Export limit exceeded: 29828 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29828 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34894 | 1 Jetbrains | 1 Hub | 2024-11-21 | 3.5 Low |
| In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services | ||||
| CVE-2022-34869 | 1 Allied-telesis | 2 Centrecom Ar260s, Centrecom Ar260s Firmware | 2024-11-21 | 8.8 High |
| Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command. | ||||
| CVE-2022-34635 | 1 Openhwgroup | 1 Cva6 | 2024-11-21 | 9.8 Critical |
| The mstatus.sd field in CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a does not update when the mstatus.fs field is set to Dirty. | ||||
| CVE-2022-34453 | 1 Dell | 2 Xtremio X2, Xtremio X2 Firmware | 2024-11-21 | 7.6 High |
| Dell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default. | ||||
| CVE-2022-34381 | 1 Dell | 2 Bsafe Crypto-j, Bsafe Ssl-j | 2024-11-21 | 9.1 Critical |
| Dell BSAFE SSL-J version 7.0 and all versions prior to 6.5, and Dell BSAFE Crypto-J versions prior to 6.2.6.1 contain an unmaintained third-party component vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to the compromise of the impacted system. This is a Critical vulnerability and Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2022-34298 | 1 Openidentityplatform | 1 Openam | 2024-11-21 | 5.3 Medium |
| The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack." | ||||
| CVE-2022-34175 | 1 Jenkins | 1 Jenkins | 2024-11-21 | 7.5 High |
| Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view. | ||||
| CVE-2022-34102 | 1 Crestron | 1 Airmedia | 2024-11-21 | 8.8 High |
| Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt. | ||||
| CVE-2022-34066 | 1 Texercise Project | 1 Texercise | 2024-11-21 | 9.8 Critical |
| The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34065 | 1 Rondolu-yt-concate Project | 1 Rondolu-yt-concate | 2024-11-21 | 9.8 Critical |
| The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34064 | 1 Zibal Project | 1 Zibal | 2024-11-21 | 9.8 Critical |
| The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34061 | 1 Catly Translate Project | 1 Catly Translate | 2024-11-21 | 9.8 Critical |
| The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34060 | 1 Togglee | 1 Togglee | 2024-11-21 | 9.8 Critical |
| The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34059 | 1 Sixfab-tool Project | 1 Sixfab-tool | 2024-11-21 | 9.8 Critical |
| The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-34057 | 1 Scoptrial Project | 1 Scoptrial | 2024-11-21 | 9.8 Critical |
| The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-33990 | 1 Dproxy-nexgen Project | 1 Dproxy-nexgen | 2024-11-21 | 7.5 High |
| Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form. | ||||
| CVE-2022-33932 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 5.3 Medium |
| Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services. | ||||
| CVE-2022-33931 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 6.3 Medium |
| Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An attacker with no access to Alert Classification page could potentially exploit this vulnerability, leading to the change the alert categories. | ||||
| CVE-2022-33926 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 7.1 High |
| Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. A remote malicious user could exploit this vulnerability in order to retain access to a file repository after it has been revoked. | ||||
| CVE-2022-33925 | 1 Dell | 1 Wyse Management Suite | 2024-11-21 | 6.5 Medium |
| Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. An remote authenticated attacker could potentially exploit this vulnerability by bypassing access controls in order to download reports containing sensitive information. | ||||