Export limit exceeded: 79714 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79714 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0676 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. | ||||
| CVE-2022-0667 | 2 Isc, Netapp | 17 Bind, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.5 High |
| When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | ||||
| CVE-2022-0666 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| CRLF Injection leads to Stack Trace Exposure due to lack of filtering at https://demo.microweber.org/ in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0661 | 1 Ad Injection Project | 1 Ad Injection | 2024-11-21 | 7.2 High |
| The Ad Injection WordPress plugin through 1.2.0.19 does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user (Admin+) to inject arbitrary HTML or javascript even with unfiltered_html disallowed, leading to a stored cross-site scripting (XSS) vulnerability. Further it is also possible to inject PHP code, leading to a Remote Code execution (RCE) vulnerability, even if the DISALLOW_FILE_EDIT and DISALLOW_FILE_MOD constants are both set. | ||||
| CVE-2022-0660 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0656 | 1 Webtoprint | 1 Web To Print Shop\ | 2024-11-21 | 7.5 High |
| The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX action (available to both unauthenticated and authenticated users) before using it in the file_get_contents function and returning its content base64 encoded in the response. As a result, unauthenticated users could read arbitrary files on the web server (such as /etc/passwd, wp-config.php etc) | ||||
| CVE-2022-0654 | 1 Node-request-retry Project | 1 Node-request-retry | 2024-11-21 | 7.5 High |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0. | ||||
| CVE-2022-0646 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.8 High |
| A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5. | ||||
| CVE-2022-0635 | 2 Isc, Netapp | 17 Bind, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.5 High |
| Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | ||||
| CVE-2022-0630 | 1 Mruby | 1 Mruby | 2024-11-21 | 7.1 High |
| Out-of-bounds Read in Homebrew mruby prior to 3.2. | ||||
| CVE-2022-0629 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 7.8 High |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-0624 | 1 Parse-path Project | 1 Parse-path | 2024-11-21 | 7.3 High |
| Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. | ||||
| CVE-2022-0618 | 1 Apple | 1 Swiftnio Http\/2 | 2024-11-21 | 7.5 High |
| A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE frame with HTTP/2 padding information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. | ||||
| CVE-2022-0610 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Inappropriate implementation in Gamepad API in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0608 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0607 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in GPU in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0606 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in ANGLE in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0605 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Webstore API in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and convinced a user to enage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0604 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Heap buffer overflow in Tab Groups in Google Chrome prior to 98.0.4758.102 allowed an attacker who convinced a user to install a malicious extension and engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0603 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | 8.8 High |
| Use after free in File Manager in Google Chrome on Chrome OS prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||