Search Results (362049 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-38668 1 Crowcpp 1 Crow 2024-11-21 7.5 High
HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB.
CVE-2022-38667 1 Crowcpp 1 Crow 2024-11-21 9.8 Critical
HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. The HTTP parser supports HTTP pipelining, but the asynchronous Connection layer is unaware of HTTP pipelining. Specifically, the Connection layer is unaware that it has begun processing a later request before it has finished processing an earlier request.
CVE-2022-38665 1 Jenkins 1 Collabnet 2024-11-21 6.5 Medium
Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
CVE-2022-38664 1 Jenkins 1 Job Configuration History 2024-11-21 5.4 Medium
Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.
CVE-2022-38663 1 Jenkins 1 Git 2024-11-21 6.5 Medium
Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.
CVE-2022-38652 1 Vmware 1 Hyperic Agent 2024-11-21 9.9 Critical
A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2022-38650 1 Vmware 1 Hyperic Server 2024-11-21 10.0 Critical
A remote unauthenticated insecure deserialization vulnerability exists in VMware Hyperic Server 5.8.6. Exploitation of this vulnerability enables a malicious party to run arbitrary code or malware within Hyperic Server and the host operating system with the privileges of the Hyperic server process. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2022-38639 1 Inkdrop 1 Markdown Nice 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in Markdown-Nice v1.8.22 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Community Posting field.
CVE-2022-38638 1 Casbin 1 Casdoor 2024-11-21 9.1 Critical
Casdoor v1.97.3 was discovered to contain an arbitrary file write vulnerability via the fullFilePath parameter at /api/upload-resource.
CVE-2022-38637 1 Hospital Management System Project 1 Hospital Management System 2024-11-21 9.8 Critical
Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.
CVE-2022-38633 1 Genymobile 1 Genymotion Desktop 2024-11-21 7.8 High
Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary.
CVE-2022-38625 1 Patlite 6 Nbm-d88n, Nbm-d88n Firmware, Nhl-3fb1 and 3 more 2024-11-21 8.8 High
Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the vendor's position is that this is a design choice, not a vulnerability
CVE-2022-38621 1 Doufox 1 Doufox 2024-11-21 9.8 Critical
Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-38618 1 Bpcbt 1 Smartvista 2024-11-21 8.8 High
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/country_group.jsf.
CVE-2022-38617 1 Bpcbt 1 Smartvista 2024-11-21 8.8 High
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the voiceAudit:j_id97 parameter at /SVFE2/pages/audit/voiceaudit.jsf.
CVE-2022-38616 1 Bpcbt 1 Smartvista Front-end 2024-11-21 8.8 High
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.
CVE-2022-38615 1 Bpcbt 1 Smartvista Front-end 2024-11-21 8.8 High
SmartVista SVFE2 v2.2.22 was discovered to contain multiple SQL injection vulnerabilities via the UserForm:j_id88, UserForm:j_id90, and UserForm:j_id92 parameters at /SVFE2/pages/feegroups/service_group.jsf.
CVE-2022-38614 1 Bpcbt 1 Smartvista Cardgen 2024-11-21 7.5 High
An issue in the IGB Files and OutfileService features of SmartVista Cardgen v3.28.0 allows attackers to list and download arbitrary files via modifying the PATH parameter.
CVE-2022-38613 1 Bpcbt 1 Smartvista Cardgen 2024-11-21 6.5 Medium
A Path Traversal vulnerability in SmartVista Cardgen v3.28.0 allows authenticated attackers to read arbitrary files in the system.
CVE-2022-38611 1 Watchdog 1 Anti-virus 2024-11-21 7.8 High
Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary.