Search Results (362531 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-41955 1 Autolabproject 1 Autolab 2024-11-21 8.8 High
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionality, whereby an instructor with access to the feature might be able to execute code on the server hosting Autolab. This vulnerability has been patched in version 2.10.0. As a workaround, disable the MOSS feature if it is unneeded by replacing the body of `run_moss` in `app/controllers/courses_controller.rb` with `render(plain: "Feature disabled", status: :bad_request) && return`.
CVE-2022-41951 1 Oroinc 1 Oroplatform 2024-11-21 8.6 High
OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an attacker can pass the path to a non-existent file, which will allow writing the content to a new file that will be available during script execution. This vulnerability has been fixed in version 5.0.9.
CVE-2022-41854 3 Fedoraproject, Redhat, Snakeyaml Project 13 Fedora, Amq Clients, Camel Spring Boot and 10 more 2024-11-21 5.8 Medium
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
CVE-2022-41850 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 4.7 Medium
roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.
CVE-2022-41849 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 4.2 Medium
drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.
CVE-2022-41802 2 Openatom, Openharmony 2 Openharmony, Openharmony 2024-11-21 4 Medium
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
CVE-2022-41793 1 Openbabel 1 Open Babel 2024-11-21 9.8 Critical
An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-41788 1 Pencidesign 1 Soledad 2024-11-21 5.4 Medium
Auth. (subscriber+) Cross-Site Scripting (XSS) vulnerability in Soledad premium theme <= 8.2.5 on WordPress.
CVE-2022-41763 1 Nokia 1 Access Management System 2024-11-21 8.8 High
An issue was discovered in NOKIA AMS 9.7.05. Remote Code Execution exists via the debugger of the ipAddress variable. A remote user, authenticated to the AMS server, could inject code in the PING function. The privileges of the command executed depend on the user that runs the service.
CVE-2022-41762 1 Nokia 1 Network Functions Manager For Transport 2024-11-21 6.1 Medium
An issue was discovered in NOKIA NFM-T R19.9. Multiple Reflected XSS vulnerabilities exist in the Network Element Manager via any parameter to log.pl, the bench or pid parameter to top.pl, or the id parameter to easy1350.pl.
CVE-2022-41761 1 Nokia 1 Network Functions Manager For Transport 2024-11-21 6.5 Medium
An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files.
CVE-2022-41760 1 Nokia 1 Network Functions Manager For Transport 2024-11-21 6.5 Medium
An issue was discovered in NOKIA NFM-T R19.9. Relative Path Traversal can occur under /oms1350/data/cpb/log of the Network Element Manager via the filename parameter, allowing a remote authenticated attacker to read arbitrary files.
CVE-2022-41749 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 7.8 High
An origin validation error vulnerability in Trend Micro Apex One agents could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-41748 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 6.7 Medium
A registry permissions vulnerability in the Trend Micro Apex One Data Loss Prevention (DLP) module could allow a local attacker with administrative credentials to bypass certain elements of the product's anti-tampering mechanisms on affected installations. Please note: an attacker must first obtain administrative credentials on the target system in order to exploit this vulnerability.
CVE-2022-41747 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 7.8 High
An improper certification validation vulnerability in Trend Micro Apex One agents could allow a local attacker to load a DLL file with system service privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-41746 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 9.1 Critical
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability.
CVE-2022-41745 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 7.0 High
An Out-of-Bounds access vulnerability in Trend Micro Apex One could allow a local attacker to create a specially crafted message to cause memory corruption on a certain service process which could lead to local privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-41744 2 Microsoft, Trendmicro 2 Windows, Apex One 2024-11-21 7.0 High
A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One Vulnerability Protection integrated component could allow a local attacker to escalate privileges and turn a specific working directory into a mount point on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2022-41716 2 Golang, Microsoft 2 Go, Windows 2024-11-21 6.3 Medium
Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".
CVE-2022-41700 1 Intel 1 Nuc Pro Software Suite 2024-11-21 6.7 Medium
Insecure inherited permissions in some Intel(R) NUC Pro Software Suite installation software before version 2.0.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access.