Export limit exceeded: 13718 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10856 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10856 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-28924 | 1 Universis | 1 Universis-students | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. | ||||
| CVE-2022-28890 | 1 Apache | 1 Jena | 2024-11-21 | 9.8 Critical |
| A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities. | ||||
| CVE-2022-28794 | 1 Google | 1 Android | 2024-11-21 | 2.2 Low |
| Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. | ||||
| CVE-2022-28755 | 1 Zoom | 2 Virtual Desktop Infrastructure, Zoom | 2024-11-21 | 9.6 Critical |
| The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including the potential for remote code execution through launching executables from arbitrary paths. | ||||
| CVE-2022-28244 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 6.3 Medium |
| Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a violation of secure design principles through bypassing the content security policy, which could result in an attacker sending arbitrarily configured requests to the cross-origin attack target domain. Exploitation requires user interaction in which the victim needs to access a crafted PDF file on an attacker's server. | ||||
| CVE-2022-28226 | 2 Microsoft, Yandex | 2 Windows, Yandex Browser | 2024-11-21 | 7.8 High |
| Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process. | ||||
| CVE-2022-28219 | 1 Zohocorp | 1 Manageengine Adaudit Plus | 2024-11-21 | 9.8 Critical |
| Cewolf in Zoho ManageEngine ADAudit Plus before 7060 is vulnerable to an unauthenticated XXE attack that leads to Remote Code Execution. | ||||
| CVE-2022-28215 | 1 Sap | 1 Netweaver Abap | 2024-11-21 | 4.7 Medium |
| SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information. | ||||
| CVE-2022-28201 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2024-11-21 | 4.4 Medium |
| An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message. | ||||
| CVE-2022-28160 | 1 Jenkins | 1 Tests Selector | 2024-11-21 | 6.5 Medium |
| Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. | ||||
| CVE-2022-28155 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 8.1 High |
| Jenkins Pipeline: Phoenix AutoTest Plugin 1.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-28154 | 1 Jenkins | 1 Coverage\/complexity Scatter Plot | 2024-11-21 | 8.1 High |
| Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-28140 | 1 Jenkins | 1 Flaky Test Handler | 2024-11-21 | 8.1 High |
| Jenkins Flaky Test Handler Plugin 1.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-28131 | 4 Fedoraproject, Golang, Netapp and 1 more | 16 Fedora, Go, Cloud Insights Telegraf and 13 more | 2024-11-21 | 7.5 High |
| Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | ||||
| CVE-2022-28048 | 2 Fedoraproject, Stb Project | 2 Fedora, Stb | 2024-11-21 | 8.8 High |
| STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. | ||||
| CVE-2022-27943 | 2 Fedoraproject, Gnu | 2 Fedora, Gcc | 2024-11-21 | 5.5 Medium |
| libiberty/rust-demangle.c in GNU GCC 11.2 allows stack consumption in demangle_const, as demonstrated by nm-new. | ||||
| CVE-2022-27939 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 5.5 Medium |
| tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c. | ||||
| CVE-2022-27882 | 1 Openbsd | 1 Openbsd | 2024-11-21 | 7.5 High |
| slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation. | ||||
| CVE-2022-27873 | 1 Autodesk | 1 Fusion 360 | 2024-11-21 | 7.8 High |
| An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information. | ||||
| CVE-2022-27861 | 1 Arscode | 1 Ninja Popups | 2024-11-21 | 4.7 Medium |
| Unauth. Open Redirect vulnerability in Arscode Ninja Popups plugin <= 4.7.5 versions. | ||||