Search Results (363364 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-28379 1 Nginxproxymanager 1 Nginx Proxy Manager 2024-11-21 6.8 Medium
jc21.com Nginx Proxy Manager before 2.9.17 allows XSS during item deletion.
CVE-2022-28378 1 Craftcms 1 Craft Cms 2024-11-21 6.1 Medium
Craft CMS before 3.7.29 allows XSS.
CVE-2022-28377 1 Verizon 4 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware, Lvskihp Outdoorunit and 1 more 2024-11-21 7.5 High
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of the IDU's base Ethernet interface, and adding the string DEVICE_MANUFACTURER='Wistron_NeWeb_Corp.' to /etc/device_info to replicate the host environment. This occurs in /etc/init.d/wnc_factoryssidkeypwd (IDU).
CVE-2022-28376 1 Verizon 2 Lvskihp, Lvskihp Firmware 2024-11-21 8.1 High
Verizon 5G Home LVSKIHP outside devices through 2022-02-15 allow anyone (knowing the device's serial number) to access a CPE admin website, e.g., at the 10.0.0.1 IP address. The password (for the verizon username) is calculated by concatenating the serial number and the model (i.e., the LVSKIHP string), running the sha256sum program, and extracting the first seven characters concatenated with the last seven characters of that SHA-256 value.
CVE-2022-28375 1 Verizon 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware 2024-11-21 9.8 Critical
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to achieve remote code execution as root,
CVE-2022-28374 1 Verizon 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware 2024-11-21 8.8 High
Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. An authenticated remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/admin/settings.lua to achieve remote code execution as root.
CVE-2022-28373 1 Verizon 2 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware 2024-11-21 9.8 Critical
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. A remote attacker on the local network can inject shell metacharacters to achieve remote code execution as root.
CVE-2022-28372 1 Verizon 4 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware, Lvskihp Outdoorunit and 1 more 2024-11-21 7.5 High
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. The URL provided is not validated, and thus allows for arbitrary file upload to the device. This occurs in /lib/lua/luci/crtc.lua (IDU) and /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh (ODU).
CVE-2022-28371 1 Verizon 4 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware, Lvskihp Outdoorunit and 1 more 2024-11-21 7.5 High
On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. This certificate is embedded in the firmware, and is identical across the fleet of devices. An attacker need only download this firmware and extract the private components of these certificates (from /etc/lighttpd.d/ca.pem and /etc/lighttpd.d/server.pem) to gain access. (The firmware download location is shown in a device's upgrade logs.)
CVE-2022-28370 1 Verizon 2 Lvskihp Outdoorunit, Lvskihp Outdoorunit Firmware 2024-11-21 7.5 High
On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. /lib/functions/wnc_jsonsh/wnc_crtc_fw.sh has no cryptographic validation of the image, thus allowing an attacker to modify the installed firmware.
CVE-2022-28369 1 Verizon 2 Lvskihp Indoorunit, Lvskihp Indoorunit Firmware 2024-11-21 9.8 Critical
Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provide a malicious URL. The data (found at that URL) is written to /usr/sbin/dropbear and then executed as root.
CVE-2022-28368 1 Dompdf Project 1 Dompdf 2024-11-21 9.8 Critical
Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).
CVE-2022-28367 1 Antisamy Project 1 Antisamy 2024-11-21 6.1 Medium
OWASP AntiSamy before 1.6.6 allows XSS via HTML tag smuggling on STYLE content with crafted input. The output serializer does not properly encode the supposed Cascading Style Sheets (CSS) content.
CVE-2022-28366 3 Antisamy Project, Cyberneko Html Project, Htmlunit 3 Antisamy, Cyberneko Html, Htmlunit 2024-11-21 7.5 High
Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24839.
CVE-2022-28357 1 Linuxfoundation 1 Nats-server 2024-11-21 9.8 Critical
NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.
CVE-2022-28355 1 Scala-js 1 Scala.js 2024-11-21 7.5 High
randomUUID in Scala.js before 1.10.0 generates predictable values.
CVE-2022-28352 1 Weechat 1 Weechat 2024-11-21 4.3 Medium
WeeChat (aka Wee Enhanced Environment for Chat) 3.2 to 3.4 before 3.4.1 does not properly verify the TLS certificate of the server, after certain GnuTLS options are changed, which allows man-in-the-middle attackers to spoof a TLS chat server via an arbitrary certificate. NOTE: this only affects situations where weechat.network.gnutls_ca_system or weechat.network.gnutls_ca_user is changed without a WeeChat restart.
CVE-2022-28350 1 Arm 1 Valhall Gpu Kernel Driver 2024-11-21 9.8 Critical
Arm Mali GPU Kernel Driver allows improper GPU operations in Valhall r29p0 through r36p0 before r37p0 to reach a use-after-free situation.
CVE-2022-28349 1 Arm 3 Bifrost Gpu Kernel Driver, Midguard Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-11-21 9.8 Critical
Arm Mali GPU Kernel Driver has a use-after-free: Midgard r28p0 through r29p0 before r30p0, Bifrost r17p0 through r23p0 before r24p0, and Valhall r19p0 through r23p0 before r24p0.
CVE-2022-28348 1 Arm 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-11-21 9.8 Critical
Arm Mali GPU Kernel Driver (Midgard r4p0 through r31p0, Bifrost r0p0 through r36p0 before r37p0, and Valhall r19p0 through r36p0 before r37p0) allows improper GPU memory operations to reach a use-after-free situation.