• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-23101
2022-08-03
N/A
6.1 MEDIUM
OX App Suite through 7.10.6 allows XSS via appHandler in a deep link in an e-mail message.
CVE-2022-23100
2022-08-03
N/A
9.8 CRITICAL
OX App Suite through 7.10.6 allows OS Command Injection via Documentconverter (e.g., through an email attachment).
CVE-2022-2310
2022-08-02
N/A
9.8 CRITICAL
An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of SWG incorrectly whitelisting authentication bypass methods and using a weak crypto password. This can lead to the attacker logging into the SWG admin interface, without valid credentials, as the super user with complete control over the SWG.
CVE-2022-23099
2022-08-03
N/A
5.4 MEDIUM
OX App Suite through 7.10.6 allows XSS by forcing block-wise read.
CVE-2022-23098
2022-09-29
N/A
7.5 HIGH
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation has an infinite loop if no data is received.
CVE-2022-23097
2022-09-29
N/A
9.1 CRITICAL
An issue was discovered in the DNS proxy in Connman through 1.40. forward_dns_reply mishandles a strnlen call, leading to an out-of-bounds read.
CVE-2022-23096
2022-09-29
N/A
9.1 CRITICAL
An issue was discovered in the DNS proxy in Connman through 1.40. The TCP server reply implementation lacks a check for the presence of sufficient Header Data, leading to an out-of-bounds read.
CVE-2022-23095
2022-01-21
N/A
7.8 HIGH
Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files. Unchecked input data from a crafted JPG file leads to memory corruption. An attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2022-23094
2022-01-24
N/A
7.5 HIGH
Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.
CVE-2022-2309
2022-10-28
N/A
7.5 HIGH
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.
« Previous 1 … 10,615 10,616 10,617 10,618 10,619 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE