Export limit exceeded: 46047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (46047 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-37842 1 Totolink 2 A860r, A860r Firmware 2024-11-21 9.8 Critical
In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability.
CVE-2022-37840 1 Totolink 2 A860r, A860r Firmware 2024-11-21 9.8 Critical
In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability.
CVE-2022-37839 1 Totolink 2 A860r, A860r Firmware 2024-11-21 9.8 Critical
TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi.
CVE-2022-37770 1 Jpeg 1 Libjpeg 2024-11-21 6.5 Medium
libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2022-37769 1 Jpeg 1 Libjpeg 2024-11-21 6.5 Medium
libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.
CVE-2022-37734 2 Graphql-java Project, Redhat 4 Graphql-java, Openshift Application Runtimes, Quarkus and 1 more 2024-11-21 7.5 High
graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9.
CVE-2022-37617 1 Browserify-shim Project 1 Browserify-shim 2024-11-21 9.8 Critical
Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js.
CVE-2022-37616 2 Debian, Xmldom Project 2 Debian Linux, Xmldom 2024-11-21 9.8 Critical
A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted."
CVE-2022-37609 1 Js-beautify Project 1 Js-beautify 2024-11-21 9.8 Critical
Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js.
CVE-2022-37601 3 Debian, Redhat, Webpack.js 4 Debian Linux, Logging, Migration Toolkit Applications and 1 more 2024-11-21 9.8 Critical
Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3.
CVE-2022-37598 1 Uglifyjs Project 1 Uglifyjs 2024-11-21 9.8 Critical
Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report.
CVE-2022-37397 1 Yugabyte 1 Yugabytedb 2024-11-21 8.3 High
An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password.
CVE-2022-37348 2 Microsoft, Trendmicro 2 Windows, Security 2024-11-21 5.5 Medium
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347.
CVE-2022-37331 1 Openbabel 1 Open Babel 2024-11-21 7.3 High
An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2022-37302 1 Schneider-electric 1 Ecostruxure Control Expert 2024-11-21 5.5 Medium
A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior).
CVE-2022-37266 1 Stealjs 1 Steal 2024-11-21 9.8 Critical
Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js.
CVE-2022-37264 1 Stealjs 1 Steal 2024-11-21 9.8 Critical
Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.
CVE-2022-37262 1 Stealjs 1 Steal 2024-11-21 7.5 High
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js.
CVE-2022-37260 1 Stealjs 1 Steal 2024-11-21 7.5 High
A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js.
CVE-2022-37258 1 Stealjs 1 Steal 2024-11-21 9.8 Critical
Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.