Latest CVE Feed
-
9.8
CRITICALCVE-2022-4399
A vulnerability was found in TicklishHoneyBee nodau. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/db.c. The manipulation of the argument value/name leads to sql injection. The name of the patch is 7a7... Read more
Affected Products : nodau- EPSS Score: %0.05
- Published: Dec. 10, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-43634
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from th... Read more
Affected Products : netatalk- EPSS Score: %4.35
- Published: Mar. 29, 2023
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-41639
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary c... Read more
- EPSS Score: %0.27
- Published: Dec. 22, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-40300
Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.... Read more
Affected Products : manageengine_password_manager_pro manageengine_pam360 manageengine_access_manager_plus- EPSS Score: %46.10
- Published: Sep. 16, 2022
- Modified: Jan. 13, 2025
-
9.8
CRITICALCVE-2022-39379
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitr... Read more
- EPSS Score: %8.87
- Published: Nov. 02, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-32985
libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.... Read more
Affected Products : gigaswitch_641_desk_v5_sfp-vi_firmware gigaswitch_642_desk_v5_sfp-2vi_firmware gigaswitch_v5_2tp\(pd-f\+\)_sfp-vi_54vdc_firmware gigaswitch_v5_2tp\(pse\+\)_sfp-vi_54vdc_firmware gigaswitch_v5_2tp_sfp-vi_54vdc_firmware gigaswitch_v5_sfp-2vi_230vac_firmware gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_firmware gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_ind_firmware gigaswitch_v5_tp\(pse\+\)_sfp-2vi_54vdc_med_firmware gigaswitch_v5_tp_sfp-2vi_54vdc_firmware +16 more products- EPSS Score: %0.61
- Published: Jul. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31206
The Omron SYSMAC Nx product family PLCs (NJ series, NY series, NX series, and PMAC series) through 2022-005-18 lack cryptographic authentication. These PLCs are programmed using the SYMAC Studio engineering software (which compiles IEC 61131-3 conformant ... Read more
- EPSS Score: %0.11
- Published: Jul. 26, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-31003
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can se... Read more
- EPSS Score: %4.37
- Published: May. 31, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29958
JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a bl... Read more
- EPSS Score: %0.13
- Published: Jul. 26, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-29873
A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM ... Read more
Affected Products : 7kg8500-0aa00-0aa0_firmware 7kg8500-0aa00-2aa0_firmware 7kg8500-0aa10-0aa0_firmware 7kg8500-0aa10-2aa0_firmware 7kg8500-0aa30-0aa0_firmware 7kg8500-0aa30-2aa0_firmware 7kg8501-0aa01-0aa0_firmware 7kg8501-0aa01-2aa0_firmware 7kg8501-0aa02-0aa0_firmware 7kg8501-0aa02-2aa0_firmware +62 more products- EPSS Score: %2.69
- Published: May. 20, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-28738
A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations.... Read more
Affected Products : ruby- EPSS Score: %0.46
- Published: May. 09, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-24724
cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption whe... Read more
- EPSS Score: %4.19
- Published: Mar. 03, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-23303
The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.... Read more
- EPSS Score: %0.33
- Published: Jan. 17, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22822
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.... Read more
- EPSS Score: %1.33
- Published: Jan. 10, 2022
- Modified: May. 05, 2025
-
9.8
CRITICALCVE-2022-22817
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used.... Read more
- EPSS Score: %2.55
- Published: Jan. 10, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22487
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability usin... Read more
- EPSS Score: %0.21
- Published: Jun. 30, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2022-22012
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_server windows_10_1607 +14 more products- EPSS Score: %7.14
- Published: May. 10, 2022
- Modified: Jan. 02, 2025
-
9.8
CRITICALCVE-2022-0582
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file... Read more
- EPSS Score: %0.07
- Published: Feb. 14, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-45005
Artifex MuJS v1.1.3 was discovered to contain a heap buffer overflow which is caused by conflicting JumpList of nested try/finally statements.... Read more
Affected Products : mujs- EPSS Score: %0.14
- Published: Feb. 14, 2022
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2021-44790
A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issu... Read more
Affected Products : fedora zfs_storage_appliance_kit debian_linux cloud_backup macos http_server mac_os_x http_server communications_session_report_manager communications_session_route_manager +4 more products- EPSS Score: %87.39
- Published: Dec. 20, 2021
- Modified: May. 01, 2025