Export limit exceeded: 341090 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2048 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-2472 | 1 Ezviz | 2 Cs-c6n-a0-1c2wfr, Cs-c6n-a0-1c2wfr Firmware | 2024-11-21 | 7.6 High |
| Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. | ||||
| CVE-2022-2403 | 1 Redhat | 1 Openshift | 2024-11-21 | 6.5 Medium |
| A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate. | ||||
| CVE-2022-2191 | 2 Eclipse, Redhat | 2 Jetty, Amq Streams | 2024-11-21 | 7.5 High |
| In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. | ||||
| CVE-2022-2048 | 5 Debian, Eclipse, Jenkins and 2 more | 12 Debian Linux, Jetty, Jenkins and 9 more | 2024-11-21 | 7.5 High |
| In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. | ||||
| CVE-2022-29901 | 6 Debian, Fedoraproject, Intel and 3 more | 258 Debian Linux, Fedora, Core I3-6100 and 255 more | 2024-11-21 | 5.6 Medium |
| Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. | ||||
| CVE-2022-29850 | 1 Lexmark | 234 B2236, B2236 Firmware, B2338 and 231 more | 2024-11-21 | 8.1 High |
| Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots. | ||||
| CVE-2022-29820 | 1 Jetbrains | 1 Pycharm | 2024-11-21 | 3 Low |
| In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible | ||||
| CVE-2022-29695 | 1 Unicorn-engine | 1 Unicorn Engine | 2024-11-21 | 7.5 High |
| Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. | ||||
| CVE-2022-29646 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-11-21 | 5.3 Medium |
| An access control issue in TOTOLINK A3100R V4.1.2cu.5050_B20200504 and V4.1.2cu.5247_B20211129 allows attackers to obtain sensitive information via a crafted web request. | ||||
| CVE-2022-28924 | 1 Universis | 1 Universis-students | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. | ||||
| CVE-2022-28794 | 1 Google | 1 Android | 2024-11-21 | 2.2 Low |
| Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. | ||||
| CVE-2022-28226 | 2 Microsoft, Yandex | 2 Windows, Yandex Browser | 2024-11-21 | 7.8 High |
| Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process. | ||||
| CVE-2022-28160 | 1 Jenkins | 1 Tests Selector | 2024-11-21 | 6.5 Medium |
| Jenkins Tests Selector Plugin 1.3.3 and earlier allows users with Item/Configure permission to read arbitrary files on the Jenkins controller. | ||||
| CVE-2022-27822 | 1 Google | 1 Android | 2024-11-21 | 6.6 Medium |
| Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. | ||||
| CVE-2022-27818 | 1 Waycrate | 1 Swhkd | 2024-11-21 | 9.1 Critical |
| SWHKD 1.1.5 unsafely uses the /tmp/swhkd.sock pathname. There can be an information leak or denial of service. | ||||
| CVE-2022-27817 | 1 Waycrate | 1 Swhkd | 2024-11-21 | 4.4 Medium |
| SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality. | ||||
| CVE-2022-27772 | 1 Vmware | 1 Spring Boot | 2024-11-21 | 7.8 High |
| spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer | ||||
| CVE-2022-27576 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission | ||||
| CVE-2022-27512 | 1 Citrix | 1 Application Delivery Management | 2024-11-21 | 5.3 Medium |
| Temporary disruption of the ADM license service. The impact of this includes preventing new licenses from being issued or renewed by Citrix ADM. | ||||
| CVE-2022-27331 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 Medium |
| An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. | ||||