Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43402 | 2 Jenkins, Redhat | 3 Pipeline\, Ocp Tools, Openshift | 2024-11-21 | 9.9 Critical |
| A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | ||||
| CVE-2022-43401 | 2 Jenkins, Redhat | 3 Script Security, Ocp Tools, Openshift | 2024-11-21 | 9.9 Critical |
| A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts, including Pipelines, to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | ||||
| CVE-2022-42745 | 1 Auieosoftware | 1 Candidats | 2024-11-21 | 7.5 High |
| CandidATS version 3.0.0 allows an external attacker to read arbitrary files from the server. This is possible because the application is vulnerable to XXE. | ||||
| CVE-2022-42324 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 5.5 Medium |
| Oxenstored 32->31 bit integer truncation issues Integers in Ocaml are 63 or 31 bits of signed precision. The Ocaml Xenbus library takes a C uint32_t out of the ring and casts it directly to an Ocaml integer. In 64-bit Ocaml builds this is fine, but in 32-bit builds, it truncates off the most significant bit, and then creates unsigned/signed confusion in the remainder. This in turn can feed a negative value into logic not expecting a negative value, resulting in unexpected exceptions being thrown. The unexpected exception is not handled suitably, creating a busy-loop trying (and failing) to take the bad packet out of the xenstore ring. | ||||
| CVE-2022-42321 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 6.5 Medium |
| Xenstore: Guests can crash xenstored via exhausting the stack Xenstored is using recursion for some Xenstore operations (e.g. for deleting a sub-tree of Xenstore nodes). With sufficiently deep nesting levels this can result in stack exhaustion on xenstored, leading to a crash of xenstored. | ||||
| CVE-2022-42307 | 1 Veritas | 1 Netbackup | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service. | ||||
| CVE-2022-42301 | 1 Veritas | 1 Netbackup | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process. | ||||
| CVE-2022-41984 | 1 Intel | 4 Arc A750, Arc A750 Firmware, Arc A770 and 1 more | 2024-11-21 | 4.4 Medium |
| Protection mechanism failure for some Intel(R) Arc(TM) graphics cards A770 and A750 Limited Edition sold between October of 2022 and December of 2022 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2022-41672 | 1 Apache | 1 Airflow | 2024-11-21 | 8.1 High |
| In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API. | ||||
| CVE-2022-41291 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2024-11-21 | 6.5 Medium |
| IBM InfoSphere Information Server 11.7 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 236699. | ||||
| CVE-2022-40768 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 5.5 Medium |
| drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | ||||
| CVE-2022-40755 | 1 Jasper Project | 1 Jasper | 2024-11-21 | 5.5 Medium |
| JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c. | ||||
| CVE-2022-40705 | 1 Apache | 1 Soap | 2024-11-21 | 7.5 High |
| An Improper Restriction of XML External Entity Reference vulnerability in RPCRouterServlet of Apache SOAP allows an attacker to read arbitrary files over HTTP. This issue affects Apache SOAP version 2.2 and later versions. It is unknown whether previous versions are also affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2022-40538 | 1 Qualcomm | 26 Ar8035, Ar8035 Firmware, Qca8081 and 23 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in modem while processing sib with incorrect values from network. | ||||
| CVE-2022-40530 | 1 Qualcomm | 378 Aqt1000, Aqt1000 Firmware, Ar8031 and 375 more | 2024-11-21 | 8.4 High |
| Memory corruption in WLAN due to integer overflow to buffer overflow in WLAN during initialization phase. | ||||
| CVE-2022-40527 | 1 Qualcomm | 198 Ar8035, Ar8035 Firmware, Csr8811 and 195 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM. | ||||
| CVE-2022-40525 | 1 Qualcomm | 62 Csr8811, Csr8811 Firmware, Ipq6000 and 59 more | 2024-11-21 | 7.1 High |
| Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis. | ||||
| CVE-2022-40523 | 1 Qualcomm | 370 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 367 more | 2024-11-21 | 7.1 High |
| Information disclosure in Kernel due to indirect branch misprediction. | ||||
| CVE-2022-40508 | 1 Qualcomm | 136 315 5g Iot Modem, 315 5g Iot Modem Firmware, Aqt1000 and 133 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported. | ||||
| CVE-2022-40504 | 1 Qualcomm | 378 315 5g Iot Modem, 315 5g Iot Modem Firmware, 8905 and 375 more | 2024-11-21 | 7.5 High |
| Transient DOS due to reachable assertion in Modem when UE received Downlink Data Indication message from the network. | ||||