Search Results (86095 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0368 3 Apple, Debian, Vim 3 Macos, Debian Linux, Vim 2024-11-21 7.8 High
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-0366 1 Capsule8 1 Capsule8 2024-11-21 8.8 High
An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1.
CVE-2022-0358 2 Qemu, Redhat 4 Qemu, Advanced Virtualization, Enterprise Linux and 1 more 2024-11-21 7.8 High
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.
CVE-2022-0336 2 Fedoraproject, Samba 2 Fedora, Samba 2024-11-21 8.8 High
The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.
CVE-2022-0335 1 Moodle 1 Moodle 2024-11-21 8.8 High
A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.
CVE-2022-0330 4 Fedoraproject, Linux, Netapp and 1 more 52 Fedora, Linux Kernel, H300e and 49 more 2024-11-21 7.8 High
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2022-0323 1 Mustache Project 1 Mustache 2024-11-21 8.8 High
Improper Neutralization of Special Elements Used in a Template Engine in Packagist mustache/mustache prior to 2.14.1.
CVE-2022-0315 1 Horovod 1 Horovod 2024-11-21 7.5 High
Insecure Temporary File in GitHub repository horovod/horovod prior to 0.24.0.
CVE-2022-0311 1 Google 1 Chrome 2024-11-21 8.8 High
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0310 1 Google 1 Chrome 2024-11-21 8.8 High
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.
CVE-2022-0308 1 Google 2 Chrome, Chrome Os 2024-11-21 8.8 High
Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0307 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0306 1 Google 1 Chrome 2024-11-21 8.8 High
Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0304 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0302 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0301 1 Google 1 Chrome 2024-11-21 7.8 High
Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0300 1 Google 2 Android, Chrome 2024-11-21 8.8 High
Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0298 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0297 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-0296 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page.