Search Results (362462 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-40432 1 D8s-strings Project 1 D8s-strings 2024-11-21 9.8 Critical
The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0.
CVE-2022-40431 1 D8s-pdfs Project 1 D8s-pdfs 2024-11-21 9.8 Critical
The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
CVE-2022-40430 1 D8s-utility Project 1 D8s-utility 2024-11-21 9.8 Critical
The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
CVE-2022-40429 1 D8s-ip-addresses Project 1 D8s-ip-addresses 2024-11-21 9.8 Critical
The d8s-ip-addresses for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
CVE-2022-40428 1 D8s-mpeg Project 1 D8s Mpeg 2024-11-21 9.8 Critical
The d8s-mpeg for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
CVE-2022-40427 1 Democritus Domains Project 1 Democritus Domains 2024-11-21 9.8 Critical
The d8s-domains for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0
CVE-2022-40426 1 D8s-asns Project 1 D8s-asns 2024-11-21 9.8 Critical
The d8s-asns for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
CVE-2022-40425 1 D8s-html Project 1 D8s-html 2024-11-21 9.8 Critical
The d8s-html for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.
CVE-2022-40424 1 Democritus Urls Project 1 Democritus Urls 2024-11-21 9.8 Critical
The d8s-urls for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. A potential code execution backdoor inserted by third parties is the democritus-networking package. The affected version of d8s-urls is 0.1.0
CVE-2022-40365 1 Gocron Project 1 Gocron 2024-11-21 6.1 Medium
Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue.
CVE-2022-40337 1 Aspiresoftware 1 Open Aviation Strategic Engineering System 2024-11-21 8.8 High
OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu.
CVE-2022-40325 1 Sysaid 1 Help Desk 2024-11-21 6.1 Medium
SysAid Help Desk before 22.1.65 allows XSS via the Asset Dashboard, aka FR# 67262.
CVE-2022-40324 1 Sysaid 1 Help Desk 2024-11-21 6.1 Medium
SysAid Help Desk before 22.1.65 allows XSS via the Linked SRs field, aka FR# 67258.
CVE-2022-40323 1 Sysaid 1 Help Desk 2024-11-21 6.1 Medium
SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.
CVE-2022-40322 1 Sysaid 1 Help Desk 2024-11-21 6.1 Medium
SysAid Help Desk before 22.1.65 allows XSS, aka FR# 66542 and 65579.
CVE-2022-40320 2 Fedoraproject, Libconfuse Project 2 Fedora, Libconfuse 2024-11-21 8.8 High
cfg_tilde_expand in confuse.c in libConfuse 3.3 has a heap-based buffer over-read.
CVE-2022-40318 3 Debian, Frrouting, Redhat 3 Debian Linux, Frrouting, Enterprise Linux 2024-11-21 6.5 Medium
An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.
CVE-2022-40317 1 Openkm 1 Openkm 2024-11-21 5.4 Medium
OpenKM 6.3.11 allows stored XSS related to the javascript: substring in an A element.
CVE-2022-40307 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 4.7 Medium
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
CVE-2022-40306 1 Ecisolutions 1 Printanista Managed Print Service 2024-11-21 5.9 Medium
The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) before 5.5.2 (July 2023) performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS) by requesting that form repeatedly.