Export limit exceeded: 328754 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2822 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41291 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699. | ||||
| CVE-2022-40755 | 1 Jasper Project | 1 Jasper | 2024-11-21 | 5.5 Medium |
| JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c. | ||||
| CVE-2022-40705 | 1 Apache | 1 Soap | 2024-11-21 | 7.5 High |
| An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2022-40538 | 1 Qualcomm | 26 Ar8035, Ar8035 Firmware, Qca8081 and 23 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network. | ||||
| CVE-2022-40527 | 1 Qualcomm | 198 Ar8035, Ar8035 Firmware, Csr8811 and 195 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM. | ||||
| CVE-2022-40508 | 1 Qualcomm | 136 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 133 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported. | ||||
| CVE-2022-40504 | 1 Qualcomm | 378 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8905 and 375 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network. | ||||
| CVE-2022-3916 | 1 Redhat | 9 Enterprise Linux, Keycloak, Openshift Container Platform and 6 more | 2024-11-21 | 6.8 Medium |
| A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. | ||||
| CVE-2022-3174 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | 7.5 High |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2. | ||||
| CVE-2022-3080 | 3 Fedoraproject, Isc, Redhat | 3 Fedora, Bind, Enterprise Linux | 2024-11-21 | 7.5 High |
| By sending specific queries to the resolver, an attacker can cause named to crash. | ||||
| CVE-2022-3032 | 2 Mozilla, Redhat | 4 Thunderbird, Enterprise Linux, Rhel E4s and 1 more | 2024-11-21 | 6.5 Medium |
| When receiving an HTML email that contained an <code>iframe</code> element, which used a <code>srcdoc</code> attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed. This vulnerability affects Thunderbird < 102.2.1 and Thunderbird < 91.13.1. | ||||
| CVE-2022-39954 | 1 Fortinet | 2 Fortinac, Fortinac-f | 2024-11-21 | 6.9 Medium |
| An improper restriction of xml external entity reference in Fortinet FortiNAC version 9.4.0 through 9.4.1, FortiNAC version 9.2.0 through 9.2.7, FortiNAC version 9.1.0 through 9.1.8, FortiNAC version 8.8.0 through 8.8.11, FortiNAC version 8.7.0 through 8.7.6, FortiNAC version 8.6.0 through 8.6.5, FortiNAC version 8.5.0 through 8.5.4, FortiNAC version 8.3.7 allows attacker to read arbitrary files or trigger a denial of service via specifically crafted XML documents. | ||||
| CVE-2022-39135 | 1 Apache | 1 Calcite | 2024-11-21 | 9.8 Critical |
| Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators. | ||||
| CVE-2022-38496 | 1 Lief-project | 1 Lief | 2024-11-21 | 5.5 Medium |
| LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp. | ||||
| CVE-2022-38349 | 1 Freedesktop | 1 Poppler | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. | ||||
| CVE-2022-38342 | 1 Safe | 1 Fme Server | 2024-11-21 | 8.5 High |
| Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks. | ||||
| CVE-2022-37189 | 1 Ddmal | 1 Mei2volpiano | 2024-11-21 | 7.5 High |
| DDMAL MEI2Volpiano 0.8.2 is vulnerable to XML External Entity (XXE), leading to a Denial of Service. This occurs due to the usage of the unsafe 'xml.etree' library to parse untrusted XML input. | ||||
| CVE-2022-37052 | 1 Freedesktop | 1 Poppler | 2024-11-21 | 6.5 Medium |
| A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. | ||||
| CVE-2022-37051 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. | ||||
| CVE-2022-36773 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 8.1 High |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571. | ||||