Export limit exceeded: 35571 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35571 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-29790 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions. | ||||
| CVE-2022-29789 | 1 Huawei | 2 Emui, Harmonyos | 2024-11-21 | 7.5 High |
| The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services. | ||||
| CVE-2022-29784 | 1 Publiccms | 1 Publiccms | 2024-11-21 | 5.3 Medium |
| PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. | ||||
| CVE-2022-29780 | 1 Nginx | 1 Njs | 2024-11-21 | 5.5 Medium |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. | ||||
| CVE-2022-29779 | 1 Nginx | 1 Njs | 2024-11-21 | 5.5 Medium |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | ||||
| CVE-2022-29778 | 2 D-link, Dlink | 3 Dir-890l Firmware, Dir-890l, Dir-890l Firmware | 2024-11-21 | 8.8 High |
| D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php | ||||
| CVE-2022-29619 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 6.5 Medium |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. | ||||
| CVE-2022-29614 | 1 Sap | 2 Host Agent, Netweaver Abap | 2024-11-21 | 5.0 Medium |
| SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. | ||||
| CVE-2022-29586 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2024-11-21 | 7.4 High |
| Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode. | ||||
| CVE-2022-29562 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2024-11-21 | 3.7 Low |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner. | ||||
| CVE-2022-29546 | 1 Htmlunit | 1 Htmlunit | 2024-11-21 | 7.5 High |
| HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product. | ||||
| CVE-2022-29505 | 1 Linecorp | 1 Line | 2024-11-21 | 7.8 High |
| Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. | ||||
| CVE-2022-29405 | 1 Apache | 1 Archiva | 2024-11-21 | 6.5 Medium |
| In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8 | ||||
| CVE-2022-29264 | 1 Coreboot | 1 Coreboot | 2024-11-21 | 9.8 Critical |
| An issue was discovered in coreboot 4.13 through 4.16. On APs, arbitrary code execution in SMM may occur. | ||||
| CVE-2022-29262 | 1 Intel | 66 Compute Module Hns2600bpb, Compute Module Hns2600bpb24, Compute Module Hns2600bpb24 Firmware and 63 more | 2024-11-21 | 7.9 High |
| Improper buffer restrictions in some Intel(R) Server Board BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-29014 | 1 Razer | 2 Sila, Sila Firmware | 2024-11-21 | 7.5 High |
| A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. | ||||
| CVE-2022-28995 | 1 Yogeshojha | 1 Rengine | 2024-11-21 | 9.8 Critical |
| Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. | ||||
| CVE-2022-28987 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 5.3 Medium |
| Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. | ||||
| CVE-2022-28956 | 1 Dlink | 2 Dir-816l, Dir-816l Firmware | 2024-11-21 | 9.8 Critical |
| An issue in the getcfg.php component of D-Link DIR816L_FW206b01 allows attackers to access the device via a crafted payload. | ||||
| CVE-2022-28940 | 1 H3c | 2 Magic R100, Magic R100 Firmware | 2024-11-21 | 7.5 High |
| In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack. | ||||