Search Results (362446 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-40090 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2024-11-21 6.5 Medium
An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file.
CVE-2022-40076 1 Tenda 2 Ac21, Ac21 Firmware 2024-11-21 7.5 High
Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetWifiGusetBasic.
CVE-2022-40075 1 Tenda 2 Ac21, Ac21 Firmware 2024-11-21 7.5 High
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, form_fast_setting_wifi_set.
CVE-2022-40074 1 Tenda 2 Ac21, Ac21 Firmware 2024-11-21 7.5 High
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, setSchedWifi.
CVE-2022-40073 1 Tenda 2 Ac21, Ac21 Firmware 2024-11-21 7.5 High
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, saveParentControlInfo.
CVE-2022-40072 1 Tenda 2 Ac21, Ac21 Firmware 2024-11-21 7.5 High
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: setSmartPowerManagement.
CVE-2022-40071 1 Tenda 2 Ac21, Ac21 Firmware 2024-11-21 7.5 High
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, formSetDeviceName.
CVE-2022-40070 1 Tenda 2 Ac21, Ac21 Firmware 2024-11-21 7.5 High
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via bin/httpd, function: formSetFirewallCfg.
CVE-2022-40069 1 Tenda 2 Ac21, Ac21 Firmware 2024-11-21 7.5 High
]Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: fromSetSysTime.
CVE-2022-40068 1 Tenda 2 Ac21, Ac21 Firmware 2024-11-21 7.5 High
Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetQosBand.
CVE-2022-40067 1 Tenda 2 Ac21, Ac21 Firmware 2024-11-21 7.5 High
Tenda AC21 V 16.03.08.15 is vulnerable to Buffer Overflow via /bin/httpd, function: formSetVirtualSer.
CVE-2022-40047 1 Flatpress 1 Flatpress 2024-11-21 5.4 Medium
Flatpress v1.2.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the page parameter at /flatpress/admin.php.
CVE-2022-3996 1 Openssl 1 Openssl 2024-11-21 7.5 High
If an X.509 certificate contains a malformed policy constraint and policy processing is enabled, then a write lock will be taken twice recursively. On some operating systems (most widely: Windows) this results in a denial of service when the affected process hangs. Policy processing being enabled on a publicly facing server is not considered to be a common setup. Policy processing is enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. Update (31 March 2023): The description of the policy processing enablement was corrected based on CVE-2023-0466.
CVE-2022-3968 1 Emlog 1 Emlog 2024-11-21 3.5 Low
A vulnerability has been found in emlog and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/article_save.php. The manipulation of the argument tag leads to cross site scripting. The attack can be launched remotely. The name of the patch is 5bf7a79826e0ea09bcc8a21f69a0c74107761a02. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213547.
CVE-2022-3965 1 Ffmpeg 1 Ffmpeg 2024-11-21 4.3 Medium
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544.
CVE-2022-3964 1 Ffmpeg 1 Ffmpeg 2024-11-21 4.3 Medium
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543.
CVE-2022-3962 2 Kiali, Redhat 6 Kiali, Enterprise Linux, Enterprise Linux For Ibm Z Systems and 3 more 2024-11-21 4.3 Medium
A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed.
CVE-2022-3950 1 Publiccms 1 Publiccms 2024-11-21 3.5 Low
A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456.
CVE-2022-3941 1 Activity Log Project 1 Activity Log 2024-11-21 5.3 Medium
A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448.
CVE-2022-3916 1 Redhat 9 Enterprise Linux, Keycloak, Openshift Container Platform and 6 more 2024-11-21 6.8 Medium
A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user.