Export limit exceeded: 363677 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363677 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55956 | 1 Cleo | 3 Harmony, Lexicom, Vltrader | 2025-11-04 | 9.8 Critical |
| In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. | ||||
| CVE-2023-2088 | 1 Redhat | 1 Openstack | 2025-11-04 | 6.5 Medium |
| A flaw was found in OpenStack due to an inconsistency between Cinder and Nova. This issue can be triggered intentionally or by accident. A remote, authenticated attacker could exploit this vulnerability by detaching one of their volumes from Cinder. The highest impact is to confidentiality. | ||||
| CVE-2022-45442 | 3 Debian, Redhat, Sinatrarb | 6 Debian Linux, Enterprise Linux, Rhel E4s and 3 more | 2025-11-04 | 8.8 High |
| Sinatra is a domain-specific language for creating web applications in Ruby. An issue was discovered in Sinatra 2.0 before 2.2.3 and 3.0 before 3.0.4. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a response when the filename is derived from user-supplied input. Version 2.2.3 and 3.0.4 contain patches for this issue. | ||||
| CVE-2022-41444 | 1 Cacti | 1 Cacti | 2025-11-04 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php. | ||||
| CVE-2022-40897 | 2 Python, Redhat | 7 Setuptools, Enterprise Linux, Rhel Aus and 4 more | 2025-11-04 | 5.9 Medium |
| Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py. | ||||
| CVE-2022-40468 | 1 Tinyproxy Project | 1 Tinyproxy | 2025-11-04 | 7.5 High |
| Potential leak of left-over heap data if custom error page templates containing special non-standard variables are used. Tinyproxy commit 84f203f and earlier use uninitialized buffers in process_request() function. | ||||
| CVE-2022-39244 | 1 Pjsip | 1 Pjsip | 2025-11-04 | 7.5 High |
| PJSIP is a free and open source multimedia communication library written in C. In versions of PJSIP prior to 2.13 the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser are affeced by a buffer overflow vulnerability. Users connecting to untrusted clients are at risk. This issue has been patched and is available as commit c4d3498 in the master branch and will be included in releases 2.13 and later. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2022-37705 | 1 Zmanda | 1 Amanda | 2025-11-04 | 6.7 Medium |
| A privilege escalation flaw was found in Amanda 3.5.1 in which the backup user can acquire root privileges. The vulnerable component is the runtar SUID program, which is a wrapper to run /usr/bin/tar with specific arguments that are controllable by the attacker. This program mishandles the arguments passed to tar binary (it expects that the argument name and value are separated with a space; however, separating them with an equals sign is also supported), | ||||
| CVE-2022-37704 | 1 Zmanda | 1 Amanda | 2025-11-04 | 6.7 Medium |
| Amanda 3.5.1 allows privilege escalation from the regular user backup to root. The SUID binary located at /lib/amanda/rundump will execute /usr/sbin/dump as root with controlled arguments from the attacker which may lead to escalation of privileges, denial of service, and information disclosure. | ||||
| CVE-2022-37703 | 1 Amanda | 1 Amanda | 2025-11-04 | 3.3 Low |
| In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. An attacker can abuse this vulnerability to know if a directory exists or not anywhere in the fs. The binary will use `opendir()` as root directly without checking the path, letting the attacker provide an arbitrary path. | ||||
| CVE-2022-37035 | 1 Frrouting | 1 Frrouting | 2025-11-04 | 8.1 High |
| An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation. | ||||
| CVE-2022-31031 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2025-11-04 | 9.8 Critical |
| PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue. | ||||
| CVE-2022-2309 | 4 Fedoraproject, Lxml, Redhat and 1 more | 4 Fedora, Lxml, Enterprise Linux and 1 more | 2025-11-04 | 7.5 High |
| NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. | ||||
| CVE-2022-29970 | 3 Debian, Redhat, Sinatrarb | 7 Debian Linux, Enterprise Linux, Rhel E4s and 4 more | 2025-11-04 | 7.5 High |
| Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. | ||||
| CVE-2022-28739 | 4 Apple, Debian, Redhat and 1 more | 5 Macos, Debian Linux, Enterprise Linux and 2 more | 2025-11-04 | 7.5 High |
| There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. | ||||
| CVE-2022-26129 | 1 Frrouting | 1 Frrouting | 2025-11-04 | 7.8 High |
| Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the subtlv length in the functions, parse_hello_subtlv, parse_ihu_subtlv, and parse_update_subtlv in babeld/message.c. | ||||
| CVE-2022-26128 | 1 Frrouting | 1 Frrouting | 2025-11-04 | 7.8 High |
| A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to a wrong check on the input packet length in the babel_packet_examin function in babeld/message.c. | ||||
| CVE-2022-26127 | 1 Frrouting | 1 Frrouting | 2025-11-04 | 7.8 High |
| A buffer overflow vulnerability exists in FRRouting through 8.1.0 due to missing a check on the input packet length in the babel_packet_examin function in babeld/message.c. | ||||
| CVE-2022-26126 | 2 Fedoraproject, Frrouting | 2 Fedora, Frrouting | 2025-11-04 | 7.8 High |
| Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. | ||||
| CVE-2022-26125 | 2 Frrouting, Redhat | 2 Frrouting, Enterprise Linux | 2025-11-04 | 7.5 High |
| Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to wrong checks on the input packet length in isisd/isis_tlvs.c. | ||||