Search Results (364947 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-38812 1 Aerocms Project 1 Aerocms 2024-11-21 6.5 Medium
AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter.
CVE-2022-38808 1 Yimihome 1 Ywoa 2024-11-21 8.8 High
ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.
CVE-2022-38796 1 Feehi 1 Feehi Cms 2024-11-21 6.1 Medium
A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. This can be exploited by abusing password reset emails.
CVE-2022-38795 1 Gitea 1 Gitea 2024-11-21 6.5 Medium
In Gitea through 1.17.1, repo cloning can occur in the migration function.
CVE-2022-38794 1 Zaver Project 1 Zaver 2024-11-21 7.5 High
Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.
CVE-2022-38792 1 Exotel Project 1 Exotel 2024-11-21 9.8 Critical
The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.
CVE-2022-38791 3 Fedoraproject, Mariadb, Redhat 4 Fedora, Mariadb, Enterprise Linux and 1 more 2024-11-21 5.5 Medium
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.
CVE-2022-38790 1 Weave.works 1 Gitops 2024-11-21 5.4 Medium
Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource.
CVE-2022-38789 1 Airties 6 Air 4920, Air 4920 Firmware, Air 4921 and 3 more 2024-11-21 9.1 Critical
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change the main/guest SSID and the PSK to arbitrary values, and map the LAN, because of Insecure Direct Object Reference.
CVE-2022-38788 1 Nokia 2 Fastmile 5g Receiver, Fastmile 5g Receiver Firmware 2024-11-21 4.3 Medium
An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. Bluetooth on the Nokia ODU uses outdated pairing mechanisms, allowing an attacker to passively intercept a paring handshake and (after offline cracking) retrieve the PIN and LTK (long-term key).
CVE-2022-38786 1 Intel 1 Battery Life Diagnostic Tool 2024-11-21 6.7 Medium
Improper access control in some Intel Battery Life Diagnostic Tool software before version 2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-38784 4 Debian, Fedoraproject, Freedesktop and 1 more 4 Debian Linux, Fedora, Poppler and 1 more 2024-11-21 7.8 High
Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.
CVE-2022-38779 1 Elastic 1 Kibana 2024-11-21 6.1 Medium
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
CVE-2022-38772 1 Zohocorp 6 Manageengine Netflow Analyzer, Manageengine Network Configuration Manager, Manageengine Opmanager and 3 more 2024-11-21 8.8 High
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.
CVE-2022-38771 1 Transtek 1 Mojodat Fixed Asset Management 2024-11-21 9.8 Critical
The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request.
CVE-2022-38770 1 Transtek 1 Mojodat Fixed Asset Management 2024-11-21 5.3 Medium
The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request.
CVE-2022-38769 1 Transtek 1 Mojodat Fixed Asset Management 2024-11-21 7.5 High
The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request.
CVE-2022-38768 1 Transtek 1 Mojodat Fixed Asset Management 2024-11-21 9.8 Critical
The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization.
CVE-2022-38764 2 Microsoft, Trendmicro 2 Windows, Housecall 2024-11-21 7.8 High
A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer.
CVE-2022-38752 2 Redhat, Snakeyaml Project 9 Amq Streams, Camel Spring Boot, Jboss Data Grid and 6 more 2024-11-21 6.5 Medium
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.