Search Results (362508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-40807 1 Democritus Domains Project 1 Democritus Domains 2024-11-21 9.8 Critical
The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0
CVE-2022-40806 1 Democritus Uuids Project 1 Democritus Uuids 2024-11-21 9.8 Critical
The d8s-uuids for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0
CVE-2022-40805 1 Democritus Urls Project 1 Democritus Urls 2024-11-21 9.8 Critical
The d8s-urls for python 0.1.0, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-hypothesis package.
CVE-2022-40778 1 Opswat 1 Metadefender 2024-11-21 5.4 Medium
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13.0 allows attackers to execute arbitrary JavaScript or HTML because of the blocked page response.
CVE-2022-40777 1 Interspire 1 Email Marketer 2024-11-21 8.8 High
Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveys_submit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550.
CVE-2022-40775 1 Axiosys 1 Bento4 2024-11-21 5.5 Medium
An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_StszAtom::WriteFields.
CVE-2022-40774 1 Axiosys 1 Bento4 2024-11-21 5.5 Medium
An issue was discovered in Bento4 through 1.6.0-639. There is a NULL pointer dereference in AP4_StszAtom::GetSampleSize.
CVE-2022-40769 1 Profanity Project 1 Profanity 2024-11-21 7.5 High
profanity through 1.60 has only four billion possible RNG initializations. Thus, attackers can recover private keys from Ethereum vanity addresses and steal cryptocurrency, as exploited in the wild in June 2022.
CVE-2022-40768 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2024-11-21 5.5 Medium
drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.
CVE-2022-40766 1 Moderncampus 1 Omni Cms 2024-11-21 9.8 Critical
Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring.
CVE-2022-40764 1 Snyk 2 Cli, Golang Cli 2024-11-21 7.8 High
Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1. This affects, for example, the Snyk TeamCity plugin (which does not update automatically) before 20220930.142957.
CVE-2022-40762 1 Samsung 1 Mtower 2024-11-21 7.5 High
A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.
CVE-2022-40761 1 Samsung 1 Mtower 2024-11-21 7.5 High
The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.
CVE-2022-40760 1 Samsung 1 Mtower 2024-11-21 7.5 High
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.
CVE-2022-40759 1 Samsung 1 Mtower 2024-11-21 7.5 High
A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.
CVE-2022-40758 1 Samsung 1 Mtower 2024-11-21 7.5 High
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.
CVE-2022-40757 1 Samsung 1 Mtower 2024-11-21 7.5 High
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.
CVE-2022-40755 1 Jasper Project 1 Jasper 2024-11-21 5.5 Medium
JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c.
CVE-2022-40745 1 Ibm 1 Aspera Faspex 2024-11-21 5.5 Medium
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to weaker than expected security. IBM X-Force ID: 236452.
CVE-2022-40744 1 Ibm 1 Aspera Faspex 2024-11-21 4.8 Medium
IBM Aspera Faspex 5.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236441.