Search Results (362717 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-48321 1 Checkmk 1 Checkmk 2024-11-21 6.8 Medium
Limited Server-Side Request Forgery (SSRF) in agent-receiver in Tribe29's Checkmk <= 2.1.0p11 allows an attacker to communicate with local network restricted endpoints by use of the host registration API.
CVE-2022-48285 2 Jszip Project, Redhat 2 Jszip, Rhmt 2024-11-21 7.3 High
loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
CVE-2022-48251 1 Arm 20 Cortex-a53, Cortex-a53 Firmware, Cortex-a55 and 17 more 2024-11-21 7.5 High
The AES instructions on the ARMv8 platform do not have an algorithm that is "intrinsically resistant" to side-channel attacks. NOTE: the vendor reportedly offers the position "while power side channel attacks ... are possible, they are not directly caused by or related to the Arm architecture."
CVE-2022-48217 1 Tradr-project 1 Tf Remapper 2024-11-21 8.1 High
The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot's behavior. This occurs because a topic name depends on the attacker-controlled old_tf_topic_name and/or new_tf_topic_name parameter. NOTE: the vendor's position is "it is the responsibility of the programmer to make sure that only known and required parameters are set and unexpected parameters are not."
CVE-2022-48197 1 Yui Project 1 Yui 2024-11-21 6.1 Medium
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2022-48193 1 Softing 1 Smartlink Sw-ht 2024-11-21 5.9 Medium
Weak ciphers in Softing smartLink SW-HT before 1.30 are enabled during secure communication (SSL).
CVE-2022-48192 1 Softing 1 Smartlink Sw-ht 2024-11-21 7.2 High
Cross-site Scripting vulnerability in Softing smartLink SW-HT before 1.30, which allows an attacker to execute a dynamic script (JavaScript, VBScript) in the context of the application.
CVE-2022-48189 1 Lenovo 170 Thinkpad E14, Thinkpad E14 Firmware, Thinkpad E14 Gen 2 and 167 more 2024-11-21 6.7 Medium
An SMM driver input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2022-48183 3 Lenovo, Linux, Microsoft 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more 2024-11-21 6.1 Medium
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVE-2022-48182 3 Lenovo, Linux, Microsoft 6 Thinkpad T14s Gen 3, Thinkpad T14s Gen 3 Firmware, Thinkpad X13 Gen 3 and 3 more 2024-11-21 6.1 Medium
A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access.
CVE-2022-48165 1 Wavlink 2 Wl-wn530h4, Wl-wn530h4 Firmware 2024-11-21 7.5 High
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN530H4 M30H4.V5030.210121 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.
CVE-2022-48074 1 Nomachine 1 Nomachine 2024-11-21 5.3 Medium
An issue in NoMachine before v8.2.3 allows attackers to execute arbitrary commands via a crafted .nxs file.
CVE-2022-48065 3 Fedoraproject, Gnu, Netapp 3 Fedora, Binutils, Ontap Select Deploy Administration Utility 2024-11-21 5.5 Medium
GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.
CVE-2022-48064 3 Fedoraproject, Gnu, Netapp 3 Fedora, Binutils, Ontap Select Deploy Administration Utility 2024-11-21 5.5 Medium
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
CVE-2022-48063 1 Gnu 1 Binutils 2024-11-21 5.5 Medium
GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.
CVE-2022-48023 1 Zammad 1 Zammad 2024-11-21 4.3 Medium
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags.
CVE-2022-48010 1 Limesurvey 1 Limesurvey 2024-11-21 5.4 Medium
LimeSurvey v5.4.15 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /index.php/surveyAdministration/rendersidemenulink?subaction=surveytexts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description or Welcome-message text fields. NOTE: the vendor indicates that this is not a vulnerability because the manipulation requires Superadministrator privileges, and Superadministrators are already allowed to customize surveys with JavaScript as they wish.
CVE-2022-47937 1 Apache 1 Sling Commons Json 2024-11-21 9.8 Critical
Improper input validation in the Apache Sling Commons JSON bundle allows an attacker to trigger unexpected errors by supplying specially-crafted input. The org.apache.sling.commons.json bundle has been deprecated as of March 2017 and should not be used anymore. Consumers are encouraged to consider the Apache Sling Commons Johnzon OSGi bundle provided by the Apache Sling project, but may of course use other JSON libraries.
CVE-2022-47928 1 Misp-project 1 Malware Information Sharing Platform 2024-11-21 6.1 Medium
In MISP before 2.4.167, there is XSS in the template file uploads in app/View/Templates/upload_file.ctp.
CVE-2022-47925 1 Csaf-validator-lib Project 1 Csaf-validator-lib 2024-11-21 7.5 High
The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected by this vulnerability.