Search Results (364500 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-36321 1 Jetbrains 1 Teamcity 2024-11-21 4.1 Medium
In JetBrains TeamCity before 2022.04.2 the private SSH key could be written to the build log in some cases
CVE-2022-36312 1 Airspan 2 Airvelocity 1500, Airvelocity 1500 Firmware 2024-11-21 8.8 High
Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
CVE-2022-36311 1 Airspan 2 Airvelocity 1500, Airvelocity 1500 Firmware 2024-11-21 6.1 Medium
Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
CVE-2022-36310 1 Airspan 2 Airvelocity 1500, Airvelocity 1500 Firmware 2024-11-21 8.8 High
Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. This issue may affect other AirVelocity and AirSpeed models.
CVE-2022-36309 1 Airspan 2 Airvelocity 1500, Airvelocity 1500 Firmware 2024-11-21 8.8 High
Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. This issue may affect other AirVelocity and AirSpeed models.
CVE-2022-36308 1 Airspan 2 Airvelocity 1500, Airvelocity 1500 Firmware 2024-11-21 9.1 Critical
Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. This issue may affect other AirVelocity and AirSpeed models.
CVE-2022-36307 1 Airspan 2 Airvelocity 1500, Airvelocity 1500 Firmware 2024-11-21 6.8 Medium
The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. This was fixed in AirVelocity 1500 software version 15.18.00.2511 and may affect other AirVelocity and AirSpeed models.
CVE-2022-36306 1 Airspan 2 Airvelocity 1500, Airvelocity 1500 Firmware 2024-11-21 6.5 Medium
An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. These vulnerabilities were found in AirVelocity 1500 running software version 9.3.0.01249, were still present in 15.18.00.2511, and may affect other AirVelocity and AirSpeed models.
CVE-2022-36305 1 Vestacp 1 Vesta Control Panel 2024-11-21 6.1 Medium
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the body function at /web/api/v1/upload/UploadHandler.php.
CVE-2022-36304 1 Vestacp 1 Vesta Control Panel 2024-11-21 6.1 Medium
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the generate_response function at /web/api/v1/upload/UploadHandler.php.
CVE-2022-36303 1 Vestacp 1 Vesta Control Panel 2024-11-21 6.1 Medium
Vesta v1.0.0-5 was discovered to contain a cross-site scripting (XSS) vulnerability via the handle_file_upload function at /web/api/v1/upload/UploadHandler.php.
CVE-2022-36302 1 Bosch 1 Bf-os 2024-11-21 8.8 High
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information.
CVE-2022-36301 1 Bosch 1 Bf-os 2024-11-21 9.8 Critical
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password.
CVE-2022-36293 1 Nintendo 2 Wi-fi Network Adaptor Wap 001, Wi-fi Network Adaptor Wap 001 Firmware 2024-11-21 7.2 High
Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary code via unspecified vectors.
CVE-2022-36287 1 Intel 1 Field Programmable Gate Array Crypto Service Server 2024-11-21 4 Medium
Uncaught exception in the FCS Server software maintained by Intel before version 1.1.79.3 may allow a privileged user to potentially enable denial of service via physical access.
CVE-2022-36280 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2024-11-21 6.3 Medium
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
CVE-2022-36279 1 Siretta 2 Quartz-gold, Quartz-gold Firmware 2024-11-21 8.8 High
A stack-based buffer overflow vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-36277 1 Tcman 1 Gim 2024-11-21 6.5 Medium
The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.
CVE-2022-36276 1 Tcman 1 Gim 2024-11-21 9.9 Critical
TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.
CVE-2022-36273 1 Tenda 2 Ac9, Ac9 Firmware 2024-11-21 9.8 Critical
Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.