Export limit exceeded: 348656 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348656 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79744 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1259 | 2 Netapp, Redhat | 12 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 9 more | 2024-11-21 | 7.5 High |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. | ||||
| CVE-2022-1258 | 1 Mcafee | 1 Agent | 2024-11-21 | 8.4 High |
| A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. | ||||
| CVE-2022-1256 | 1 Mcafee | 1 Agent | 2024-11-21 | 7.8 High |
| A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links. | ||||
| CVE-2022-1247 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | 7.0 High |
| An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero. | ||||
| CVE-2022-1240 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | ||||
| CVE-2022-1239 | 1 Hubspot | 1 Hubspot | 2024-11-21 | 8.8 High |
| The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks | ||||
| CVE-2022-1238 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | ||||
| CVE-2022-1237 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | ||||
| CVE-2022-1235 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 8.2 High |
| Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. | ||||
| CVE-2022-1232 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1227 | 4 Fedoraproject, Podman Project, Psgo Project and 1 more | 19 Fedora, Podman, Psgo and 16 more | 2024-11-21 | 8.8 High |
| A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. | ||||
| CVE-2022-1219 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 High |
| SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | ||||
| CVE-2022-1215 | 2 Freedesktop, Redhat | 2 Libinput, Enterprise Linux | 2024-11-21 | 7.8 High |
| A format string vulnerability was found in libinput | ||||
| CVE-2022-1213 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 8.1 High |
| SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191 | ||||
| CVE-2022-1202 | 1 Usabilitydynamics | 1 Wp-crm | 2024-11-21 | 7.8 High |
| The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. | ||||
| CVE-2022-1194 | 1 Mobileeventsmanager | 1 Mobile Events Manager | 2024-11-21 | 8.8 High |
| The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability. | ||||
| CVE-2022-1191 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 8.1 High |
| SSRF on index.php/cobrowse/proxycss/ in GitHub repository livehelperchat/livehelperchat prior to 3.96. | ||||
| CVE-2022-1190 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.7 High |
| Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc. | ||||
| CVE-2022-1183 | 2 Isc, Netapp | 11 Bind, H300s, H300s Firmware and 8 more | 2024-11-21 | 7.5 High |
| On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch. | ||||
| CVE-2022-1182 | 1 Visual Slide Box Builder Project | 1 Visual Slide Box Builder | 2024-11-21 | 8.8 High |
| The Visual Slide Box Builder WordPress plugin through 3.2.9 does not sanitise and escape various parameters before using them in SQL statements via some of its AJAX actions available to any authenticated users (such as subscriber), leading to SQL Injections | ||||