Search Results (363023 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-25396 1 Cosmetics And Beauty Product Online Store Project 1 Cosmetics And Beauty Product Online Store 2024-11-21 9.8 Critical
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain a SQL injection vulnerability via the search parameter.
CVE-2022-25395 1 Cosmetics And Beauty Product Online Store Project 1 Cosmetics And Beauty Product Online Store 2024-11-21 9.6 Critical
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross-site scripting (XSS) attacks via the search parameter under the /cbpos/ app.
CVE-2022-25394 1 Medical Store Management System Project 1 Medical Store Management System 2024-11-21 9.8 Critical
Medical Store Management System v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter under customer-add.php.
CVE-2022-25393 1 Simple Bakery Shop Management Project 1 Simple Bakery Shop Management 2024-11-21 7.5 High
Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
CVE-2022-25390 1 Dcnglobal 2 Dcme-520, Dcme-520 Firmware 2024-11-21 9.8 Critical
DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php.
CVE-2022-25389 1 Dcnglobal 2 Dcme-520, Dcme-520 Firmware 2024-11-21 7.5 High
DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php.
CVE-2022-25375 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 5.5 Medium
An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory.
CVE-2022-25374 1 Hashicorp 1 Terraform Enterprise 2024-11-21 7.5 High
HashiCorp Terraform Enterprise v202112-1, v202112-2, v202201-1, and v202201-2 were configured to log inbound HTTP requests in a manner that may capture sensitive data. Fixed in v202202-1.
CVE-2022-25373 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 5.4 Medium
Zoho ManageEngine SupportCenter Plus before 11020 allows Stored XSS in the request history.
CVE-2022-25372 2 Microsoft, Pritunl 2 Windows, Pritunl-client-electron 2024-11-21 7.8 High
Pritunl Client through 1.2.3019.52 on Windows allows local privilege escalation, related to an ACL entry for CREATOR OWNER in platform_windows.go.
CVE-2022-25371 1 Apache 1 Ofbiz 2024-11-21 9.8 Critical
Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier.
CVE-2022-25370 1 Apache 1 Ofbiz 2024-11-21 5.4 Medium
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS.
CVE-2022-25368 2 Amperecomputing, Arm 44 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 41 more 2024-11-21 4.7 Medium
Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim's hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.
CVE-2022-25366 1 Cryptomator 1 Cryptomator 2024-11-21 7.8 High
Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious .dylib file that can be executed via the DYLD_INSERT_LIBRARIES environment variable.
CVE-2022-25365 2 Docker, Microsoft 2 Docker, Windows 2024-11-21 7.8 High
Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774.
CVE-2022-25364 1 Gradle 1 Enterprise 2024-11-21 8.1 High
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.)
CVE-2022-25363 1 Watchguard 1 Fireware 2024-11-21 6.5 Medium
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to modify privileged management user credentials. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
CVE-2022-25361 1 Watchguard 47 Firebox M200, Firebox M270, Firebox M290 and 44 more 2024-11-21 9.1 Critical
WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
CVE-2022-25360 1 Watchguard 1 Fireware 2024-11-21 8.8 High
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged credentials to upload files to arbitrary locations. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2.
CVE-2022-25359 1 Iclinks 3 Scadaflex Ii, Scadaflex Ii Firmware, Weblib 2024-11-21 9.1 Critical
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote attackers can overwrite, delete, or create files.