Search Results (362636 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-45136 1 Apache 1 Jena Sdb 2024-11-21 9.8 Critical
Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a result an application using Apache Jena SDB can be subject to RCE when connected to a malicious database server. Apache Jena SDB has been EOL since December 2020 and users should migrate to alternative options e.g. Apache Jena TDB 2.
CVE-2022-45124 1 Wellintech 1 Kinghistorian 2024-11-21 7.5 High
An information disclosure vulnerability exists in the User authentication functionality of WellinTech KingHistorian 35.01.00.05. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can sniff network traffic to leverage this vulnerability.
CVE-2022-45118 1 Openharmony 1 Openharmony 2024-11-21 6.2 Medium
OpenHarmony-v3.1.2 and prior versions had a vulnerability that telephony in communication subsystem sends public events with personal data, but the permission is not set. Malicious apps could listen to public events and obtain information such as mobile numbers and SMS data without permissions.
CVE-2022-45115 1 Justsystems 1 Ichitaro 2022 2024-11-21 7.8 High
A buffer overflow vulnerability exists in the Attribute Arena functionality of Ichitaro 2022 1.0.1.57600. A specially crafted document can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-45112 1 Intel 1 Virtual Raid On Cpu 2024-11-21 7.3 High
Improper access control in some Intel(R) VROC software before version 8.0.0.4035 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-45109 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-11-21 3.3 Low
Improper initialization for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-45082 1 Oxilab 1 Accordions 2024-11-21 3.4 Low
Multiple Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerabilities in Accordions plugin <= 2.0.3 on WordPress via &addons-style-name and &accordions_or_faqs_license_key.
CVE-2022-45048 1 Apache 1 Ranger 2024-11-21 8.4 High
Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.
CVE-2022-44840 1 Gnu 1 Binutils 2024-11-21 7.8 High
Heap buffer overflow vulnerability in binutils readelf before 2.40 via function find_section_in_set in file readelf.c.
CVE-2022-44758 1 Hcltech 1 Bigfix Insights For Vulnerability Remediation 2024-11-21 6.5 Medium
BigFix Insights/IVR fixlet uses improper credential handling within certain fixlet content. An attacker can gain access to information that is not explicitly authorized.
CVE-2022-44757 1 Hcltech 1 Bigfix Insights For Vulnerability Remediation 2024-11-21 6.5 Medium
BigFix Insights for Vulnerability Remediation (IVR) uses weak cryptography that can lead to credential exposure. An attacker could gain access to sensitive information, modify data in unexpected ways, etc.
CVE-2022-44741 1 Slidervilla 1 Testimonial Slider 2024-11-21 6.1 Medium
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.
CVE-2022-44736 1 Chameleon Project 1 Chameleon 2024-11-21 4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Chameleon plugin <= 1.4.3 on WordPress.
CVE-2022-44612 1 Intel 1 Unison 2024-11-21 5.5 Medium
Use of hard-coded credentials in some Intel(R) Unison(TM) software before version 10.12 may allow an authenticated user user to potentially enable information disclosure via local access.
CVE-2022-44593 1 Solidwp 1 Solid Security 2024-11-21 3.7 Low
Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1.
CVE-2022-44591 1 Anthologize Project 1 Anthologize 2024-11-21 4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anthologize plugin <= 0.8.0 on WordPress.
CVE-2022-44587 1 Melapress 1 Wp 2fa 2024-11-21 5.3 Medium
Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through 2.6.3.
CVE-2022-44569 1 Ivanti 1 Automation 2024-11-21 7.8 High
A locally authenticated attacker with low privileges can bypass authentication due to insecure inter-process communication.
CVE-2022-44543 1 In2code 1 Femanager 2024-11-21 5.3 Medium
The femanager extension before 5.5.2, 6.x before 6.3.3, and 7.x before 7.0.1 for TYPO3 allows creation of frontend users in restricted groups (if there is a usergroup field on the registration form). This occurs because the usergroup.inList protection mechanism is mishandled.
CVE-2022-44455 2 Openatom, Openharmony 2 Openharmony, Openharmony 2024-11-21 6.8 Medium
The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.