Search Results (363079 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-25646 1 X-data-spreadsheet Project 1 X-data-spreadsheet 2024-11-21 5.4 Medium
All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells.
CVE-2022-25645 2 Dset Project, Redhat 2 Dset, Acm 2024-11-21 6.5 Medium
All versions of package dset are vulnerable to Prototype Pollution via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains __proto__, constructor or protorype. By crafting a malicious object, it is possible to bypass this check and achieve prototype pollution.
CVE-2022-25644 1 Get-process-by-name Project 1 Get-process-by-name 2024-11-21 9.8 Critical
All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function.
CVE-2022-25643 1 Seatd Project 1 Seatd 2024-11-21 9.8 Critical
seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with escalated privileges when installed setuid root. The attack vector is a user-supplied socket pathname.
CVE-2022-25642 1 Obyte 1 Obyte 2024-11-21 6.1 Medium
Obyte (formerly Byteball) Wallet before 3.4.1 allows XSS. A crafted chat message can lead to remote code execution.
CVE-2022-25641 2 Foxit, Microsoft 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more 2024-11-21 5.5 Medium
Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack.
CVE-2022-25640 1 Wolfssl 1 Wolfssl 2024-11-21 7.5 High
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.
CVE-2022-25638 1 Wolfssl 1 Wolfssl 2024-11-21 6.5 Medium
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.
CVE-2022-25636 5 Debian, Linux, Netapp and 2 more 16 Debian Linux, Linux Kernel, H300e and 13 more 2024-11-21 7.8 High
net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload.
CVE-2022-25635 3 Google, Linux, Realtek 3 Android, Linux Kernel, Bluetooth Mesh Software Development Kit 2024-11-21 6.5 Medium
Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service.
CVE-2022-25634 1 Qt 1 Qt 2024-11-21 7.5 High
Qt through 5.15.8 and 6.x through 6.2.3 can load system library files from an unintended working directory.
CVE-2022-25625 1 Broadcom 1 Symantec Privileged Access Management 2024-11-21 8.8 High
A malicious unauthorized PAM user can access the administration configuration data and change the values.
CVE-2022-25623 1 Symantec 1 Management Agent 2024-11-21 7.8 High
The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations.
CVE-2022-25621 1 Nec 20 Univerge Wa1020, Univerge Wa1020 Firmware, Univerge Wa1510 and 17 more 2024-11-21 9.8 Critical
UUNIVERGE WA 1020 Ver8.2.11 and prior, UNIVERGE WA 1510 Ver8.2.11 and prior, UNIVERGE WA 1511 Ver8.2.11 and prior, UNIVERGE WA 1512 Ver8.2.11 and prior, UNIVERGE WA 2020 Ver8.2.11 and prior, UNIVERGE WA 2021 Ver8.2.11 and prior, UNIVERGE WA 2610-AP Ver8.2.11 and prior, UNIVERGE WA 2611-AP Ver8.2.11 and prior, UNIVERGE WA 2611E-AP Ver8.2.11 and prior, UNIVERGE WA WA2612-AP Ver8.2.11 and prior allows a remote attacker to execute arbitrary OS commands.
CVE-2022-25620 1 Profelis 1 Sambabox 2024-11-21 3.8 Low
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Group Functionality of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause execute arbitrary codes on the vulnerable server. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.
CVE-2022-25619 1 Profelis 1 Sambabox 2024-11-21 3.8 Low
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in ping tool of Profelis IT Consultancy SambaBox allows AUTHENTICATED user to cause run arbitrary code. This issue affects: Profelis IT Consultancy SambaBox 4.0 version 4.0 and prior versions on x86.
CVE-2022-25598 1 Apache 1 Dolphinscheduler 2024-11-21 7.5 High
Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.
CVE-2022-25597 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-11-21 8.8 High
ASUS RT-AC86U’s LPD service has insufficient filtering for special characters in the user request, which allows an unauthenticated LAN attacker to perform command injection attack, execute arbitrary commands and disrupt or terminate service.
CVE-2022-25596 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-11-21 8.8 High
ASUS RT-AC56U’s configuration function has a heap-based buffer overflow vulnerability due to insufficient validation for the decryption parameter length, which allows an unauthenticated LAN attacker to execute arbitrary code, perform arbitrary operations and disrupt service.
CVE-2022-25595 1 Asus 2 Rt-ac86u, Rt-ac86u Firmware 2024-11-21 6.5 Medium
ASUS RT-AC86U has improper user request handling, which allows an unauthenticated LAN attacker to cause a denial of service by sending particular request a server-to-client reply attempt.