Search Results (365359 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-46782 1 Stormshield 1 Ssl Vpn Client 2024-11-21 7.8 High
An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine.
CVE-2022-46724 1 Apple 2 Ipados, Iphone Os 2024-11-21 2.4 Low
This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 16.4 and iPadOS 16.4. A person with physical access to an iOS device may be able to view the last image used in Magnifier from the lock screen.
CVE-2022-46722 1 Apple 1 Macos 2024-11-21 5.5 Medium
A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13. An app may be able to modify protected parts of the file system.
CVE-2022-46706 1 Apple 3 Mac Os X, Macos, Securtiy Update Catalina 2024-11-21 7.8 High
A type confusion issue was addressed with improved state handling. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to execute arbitrary code with kernel privileges.
CVE-2022-46705 2 Apple, Redhat 8 Ipados, Iphone Os, Macos and 5 more 2024-11-21 4.3 Medium
A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1, Safari 16.2. Visiting a malicious website may lead to address bar spoofing.
CVE-2022-46651 1 Apache 1 Airflow 2024-11-21 6.5 Medium
Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.
CVE-2022-46647 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-11-21 2.5 Low
Insertion of sensitive information into log file for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-46646 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-11-21 2.2 Low
Exposure of sensitive information to an unauthorized actor for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-46527 1 Elsys 2 Ers 1.5, Ers 1.5 Firmware 2024-11-21 7.5 High
ELSYS ERS 1.5 Sound v2.3.8 was discovered to contain a buffer overflow via the NFC data parser.
CVE-2022-46486 1 Scontain 1 Scone 2024-11-21 5.5 Medium
A lack of pointer-validation logic in the __scone_dispatch component of SCONE before v5.8.0 for Intel SGX allows attackers to access sensitive information.
CVE-2022-46485 1 Ngsurvey 1 Ngsurvey 2024-11-21 7.5 High
Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".
CVE-2022-46484 1 Ngsurvey 1 Ngsurvey 2024-11-21 7.5 High
Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys.
CVE-2022-46480 1 U-tec 2 Ultraloq Ul3 Bt, Ultraloq Ul3 Bt Firmware 2024-11-21 8.1 High
Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3 2nd Gen Smart Lock Firmware 02.27.0012 allows an attacker to sniff the unlock code and unlock the device whilst within Bluetooth range.
CVE-2022-46366 1 Apache 1 Tapestry 2024-11-21 9.8 Critical
Apache Tapestry 3.x allows deserialization of untrusted data, leading to remote code execution. This issue is similar to but distinct from CVE-2020-17531, which applies the the (also unsupported) 4.x version line. NOTE: This vulnerability only affects Apache Tapestry version line 3.x, which is no longer supported by the maintainer. Users are recommended to upgrade to a supported version line of Apache Tapestry.
CVE-2022-46365 1 Apache 1 Streampark 2024-11-21 9.1 Critical
Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.
CVE-2022-46346 1 Siemens 3 Parasolid, Solid Edge Se2022, Solid Edge Se2023 2024-11-21 7.8 High
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19071)
CVE-2022-46345 1 Siemens 4 Parasolid, Solid Edge, Solid Edge Se2022 and 1 more 2024-11-21 7.8 High
A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.170), Solid Edge SE2022 (All versions < V222.0MP12), Solid Edge SE2022 (All versions), Solid Edge SE2023 (All versions < V223.0Update2). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted X_B files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19070)
CVE-2022-46301 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-11-21 1.9 Low
Improper Initialization for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-46299 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-11-21 3.3 Low
Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-46298 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-11-21 1.9 Low
Incomplete cleanup for some Intel Unison software may allow a privileged user to potentially enable denial of service via local access.