Export limit exceeded: 79703 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79703 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0407 | 1 Vim | 1 Vim | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-0403 | 1 Wpjos | 1 Library File Manager | 2024-11-21 | 8.1 High |
| The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, as the options passed to the elFinder library does not restrict any file type, users with a role as low as subscriber can Create/Upload/Delete Arbitrary files and folders. | ||||
| CVE-2022-0400 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.5 High |
| An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. | ||||
| CVE-2022-0393 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.1 High |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-0386 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 8.8 High |
| A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. | ||||
| CVE-2022-0383 | 1 Ljapps | 1 Wp Review Slider | 2024-11-21 | 7.2 High |
| The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks | ||||
| CVE-2022-0368 | 3 Apple, Debian, Vim | 3 Macos, Debian Linux, Vim | 2024-11-21 | 7.8 High |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-0366 | 1 Capsule8 | 1 Capsule8 | 2024-11-21 | 8.8 High |
| An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1. | ||||
| CVE-2022-0358 | 2 Qemu, Redhat | 4 Qemu, Advanced Virtualization, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system. | ||||
| CVE-2022-0354 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.3 High |
| A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. | ||||
| CVE-2022-0336 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2024-11-21 | 8.8 High |
| The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. | ||||
| CVE-2022-0335 | 1 Moodle | 1 Moodle | 2024-11-21 | 8.8 High |
| A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk. | ||||
| CVE-2022-0330 | 4 Fedoraproject, Linux, Netapp and 1 more | 52 Fedora, Linux Kernel, H300e and 49 more | 2024-11-21 | 7.8 High |
| A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. | ||||
| CVE-2022-0323 | 1 Mustache Project | 1 Mustache | 2024-11-21 | 8.8 High |
| Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1. | ||||
| CVE-2022-0315 | 1 Horovod | 1 Horovod | 2024-11-21 | 7.5 High |
| Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0. | ||||
| CVE-2022-0311 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0310 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. | ||||
| CVE-2022-0308 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | 8.8 High |
| Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0307 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0306 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||