Search Results (363426 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-29484 1 Cybozu 1 Garoon 2024-11-21 8.1 High
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.
CVE-2022-29483 1 Abb 1 E-design 2024-11-21 7.8 High
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine.
CVE-2022-29482 1 Dena 1 Mobaoku-auction \& Flea Market 2024-11-21 3.7 Low
'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.
CVE-2022-29480 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2024-11-21 5.3 Medium
On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-29479 1 F5 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more 2024-11-21 5.3 Medium
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-29474 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2024-11-21 4.3 Medium
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-29473 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2024-11-21 5.9 Medium
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause Traffic Management Microkernel(TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2022-29471 1 Cybozu 1 Garoon 2024-11-21 4.3 Medium
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.
CVE-2022-29470 1 Intel 1 Dynamic Tuning Technology 2024-11-21 6.7 Medium
Improper access control in the IntelĀ® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-29467 1 Cybozu 1 Garoon 2024-11-21 4.3 Medium
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.
CVE-2022-29457 1 Zohocorp 4 Manageengine Adaudit Plus, Manageengine Admanager Plus, Manageengine Adselfservice Plus and 1 more 2024-11-21 8.8 High
Zoho ManageEngine ADSelfService Plus before 6121, ADAuditPlus 7060, Exchange Reporter Plus 5701, and ADManagerPlus 7131 allow NTLM Hash disclosure during certain storage-path configuration steps.
CVE-2022-29405 1 Apache 1 Archiva 2024-11-21 6.5 Medium
In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8
CVE-2022-29404 4 Apache, Fedoraproject, Netapp and 1 more 5 Http Server, Fedora, Clustered Data Ontap and 2 more 2024-11-21 7.5 High
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.
CVE-2022-29402 1 Tp-link 2 Tl-wr840n, Tl-wr840n Firmware 2024-11-21 6.8 Medium
TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.
CVE-2022-29399 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0.
CVE-2022-29398 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c.
CVE-2022-29397 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8.
CVE-2022-29396 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10.
CVE-2022-29395 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4.
CVE-2022-29394 1 Totolink 2 N600r, N600r Firmware 2024-11-21 9.8 Critical
TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448.