Search Results (363487 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29868 1 1password 1 1password 2024-11-21 5.5 Medium
1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password.
CVE-2022-29866 1 Opcfoundation 1 Ua .net Standard Stack 2024-11-21 7.5 High
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption.
CVE-2022-29865 1 Opcfoundation 1 Ua .net Standard Stack 2024-11-21 7.5 High
OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials.
CVE-2022-29864 1 Opcfoundation 1 Ua .net Standard Stack 2024-11-21 7.5 High
OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.
CVE-2022-29863 1 Opcfoundation 1 Ua .net Standard Stack 2024-11-21 7.5 High
OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation.
CVE-2022-29862 1 Opcfoundation 1 Ua .net Standard Stack 2024-11-21 7.5 High
An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.
CVE-2022-29859 1 Amb1 Sdk Project 1 Amb1 Sdk 2024-11-21 9.8 Critical
component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data.
CVE-2022-29858 1 Silverstripe 1 Assets 2024-11-21 4.3 Medium
Silverstripe silverstripe/assets through 1.10 is vulnerable to improper access control that allows protected images to be published by changing an existing image short code on website content.
CVE-2022-29856 1 Automationanywhere 1 Automation 360 2024-11-21 7.5 High
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages.
CVE-2022-29855 1 Mitel 18 6865i Sip, 6865i Sip Firmware, 6867i Sip and 15 more 2024-11-21 6.8 Medium
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
CVE-2022-29854 1 Mitel 8 6905, 6910, 6920 and 5 more 2024-11-21 6.8 Medium
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.
CVE-2022-29850 1 Lexmark 234 B2236, B2236 Firmware, B2338 and 231 more 2024-11-21 8.1 High
Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.
CVE-2022-29849 1 Progress 1 Openedge 2024-11-21 7.8 High
In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system.
CVE-2022-29848 1 Progress 1 Whatsup Gold 2024-11-21 6.5 Medium
In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.
CVE-2022-29847 1 Progress 1 Whatsup Gold 2024-11-21 7.5 High
In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.
CVE-2022-29846 1 Progress 1 Whatsup Gold 2024-11-21 5.3 Medium
In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number.
CVE-2022-29845 1 Progress 1 Whatsup Gold 2024-11-21 6.5 Medium
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.
CVE-2022-29835 1 Westerndigital 1 Wd Discovery 2024-11-21 5.3 Medium
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.
CVE-2022-29824 6 Debian, Fedoraproject, Netapp and 3 more 26 Debian Linux, Fedora, Active Iq Unified Manager and 23 more 2024-11-21 6.5 Medium
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well.
CVE-2022-29821 1 Jetbrains 1 Pycharm 2024-11-21 6.9 Medium
In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible