Search Results (364207 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-31787 1 Ideaco 1 Ideatms 2024-11-21 9.8 Critical
IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO
CVE-2022-31786 1 Ideaco 1 Idealms 2024-11-21 6.1 Medium
IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO.
CVE-2022-31784 1 Mitel 2 Mivoice Business, Mivoice Business Express 2024-11-21 9.8 Critical
A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution.
CVE-2022-31783 2 Fedoraproject, Liblouis 2 Fedora, Liblouis 2024-11-21 5.5 Medium
Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace.
CVE-2022-31782 1 Freedesktop 1 Freetype Demo Programs 2024-11-21 7.8 High
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow.
CVE-2022-31781 1 Apache 1 Tapestry 2024-11-21 7.5 High
Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.
CVE-2022-31780 3 Apache, Debian, Fedoraproject 3 Traffic Server, Debian Linux, Fedora 2024-11-21 7.5 High
Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVE-2022-31779 3 Apache, Debian, Fedoraproject 3 Traffic Server, Debian Linux, Fedora 2024-11-21 7.5 High
Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.
CVE-2022-31778 2 Apache, Debian 2 Traffic Server, Debian Linux 2024-11-21 7.5 High
Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. This issue affects Apache Traffic Server 8.0.0 to 9.0.2.
CVE-2022-31776 1 Ibm 1 Datapower Gateway 2024-11-21 8.8 High
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433.
CVE-2022-31775 1 Ibm 1 Datapower Gateway 2024-11-21 9.1 Critical
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228359.
CVE-2022-31774 1 Ibm 1 Datapower Gateway 2024-11-21 5.4 Medium
IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228358.
CVE-2022-31773 1 Ibm 1 Datapower Gateway 2024-11-21 8.8 High
IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357.
CVE-2022-31770 1 Ibm 1 App Connect Enterprise Certified Container 2024-11-21 4.9 Medium
IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.
CVE-2022-31769 2 Ibm, Linux 2 Spectrum Copy Data Management, Linux Kernel 2024-11-21 5.3 Medium
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219.
CVE-2022-31768 1 Ibm 1 Infosphere Information Server 2024-11-21 9.8 Critical
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database.
CVE-2022-31767 2 Ibm, Linux 2 Cics Tx, Linux Kernel 2024-11-21 9.8 Critical
IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980.
CVE-2022-31763 1 Huawei 2 Emui, Harmonyos 2024-11-21 5.5 Medium
The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability.
CVE-2022-31762 1 Huawei 3 Emui, Harmonyos, Magic Ui 2024-11-21 7.8 High
The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation.
CVE-2022-31761 1 Huawei 2 Emui, Magic Ui 2024-11-21 7.5 High
Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality.