Export limit exceeded: 21740 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25190 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25190 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39046 | 2 Gnu, Netapp | 12 Glibc, H300s, H300s Firmware and 9 more | 2024-11-21 | 7.5 High |
| An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. | ||||
| CVE-2022-39013 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2024-11-21 | 7.6 High |
| Under certain conditions an authenticated attacker can get access to OS credentials. Getting access to OS credentials enables the attacker to modify system data and make the system unavailable leading to high impact on confidentiality and low impact on integrity and availability of the application. | ||||
| CVE-2022-38400 | 1 Synck | 1 Mailform Pro Cgi | 2024-11-21 | 5.9 Medium |
| Mailform Pro CGI 4.3.1 and earlier allow a remote unauthenticated attacker to obtain the user input data by having a use of the product to access a specially crafted URL. | ||||
| CVE-2022-37459 | 1 Amperecomputing | 4 Ampere Altra, Ampere Altra Firmware, Ampere Altra Max and 1 more | 2024-11-21 | 7.8 High |
| Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue. | ||||
| CVE-2022-37438 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | 2.6 Low |
| In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web. | ||||
| CVE-2022-37336 | 1 Intel | 52 Nuc 10 Performance Kit Nuc10i3fnh, Nuc 10 Performance Kit Nuc10i3fnh Firmware, Nuc 10 Performance Kit Nuc10i3fnhf and 49 more | 2024-11-21 | 7.9 High |
| Improper input validation in BIOS firmware for some Intel(R) NUC may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-37146 | 1 Plextrac | 1 Plextrac | 2024-11-21 | 5.3 Medium |
| The PlexTrac platform prior to version 1.28.0 allows for username enumeration via HTTP response times on invalid login attempts for users configured to use the PlexTrac authentication provider. Login attempts for valid, unlocked users configured to use PlexTrac as their authentication provider take significantly longer than those for invalid users, allowing for valid users to be enumerated by an unauthenticated remote attacker. Note that the lockout policy implemented in Plextrac version 1.17.0 makes it impossible to distinguish between valid, locked user accounts and user accounts that do not exist, but does not prevent valid, unlocked users from being enumerated. | ||||
| CVE-2022-37010 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 3.6 Low |
| In JetBrains IntelliJ IDEA before 2022.2 email address validation in the "Git User Name Is Not Defined" dialog was missed | ||||
| CVE-2022-36885 | 2 Jenkins, Redhat | 2 Github, Openshift | 2024-11-21 | 5.3 Medium |
| Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature. | ||||
| CVE-2022-36884 | 2 Jenkins, Redhat | 2 Git, Openshift | 2024-11-21 | 5.3 Medium |
| The webhook endpoint in Jenkins Git Plugin 4.11.3 and earlier provide unauthenticated attackers information about the existence of jobs configured to use an attacker-specified Git repository. | ||||
| CVE-2022-36878 | 1 Samsung | 1 Find My Mobile | 2024-11-21 | 3.3 Low |
| Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log. | ||||
| CVE-2022-36877 | 1 Samsung | 1 Samsung Members | 2024-11-21 | 2.8 Low |
| Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log. | ||||
| CVE-2022-36873 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | 5.9 Medium |
| Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-36868 | 1 Google | 1 Android | 2024-11-21 | 5.9 Medium |
| Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-36859 | 1 Samsung | 1 Smarttagplugin | 2024-11-21 | 5.7 Medium |
| Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices. | ||||
| CVE-2022-36854 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information. | ||||
| CVE-2022-36853 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information. | ||||
| CVE-2022-36850 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. | ||||
| CVE-2022-36835 | 1 Samsung | 1 Samsung Internet Browser | 2024-11-21 | 3.3 Low |
| Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files. | ||||
| CVE-2022-36834 | 1 Samsung | 1 Game Launcher | 2024-11-21 | 3.3 Low |
| Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction. | ||||