-2022-27165 1 Cszcms 1 Csz Cms 2024-11-21 9.8 Critical
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus
CVE-2022-27164 1 Cszcms 1 Csz Cms 2024-11-21 9.8 Critical
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers
CVE-2022-27163 1 Cszcms 1 Csz Cms 2024-11-21 9.8 Critical
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser