Search Results (363403 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28970 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 7.5 High
Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS).
CVE-2022-28969 1 Tenda 2 Ax1806, Ax1806 Firmware 2024-11-21 7.5 High
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS).
CVE-2022-28966 1 Wasm3 Project 1 Wasm3 2024-11-21 5.5 Medium
Wasm3 0.5.0 has a heap-based buffer overflow in NewCodePage in m3_code.c (called indirectly from Compile_BranchTable in m3_compile.c).
CVE-2022-28965 1 Avast 1 Premium Security 2024-11-21 6.5 Medium
Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.
CVE-2022-28964 1 Avast 1 Premium Security 2024-11-21 7.1 High
An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file.
CVE-2022-28962 1 Online Sports Complex Booking System Project 1 Online Sports Complex Booking System 2024-11-21 9.8 Critical
Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client.
CVE-2022-28961 1 Spip 1 Spip 2024-11-21 8.8 High
Spip Web Framework v3.1.13 and below was discovered to contain multiple SQL injection vulnerabilities at /ecrire via the lier_trad and where parameters.
CVE-2022-28960 1 Spip 1 Spip 2024-11-21 8.8 High
A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire.
CVE-2022-28959 1 Spip 1 Spip 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities in the component /spip.php of Spip Web Framework v3.1.13 and below allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-28956 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 9.8 Critical
An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload.
CVE-2022-28955 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 7.5 High
An access control issue in D-Link DIR816L_FW206b01 allows unauthenticated attackers to access folders folder_view.php and category_view.php.
CVE-2022-28948 3 Netapp, Redhat, Yaml Project 4 Astra Trident, Cryostat, Openshift Devspaces and 1 more 2024-11-21 7.5 High
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
CVE-2022-28946 1 Openpolicyagent 1 Open Policy Agent 2024-11-21 7.5 High
An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.
CVE-2022-28945 1 Webbank 1 Webcube 2024-11-21 9.8 Critical
An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file.
CVE-2022-28944 2 Emcosoftware, Microsoft 9 Msi Package Builder, Network Inventory, Network Software Scanner and 6 more 2024-11-21 8.8 High
Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ΒΆΒΆ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process.
CVE-2022-28940 1 H3c 2 Magic R100, Magic R100 Firmware 2024-11-21 7.5 High
In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack.
CVE-2022-28937 1 Fisco-bcos 1 Fisco-bcos 2024-11-21 7.5 High
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests.
CVE-2022-28936 1 Fisco-bcos 1 Fisco-bcos 2024-11-21 7.5 High
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet.
CVE-2022-28935 1 Totolink 12 A3000ru, A3000ru Firmware, A3100r and 9 more 2024-11-21 7.2 High
Totolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability.
CVE-2022-28932 1 Dlink 2 Dsl-g2452dg, Dsl-g2452dg Firmware 2024-11-21 9.8 Critical
D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.