Search Results (45925 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-30966 1 Jenkins 1 Random String Parameter 2024-11-21 5.4 Medium
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-30950 1 Jenkins 1 Wmi Windows Agents 2024-11-21 8.8 High
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine.
CVE-2022-30938 1 Siemens 6 En100 Ethernet Module, En100 Ethernet Module Dnp3 Ip Firmware, En100 Ethernet Module Iec 104 Firmware and 3 more 2024-11-21 7.5 High
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint manupulating a specific argument. This could allow an attacker to crash the affected application leading to a denial of service condition
CVE-2022-30937 1 Siemens 6 En100 Ethernet Module, En100 Ethernet Module Dnp3 Firmware, En100 Ethernet Module Iec 104 Firmware and 3 more 2024-11-21 7.5 High
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition.
CVE-2022-30787 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-11-21 6.7 Medium
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVE-2022-30785 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-11-21 6.7 Medium
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVE-2022-30781 1 Gitea 1 Gitea 2024-11-21 7.5 High
Gitea before 1.16.7 does not escape git fetch remote.
CVE-2022-30763 1 Janet-lang 1 Janet 2024-11-21 7.5 High
Janet before 1.22.0 mishandles arrays.
CVE-2022-30702 2 Microsoft, Trendmicro 2 Windows, Security 2024-11-21 5.5 Medium
Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine.
CVE-2022-30632 2 Golang, Redhat 18 Go, Acm, Application Interconnect and 15 more 2024-11-21 7.5 High
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
CVE-2022-30595 1 Python 1 Pillow 2024-11-21 9.8 Critical
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
CVE-2022-30549 1 Fujielectric 1 V-server 2024-11-21 7.8 High
Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
CVE-2022-30546 1 Fujielectric 1 Monitouch V-sft 2024-11-21 7.8 High
Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
CVE-2022-30306 1 Fortinet 1 Fortiweb 2024-11-21 6.3 Medium
A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.
CVE-2022-30126 3 Apache, Oracle, Redhat 3 Tika, Primavera Unifier, Jboss Fuse 2024-11-21 5.5 Medium
In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0
CVE-2022-30123 3 Debian, Rack Project, Redhat 5 Debian Linux, Rack, Enterprise Linux and 2 more 2024-11-21 10.0 Critical
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
CVE-2022-30122 3 Debian, Rack Project, Redhat 5 Debian Linux, Rack, Satellite and 2 more 2024-11-21 7.5 High
A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.
CVE-2022-30067 2 Gimp, Redhat 2 Gimp, Enterprise Linux 2024-11-21 5.5 Medium
GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash.
CVE-2022-30055 2 Mersenne, Microsoft 2 Prime95, Windows 2024-11-21 9.8 Critical
Prime95 30.7 build 9 suffers from a Buffer Overflow vulnerability that could lead to Remote Code Execution.
CVE-2022-30045 1 Ezxml Project 1 Ezxml 2024-11-21 6.5 Medium
An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxml_decode() performs incorrect memory handling while parsing crafted XML files, leading to a heap out-of-bounds read.