Search Results (86094 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0196 2 Fedoraproject, Phoronix-media 2 Fedora, Phoronix Test Suite 2024-11-21 8.8 High
phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2022-0192 1 Lenovo 1 Pcmanager 2024-11-21 7.3 High
A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation.
CVE-2022-0190 1 Acnam 1 Ad Invalid Click Protector 2024-11-21 8.8 High
The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action.
CVE-2022-0180 1 Expresstech 1 Quiz And Survey Master 2024-11-21 8.8 High
Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.
CVE-2022-0166 1 Mcafee 1 Agent 2024-11-21 7.8 High
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses openssl.cnf during the build process to specify the OPENSSLDIR variable as a subdirectory within the installation directory. A low privilege user could have created subdirectories and executed arbitrary code with SYSTEM privileges by creating the appropriate pathway to the specifically created malicious openssl.cnf file.
CVE-2022-0162 1 Tp-link 2 Tl-wr841n, Tl-wr841n Firmware 2024-11-21 8.4 High
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface.
CVE-2022-0154 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
An issue has been discovered in GitLab affecting all versions starting from 7.7 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was vulnerable to a Cross-Site Request Forgery attack that allows a malicious user to have their GitHub project imported on another GitLab user account.
CVE-2022-0153 1 Fork-cms 1 Fork Cms 2024-11-21 7.5 High
SQL Injection in GitHub repository forkcms/forkcms prior to 5.11.1.
CVE-2022-0144 2 Redhat, Shelljs Project 2 Acm, Shelljs 2024-11-21 7.1 High
shelljs is vulnerable to Improper Privilege Management
CVE-2022-0141 1 Vfbpro 1 Visual Form Builder 2024-11-21 8.1 High
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks
CVE-2022-0135 3 Debian, Redhat, Virglrenderer Project 3 Debian Linux, Enterprise Linux, Virglrenderer 2024-11-21 7.8 High
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.
CVE-2022-0134 1 Bologer 1 Anycomment 2024-11-21 8.8 High
The AnyComment WordPress plugin before 0.2.18 does not have CSRF checks in the Import and Revert HyperComments features, allowing attackers to make logged in admin perform such actions via a CSRF attack
CVE-2022-0133 1 Framasoft 1 Peertube 2024-11-21 7.5 High
peertube is vulnerable to Improper Access Control
CVE-2022-0132 1 Framasoft 1 Peertube 2024-11-21 7.5 High
peertube is vulnerable to Server-Side Request Forgery (SSRF)
CVE-2022-0130 1 Tenable 1 Tenable.sc 2024-11-21 8.1 High
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation.
CVE-2022-0129 1 Mcafee 1 Techcheck 2024-11-21 7.4 High
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from.
CVE-2022-0128 2 Apple, Vim 3 Mac Os X, Macos, Vim 2024-11-21 7.8 High
vim is vulnerable to Out-of-bounds Read
CVE-2022-0115 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2022-0114 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.1 High
Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.
CVE-2022-0107 2 Fedoraproject, Google 3 Fedora, Chrome, Chrome Os 2024-11-21 8.8 High
Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.