Export limit exceeded: 348669 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79749 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1305 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1302 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 7.5 High |
| In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. | ||||
| CVE-2022-1278 | 1 Redhat | 10 Amq, Amq Broker, Amq Online and 7 more | 2024-11-21 | 7.5 High |
| A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. | ||||
| CVE-2022-1273 | 1 Importwp | 1 Import Wp | 2024-11-21 | 7.2 High |
| The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE | ||||
| CVE-2022-1262 | 1 Dlink | 20 Dir-1360, Dir-1360 Firmware, Dir-1760 and 17 more | 2024-11-21 | 7.8 High |
| A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root. | ||||
| CVE-2022-1259 | 2 Netapp, Redhat | 12 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 9 more | 2024-11-21 | 7.5 High |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. | ||||
| CVE-2022-1258 | 1 Mcafee | 1 Agent | 2024-11-21 | 8.4 High |
| A blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server. | ||||
| CVE-2022-1256 | 1 Mcafee | 1 Agent | 2024-11-21 | 7.8 High |
| A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links. | ||||
| CVE-2022-1247 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2024-11-21 | 7.0 High |
| An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero. | ||||
| CVE-2022-1240 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | ||||
| CVE-2022-1239 | 1 Hubspot | 1 Hubspot | 2024-11-21 | 8.8 High |
| The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks | ||||
| CVE-2022-1238 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | ||||
| CVE-2022-1237 | 1 Radare | 1 Radare2 | 2024-11-21 | 7.8 High |
| Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html). | ||||
| CVE-2022-1235 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 8.2 High |
| Weak secrethash can be brute-forced in GitHub repository livehelperchat/livehelperchat prior to 3.96. | ||||
| CVE-2022-1232 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1227 | 4 Fedoraproject, Podman Project, Psgo Project and 1 more | 19 Fedora, Podman, Psgo and 16 more | 2024-11-21 | 8.8 High |
| A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service. | ||||
| CVE-2022-1219 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 7.5 High |
| SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | ||||
| CVE-2022-1215 | 2 Freedesktop, Redhat | 2 Libinput, Enterprise Linux | 2024-11-21 | 7.8 High |
| A format string vulnerability was found in libinput | ||||
| CVE-2022-1213 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 8.1 High |
| SSRF filter bypass port 80, 433 in GitHub repository livehelperchat/livehelperchat prior to 3.67v. An attacker could make the application perform arbitrary requests, bypass CVE-2022-1191 | ||||
| CVE-2022-1202 | 1 Usabilitydynamics | 1 Wp-crm | 2024-11-21 | 7.8 High |
| The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. | ||||