Search Results (364612 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-42905 1 Wolfssl 1 Wolfssl 2025-05-02 9.1 Critical
In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)
CVE-2022-42707 1 Mahara 1 Mahara 2025-05-02 7.5 High
In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.
CVE-2022-40284 4 Debian, Fedoraproject, Redhat and 1 more 9 Debian Linux, Fedora, Advanced Virtualization and 6 more 2025-05-02 7.8 High
A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.
CVE-2022-3721 1 Froxlor 1 Froxlor 2025-05-02 4.6 Medium
Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39.
CVE-2022-38582 1 Watchdog 1 Anti-virus 2025-05-02 6.5 Medium
Incorrect access control in the anti-virus driver wsdkd.sys of Watchdog Antivirus v1.4.158 allows attackers to write arbitrary files.
CVE-2022-38163 1 F-secure 1 Safe 2025-05-02 3.5 Low
A Drag and Drop spoof vulnerability was discovered in F-Secure SAFE Browser for Android and iOS version 19.0 and below. Drag and drop operation by user on address bar could lead to a spoofing of the address bar.
CVE-2022-37911 1 Arubanetworks 2 Arubaos, Sd-wan 2025-05-02 3.8 Low
Due to improper restrictions on XML entities multiple vulnerabilities exist in the command line interface of ArubaOS. A successful exploit could allow an authenticated attacker to retrieve files from the local system or cause the application to consume system resources, resulting in a denial of service condition.
CVE-2022-37910 1 Arubanetworks 2 Arubaos, Sd-wan 2025-05-02 4.4 Medium
A buffer overflow vulnerability exists in the ArubaOS command line interface. Successful exploitation of this vulnerability results in a denial of service on the affected system.
CVE-2022-37909 1 Arubanetworks 2 Arubaos, Sd-wan 2025-05-02 5.3 Medium
Aruba has identified certain configurations of ArubaOS that can lead to sensitive information disclosure from the configured ESSIDs. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
CVE-2022-37908 1 Arubanetworks 12 7005, 7008, 7010 and 9 more 2025-05-02 5.8 Medium
An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series controllers. Successful exploitation can compromise the hardware chain of trust on the impacted controller.
CVE-2022-37907 1 Arubanetworks 12 7005, 7008, 7010 and 9 more 2025-05-02 5.8 Medium
A vulnerability exists in the ArubaOS bootloader on 7xxx series controllers which can result in a denial of service (DoS) condition on an impacted system. A successful attacker can cause a system hang which can only be resolved via a power cycle of the impacted controller.
CVE-2022-37906 1 Arubanetworks 2 Arubaos, Sd-wan 2025-05-02 6.5 Medium
An authenticated path traversal vulnerability exists in the ArubaOS command line interface. Successful exploitation of the vulnerability results in the ability to delete arbitrary files on the underlying operating system.
CVE-2022-37905 1 Arubanetworks 12 7005, 7008, 7010 and 9 more 2025-05-02 6.6 Medium
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.
CVE-2022-37904 1 Arubanetworks 12 7005, 7008, 7010 and 9 more 2025-05-02 6.6 Medium
Vulnerabilities in ArubaOS running on 7xxx series controllers exist that allows an attacker to execute arbitrary code during the boot sequence. Successful exploitation could allow an attacker to achieve permanent modification of the underlying operating system.
CVE-2022-37901 1 Arubanetworks 12 7005, 7008, 7010 and 9 more 2025-05-02 7.2 High
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2022-37899 1 Arubanetworks 12 7005, 7008, 7010 and 9 more 2025-05-02 7.2 High
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2022-37898 1 Arubanetworks 12 7005, 7008, 7010 and 9 more 2025-05-02 7.2 High
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities results in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
CVE-2022-37897 1 Arubanetworks 2 Arubaos, Sd-wan 2025-05-02 9.8 Critical
There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2022-37865 2 Apache, Redhat 2 Ivy, Camel Spring Boot 2025-05-02 9.1 Critical
With Apache Ivy 2.4.0 an optional packaging attribute has been introduced that allows artifacts to be unpacked on the fly if they used pack200 or zip packaging. For artifacts using the "zip", "jar" or "war" packaging Ivy prior to 2.5.1 doesn't verify the target path when extracting the archive. An archive containing absolute paths or paths that try to traverse "upwards" using ".." sequences can then write files to any location on the local fie system that the user executing Ivy has write access to. Ivy users of version 2.4.0 to 2.5.0 should upgrade to Ivy 2.5.1.
CVE-2022-37710 1 Pattersondental 1 Eaglesoft 2025-05-02 7.8 High
Patterson Dental Eaglesoft 21 has AES-256 encryption but there are two ways to obtain a keyfile: (1) keybackup.data > License > Encryption Key or (2) Eaglesoft.Server.Configuration.data > DbEncryptKeyPrimary > Encryption Key. Applicable files are encrypted with keys and salt that are hardcoded into a DLL or EXE file.