Search Results (363662 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29154 3 Fedoraproject, Redhat, Samba 6 Fedora, Enterprise Linux, Rhel E4s and 3 more 2024-11-21 7.4 High
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file).
CVE-2022-29153 2 Fedoraproject, Hashicorp 2 Fedora, Consul 2024-11-21 7.5 High
HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.
CVE-2022-29152 1 Ericom 1 Powerterm Webconnect 2024-11-21 6.1 Medium
The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page.
CVE-2022-29097 1 Dell 1 Wyse Management Suite 2024-11-21 4.9 Medium
Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application.
CVE-2022-29096 1 Dell 1 Wyse Management Suite 2024-11-21 6.1 Medium
Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
CVE-2022-29095 1 Dell 2 Supportassist For Business Pcs, Supportassist For Home Pcs 2024-11-21 8.3 High
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system.
CVE-2022-29094 1 Dell 2 Supportassist For Business Pcs, Supportassist For Home Pcs 2024-11-21 7.1 High
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system.
CVE-2022-29093 1 Dell 2 Supportassist For Business Pcs, Supportassist For Home Pcs 2024-11-21 7.1 High
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system.
CVE-2022-29092 1 Dell 2 Supportassist For Business Pcs, Supportassist For Home Pcs 2024-11-21 7.8 High
Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system.
CVE-2022-29091 1 Dell 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment 2024-11-21 5.3 Medium
Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.
CVE-2022-29090 1 Dell 1 Wyse Management Suite 2024-11-21 8.5 High
Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. A low privileged malicious user could potentially exploit this vulnerability in order to obtain credentials. The attacker may be able to use the exposed credentials to access the target device and perform unauthorized actions.
CVE-2022-29085 1 Dell 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment 2024-11-21 6.4 Medium
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user.
CVE-2022-29084 1 Dell 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment 2024-11-21 8.1 High
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users.
CVE-2022-29082 1 Dell 1 Emc Networker 2024-11-21 3.7 Low
Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.
CVE-2022-29080 1 Npm-dependency-versions Project 1 Npm-dependency-versions 2024-11-21 9.8 Critical
The npm-dependency-versions package through 0.3.0 for Node.js allows command injection if an attacker is able to call dependencyVersions with a JSON object in which pkgs is a key, and there are shell metacharacters in a value.
CVE-2022-29078 1 Ejs 1 Ejs 2024-11-21 9.8 Critical
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
CVE-2022-29077 1 Ripple 1 Rippled 2024-11-21 9.8 Critical
A heap-based buffer overflow exists in rippled before 1.8.5. The vulnerability allows attackers to cause a crash or execute commands remotely on a rippled node, which may lead to XRPL mainnet DoS or compromise. This exposes all digital assets on the XRPL to a security threat.
CVE-2022-29063 1 Apache 1 Ofbiz 2024-11-21 9.8 Critical
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646.
CVE-2022-29062 1 Fortinet 1 Fortisoar 2024-11-21 6.3 Medium
Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to write to the underlying filesystem with nginx permissions via crafted HTTP requests.
CVE-2022-29061 1 Fortinet 1 Fortisoar 2024-11-21 7.2 High
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiSOAR before 7.2.1 allows an authenticated attacker to execute unauthorized code or commands via crafted HTTP GET requests.