Search Results (363434 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29601 1 Oliverklee 1 Seminars 2024-11-21 9.8 Critical
The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection.
CVE-2022-29600 1 Oliverklee 1 Oelib 2024-11-21 9.8 Critical
The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection.
CVE-2022-29599 3 Apache, Debian, Redhat 8 Maven Shared Utils, Debian Linux, Enterprise Linux and 5 more 2024-11-21 9.8 Critical
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
CVE-2022-29598 1 Solutions-atlantic 1 Regulatory Reporting System 2024-11-21 6.1 Medium
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx .
CVE-2022-29597 1 Solutions-atlantic 1 Regulatory Reporting System 2024-11-21 6.5 Medium
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the file contents of the internal system file requested. This ability could allow for adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application.
CVE-2022-29596 1 Microstrategy 1 Enterprise Manager 2024-11-21 9.8 Critical
MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal.
CVE-2022-29594 2 Eginnovations, Microsoft 5 Eg Agent, Eg Manager, Eg Rum Collectors and 2 more 2024-11-21 7.8 High
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM.
CVE-2022-29592 1 Tenda 2 Tx9 Pro, Tx9 Pro Firmware 2024-11-21 9.8 Critical
Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route).
CVE-2022-29591 1 Tenda 2 Tx9 Pro, Tx9 Pro Firmware 2024-11-21 9.8 Critical
Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.
CVE-2022-29589 1 Crypt-server Project 1 Crypt-server 2024-11-21 6.1 Medium
Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username.
CVE-2022-29588 1 Konicaminolta 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more 2024-11-21 7.5 High
Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files.
CVE-2022-29587 1 Konicaminolta 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more 2024-11-21 4.0 Medium
Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges.
CVE-2022-29586 1 Konicaminolta 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more 2024-11-21 7.4 High
Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode.
CVE-2022-29585 1 Mahara 1 Mahara 2024-11-21 7.5 High
In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of).
CVE-2022-29584 1 Mahara 1 Mahara 2024-11-21 5.4 Medium
Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action.
CVE-2022-29583 2 Microsoft, Service Project 2 Windows, Service 2024-11-21 7.8 High
service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. NOTE: this finding could not be reproduced by its original reporter or by others.
CVE-2022-29582 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 7.0 High
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
CVE-2022-29578 1 Meridian 1 Meridian 2024-11-21 5.3 Medium
Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage.
CVE-2022-29577 2 Antisamy Project, Oracle 3 Antisamy, Enterprise Manager Base Platform, Weblogic Server 2024-11-21 6.1 Medium
OWASP AntiSamy before 1.6.7 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content. NOTE: this issue exists because of an incomplete fix for CVE-2022-28367.
CVE-2022-29567 1 Vaadin 1 Vaadin 2024-11-21 5.7 Medium
The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.