Export limit exceeded: 25190 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25190 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30586 | 1 Gradle | 1 Gradle | 2024-11-21 | 7.2 High |
| Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. | ||||
| CVE-2022-30535 | 1 F5 | 1 Nginx Ingress Controller | 2024-11-21 | 6.5 Medium |
| In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-30334 | 1 Brave | 1 Brave | 2024-11-21 | 5.3 Medium |
| Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser." | ||||
| CVE-2022-30331 | 1 Tigergraph | 1 Tigergraph | 2024-11-21 | 8.8 High |
| The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected." | ||||
| CVE-2022-30330 | 1 Keepkey | 2 Keepkey, Keepkey Firmware | 2024-11-21 | 6.6 Medium |
| In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes. | ||||
| CVE-2022-30233 | 1 Schneider-electric | 4 Wiser Smart Eer21000, Wiser Smart Eer21000 Firmware, Wiser Smart Eer21001 and 1 more | 2024-11-21 | 6.5 Medium |
| A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | ||||
| CVE-2022-30232 | 1 Schneider-electric | 2 Powerlogic Ion Setup, Powerlogic Ion Setup Firmware | 2024-11-21 | 8 High |
| A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | ||||
| CVE-2022-2891 | 1 Wpwhitesecurity | 1 Wp 2fa | 2024-11-21 | 5.9 Medium |
| The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared. | ||||
| CVE-2022-2868 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2024-11-21 | 5.5 Medium |
| libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. | ||||
| CVE-2022-2806 | 3 Ovirt, Redhat, Sos Project | 3 Log Collector, Rhev Manager, Sos | 2024-11-21 | 5.5 Medium |
| It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev | ||||
| CVE-2022-2739 | 2 Podman Project, Redhat | 4 Podman, Enterprise Linux Server, Enterprise Linux Workstation and 1 more | 2024-11-21 | 5.3 Medium |
| The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables. | ||||
| CVE-2022-2618 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . | ||||
| CVE-2022-2612 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. | ||||
| CVE-2022-2558 | 1 Presstigers | 1 Simple Job Board | 2024-11-21 | 5.3 Medium |
| The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations. | ||||
| CVE-2022-2479 | 1 Google | 2 Android, Chrome | 2024-11-21 | 4.3 Medium |
| Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page. | ||||
| CVE-2022-2417 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.2 Medium |
| Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project. | ||||
| CVE-2022-2394 | 1 Perforce | 1 Puppet Bolt | 2024-11-21 | 4.1 Medium |
| Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. | ||||
| CVE-2022-2385 | 1 Kubernetes | 1 Aws-iam-authenticator | 2024-11-21 | 8.1 High |
| A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. | ||||
| CVE-2022-2308 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.5 Medium |
| A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers. | ||||
| CVE-2022-2221 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | 6.5 Medium |
| Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. | ||||