Export limit exceeded: 79717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79717 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0798 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2024-11-21 | 8.8 High |
| Use after free in MediaStream in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | ||||
| CVE-2022-0797 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2024-11-21 | 8.8 High |
| Out of bounds memory access in Mojo in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | ||||
| CVE-2022-0796 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2024-11-21 | 8.8 High |
| Use after free in Media in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0795 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Type confusion in Blink Layout in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0794 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in WebShare in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0793 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Cast in Google Chrome prior to 99.0.4844.51 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted Chrome Extension. | ||||
| CVE-2022-0791 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2024-11-21 | 8.8 High |
| Use after free in Omnibox in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via user interactions. | ||||
| CVE-2022-0789 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Heap buffer overflow in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0777 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. | ||||
| CVE-2022-0770 | 1 Gtranslate | 1 Translate Wordpress With Gtranslate | 2024-11-21 | 8.8 High |
| The Translate WordPress with GTranslate WordPress plugin before 2.9.9 does not have CSRF check in some files, and write debug data such as user's cookies in a publicly accessible file if a specific parameter is used when requesting them. Combining those two issues, an attacker could gain access to a logged in admin cookies by making them open a malicious link or page | ||||
| CVE-2022-0759 | 1 Redhat | 3 Kubeclient, Logging, Satellite | 2024-11-21 | 8.1 High |
| A flaw was found in all versions of kubeclient up to (but not including) v4.9.3, the Ruby client for Kubernetes REST API, in the way it parsed kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs, kubeclient ends up accepting any certificate (it wrongly returns VERIFY_NONE). Ruby applications that leverage kubeclient to parse kubeconfig files are susceptible to Man-in-the-middle attacks (MITM). | ||||
| CVE-2022-0749 | 1 Singoo | 1 Singoocms.utility | 2024-11-21 | 7.4 High |
| This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter. | ||||
| CVE-2022-0736 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 7.5 High |
| Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. | ||||
| CVE-2022-0732 | 1 1byte | 9 Copy9, Exactspy, Fonetracker and 6 more | 2024-11-21 | 7.5 High |
| The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. | ||||
| CVE-2022-0729 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 8.8 High |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. | ||||
| CVE-2022-0725 | 2 Fedoraproject, Keepass | 3 Extra Packages For Enterprise Linux, Fedora, Keepass | 2024-11-21 | 7.5 High |
| A flaw was found in keepass. The vulnerability occurs due to logging the plain text passwords in system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. | ||||
| CVE-2022-0722 | 2 Parse-url Project, Redhat | 2 Parse-url, Jboss Enterprise Bpms Platform | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0. | ||||
| CVE-2022-0713 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 7.1 High |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. | ||||
| CVE-2022-0711 | 3 Debian, Haproxy, Redhat | 6 Debian Linux, Haproxy, Enterprise Linux and 3 more | 2024-11-21 | 7.5 High |
| A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. | ||||
| CVE-2022-0709 | 1 Saasproject | 1 Booking Package | 2024-11-21 | 7.5 High |
| The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability. | ||||