Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 45928 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (45928 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-30984 3 Linux, Opengroup, Rubrik 3 Linux Kernel, Unix, Cdm 2024-11-21 7.8 High
A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent.
CVE-2022-30976 1 Gpac 1 Gpac 2024-11-21 7.1 High
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
CVE-2022-30973 2 Apache, Redhat 2 Tika, Integration 2024-11-21 5.5 Medium
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3.
CVE-2022-30966 1 Jenkins 1 Random String Parameter 2024-11-21 5.4 Medium
Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2022-30950 1 Jenkins 1 Wmi Windows Agents 2024-11-21 8.8 High
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine.
CVE-2022-30938 1 Siemens 6 En100 Ethernet Module, En100 Ethernet Module Dnp3 Ip Firmware, En100 Ethernet Module Iec 104 Firmware and 3 more 2024-11-21 7.5 High
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint manupulating a specific argument. This could allow an attacker to crash the affected application leading to a denial of service condition
CVE-2022-30937 1 Siemens 6 En100 Ethernet Module, En100 Ethernet Module Dnp3 Firmware, En100 Ethernet Module Iec 104 Firmware and 3 more 2024-11-21 7.5 High
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition.
CVE-2022-30787 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-11-21 6.7 Medium
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVE-2022-30785 3 Debian, Fedoraproject, Tuxera 3 Debian Linux, Fedora, Ntfs-3g 2024-11-21 6.7 Medium
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.
CVE-2022-30781 1 Gitea 1 Gitea 2024-11-21 7.5 High
Gitea before 1.16.7 does not escape git fetch remote.
CVE-2022-30763 1 Janet-lang 1 Janet 2024-11-21 7.5 High
Janet before 1.22.0 mishandles arrays.
CVE-2022-30702 2 Microsoft, Trendmicro 2 Windows, Security 2024-11-21 5.5 Medium
Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine.
CVE-2022-30632 2 Golang, Redhat 18 Go, Acm, Application Interconnect and 15 more 2024-11-21 7.5 High
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
CVE-2022-30595 1 Python 1 Pillow 2024-11-21 9.8 Critical
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.
CVE-2022-30549 1 Fujielectric 1 V-server 2024-11-21 7.8 High
Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
CVE-2022-30546 1 Fujielectric 1 Monitouch V-sft 2024-11-21 7.8 High
Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.
CVE-2022-30306 1 Fortinet 1 Fortiweb 2024-11-21 6.3 Medium
A stack-based buffer overflow vulnerability [CWE-121] in the CA sign functionality of FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 and below may allow an authenticated attacker to achieve arbitrary code execution via specifically crafted password.
CVE-2022-30126 3 Apache, Oracle, Redhat 3 Tika, Primavera Unifier, Jboss Fuse 2024-11-21 5.5 Medium
In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0
CVE-2022-30123 3 Debian, Rack Project, Redhat 5 Debian Linux, Rack, Enterprise Linux and 2 more 2024-11-21 10.0 Critical
A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.
CVE-2022-30122 3 Debian, Rack Project, Redhat 5 Debian Linux, Rack, Satellite and 2 more 2024-11-21 7.5 High
A possible denial of service vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 in the multipart parsing component of Rack.