Export limit exceeded: 46047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46047 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-37842 | 1 Totolink | 2 A860r, A860r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK A860R V4.1.2cu.5182_B20201027, the parameters in infostat.cgi are not filtered, causing a buffer overflow vulnerability. | ||||
| CVE-2022-37840 | 1 Totolink | 2 A860r, A860r Firmware | 2024-11-21 | 9.8 Critical |
| In TOTOLINK A860R V4.1.2cu.5182_B20201027, the main function in downloadfile.cgi has a buffer overflow vulnerability. | ||||
| CVE-2022-37839 | 1 Totolink | 2 A860r, A860r Firmware | 2024-11-21 | 9.8 Critical |
| TOTOLINK A860R V4.1.2cu.5182_B20201027 is vulnerable to Buffer Overflow via Cstecgi.cgi. | ||||
| CVE-2022-37770 | 1 Jpeg | 1 Libjpeg | 2024-11-21 | 6.5 Medium |
| libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2022-37769 | 1 Jpeg | 1 Libjpeg | 2024-11-21 | 6.5 Medium |
| libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | ||||
| CVE-2022-37734 | 2 Graphql-java Project, Redhat | 4 Graphql-java, Openshift Application Runtimes, Quarkus and 1 more | 2024-11-21 | 7.5 High |
| graphql-java before19.0 is vulnerable to Denial of Service. An attacker can send a malicious GraphQL query that consumes CPU resources. The fixed versions are 19.0 and later, 18.3, and 17.4, and 0.0.0-2022-07-26T05-45-04-226aabd9. | ||||
| CVE-2022-37617 | 1 Browserify-shim Project | 1 Browserify-shim | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in function resolveShims in resolve-shims.js in thlorenz browserify-shim 3.8.15 via the k variable in resolve-shims.js. | ||||
| CVE-2022-37616 | 2 Debian, Xmldom Project | 2 Debian Linux, Xmldom | 2024-11-21 | 9.8 Critical |
| A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p variable. NOTE: the vendor states "we are in the process of marking this report as invalid"; however, some third parties takes the position that "A prototype injection/Prototype pollution is not just when global objects are polluted with recursive merge or deep cloning but also when a target object is polluted." | ||||
| CVE-2022-37609 | 1 Js-beautify Project | 1 Js-beautify | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in beautify-web js-beautify 1.13.7 via the name variable in options.js. | ||||
| CVE-2022-37601 | 3 Debian, Redhat, Webpack.js | 4 Debian Linux, Logging, Migration Toolkit Applications and 1 more | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in function parseQuery in parseQuery.js in webpack loader-utils via the name variable in parseQuery.js. This affects all versions prior to 1.4.1 and 2.0.3. | ||||
| CVE-2022-37598 | 1 Uglifyjs Project | 1 Uglifyjs | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in function DEFNODE in ast.js in mishoo UglifyJS 3.13.2 via the name variable in ast.js. NOTE: the vendor considers this an invalid report. | ||||
| CVE-2022-37397 | 1 Yugabyte | 1 Yugabytedb | 2024-11-21 | 8.3 High |
| An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. When anonymous or unauthenticated LDAP binding is enabled, it allows bypass of authentication with an empty password. | ||||
| CVE-2022-37348 | 2 Microsoft, Trendmicro | 2 Windows, Security | 2024-11-21 | 5.5 Medium |
| Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347. | ||||
| CVE-2022-37331 | 1 Openbabel | 1 Open Babel | 2024-11-21 | 7.3 High |
| An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-37302 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-11-21 | 5.5 Medium |
| A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. Affected Products: EcoStruxure Control Expert(V15.1 HF001 and prior). | ||||
| CVE-2022-37266 | 1 Stealjs | 1 Steal | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js. | ||||
| CVE-2022-37264 | 1 Stealjs | 1 Steal | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js. | ||||
| CVE-2022-37262 | 1 Stealjs | 1 Steal | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js. | ||||
| CVE-2022-37260 | 1 Stealjs | 1 Steal | 2024-11-21 | 7.5 High |
| A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js. | ||||
| CVE-2022-37258 | 1 Stealjs | 1 Steal | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js. | ||||