Export limit exceeded: 353747 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 81668 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81668 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1965 | 1 Codesys | 2 Plcwinnt, Runtime Toolkit | 2024-11-21 | 8.1 High |
| Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required. | ||||
| CVE-2022-1948 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.7 High |
| An issue has been discovered in GitLab affecting all versions starting from 15.0 before 15.0.1. Missing validation of input used in quick actions allowed an attacker to exploit XSS by injecting HTML in contact details. | ||||
| CVE-2022-1943 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially | ||||
| CVE-2022-1941 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Protobuf-cpp and 2 more | 2024-11-21 | 7.5 High |
| A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple key-value per elements creates parsing issues, and can lead to a Denial of Service against services receiving unsanitized input. We recommend upgrading to versions 3.18.3, 3.19.5, 3.20.2, 3.21.6 for protobuf-cpp and 3.18.3, 3.19.5, 3.20.2, 4.21.6 for protobuf-python. Versions for 3.16 and 3.17 are no longer updated. | ||||
| CVE-2022-1940 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.7 High |
| A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues | ||||
| CVE-2022-1939 | 1 Allow Svg Files Project | 1 Allow Svg Files | 2024-11-21 | 7.2 High |
| The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to | ||||
| CVE-2022-1934 | 1 Mruby | 1 Mruby | 2024-11-21 | 7.8 High |
| Use After Free in GitHub repository mruby/mruby prior to 3.2. | ||||
| CVE-2022-1931 | 1 Trudesk Project | 1 Trudesk | 2024-11-21 | 8.1 High |
| Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. | ||||
| CVE-2022-1927 | 4 Apple, Fedoraproject, Redhat and 1 more | 5 Macos, Fedora, Enterprise Linux and 2 more | 2024-11-21 | 7.8 High |
| Buffer Over-read in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-1919 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Use after free in Codecs in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1908 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | 8.1 High |
| Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | ||||
| CVE-2022-1907 | 1 Libmobi Project | 1 Libmobi | 2024-11-21 | 8.1 High |
| Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | ||||
| CVE-2022-1903 | 1 Armemberplugin | 1 Armember | 2024-11-21 | 8.1 High |
| The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username | ||||
| CVE-2022-1902 | 1 Redhat | 1 Advanced Cluster Security | 2024-11-21 | 8.8 High |
| A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges. | ||||
| CVE-2022-1898 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-1886 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-1883 | 1 Camptocamp | 1 Terraboard | 2024-11-21 | 8.8 High |
| SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0. | ||||
| CVE-2022-1882 | 3 Linux, Netapp, Redhat | 18 Linux Kernel, H300e, H300e Firmware and 15 more | 2024-11-21 | 7.8 High |
| A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. | ||||
| CVE-2022-1876 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-1874 | 2 Apple, Google | 2 Macos, Chrome | 2024-11-21 | 8.8 High |
| Insufficient policy enforcement in Safe Browsing in Google Chrome on Mac prior to 102.0.5005.61 allowed a remote attacker to bypass downloads protection policy via a crafted HTML page. | ||||