Export limit exceeded: 349376 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35128 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35128 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33722 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. | ||||
| CVE-2022-33127 | 2 Diffy Project, Microsoft | 2 Diffy, Windows | 2024-11-21 | 9.8 Critical |
| The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string. | ||||
| CVE-2022-33085 | 1 Ecisp | 1 Espcms-p8 | 2024-11-21 | 7.2 High |
| ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates. | ||||
| CVE-2022-33082 | 1 Openpolicyagent | 1 Open Policy Agent | 2024-11-21 | 7.5 High |
| An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2022-33070 | 2 Fedoraproject, Protobuf-c Project | 2 Fedora, Protobuf-c | 2024-11-21 | 5.5 Medium |
| Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | ||||
| CVE-2022-33067 | 1 Long Range Zip Project | 1 Long Range Zip | 2024-11-21 | 5.5 Medium |
| Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors. | ||||
| CVE-2022-33004 | 1 Pypi | 1 Beginner | 2024-11-21 | 9.8 Critical |
| The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-33003 | 1 Pypi | 1 Watools | 2024-11-21 | 9.8 Critical |
| The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-33002 | 1 Pypi | 1 Explore | 2024-11-21 | 9.8 Critical |
| The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-33001 | 1 Pypi | 1 Aamiles | 2024-11-21 | 9.8 Critical |
| The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-33000 | 1 Pypi | 1 Ml-scanner | 2024-11-21 | 9.8 Critical |
| The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-32999 | 1 Pypi | 1 Cloudlabeling | 2024-11-21 | 9.8 Critical |
| The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-32998 | 1 Pypi | 1 Cryptoasset-data-downloader | 2024-11-21 | 9.8 Critical |
| The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-32997 | 1 Pypi | 1 Rootinteractive | 2024-11-21 | 9.8 Critical |
| The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-32996 | 1 Pypi | 1 Django-navbar-client | 2024-11-21 | 9.8 Critical |
| The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-32974 | 1 Tenable | 1 Nessus | 2024-11-21 | 6.5 Medium |
| An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials. | ||||
| CVE-2022-32973 | 1 Tenable | 1 Nessus | 2024-11-21 | 8.8 High |
| An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. | ||||
| CVE-2022-32920 | 1 Apple | 1 Xcode | 2024-11-21 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in Xcode 14.0. Parsing a file may lead to disclosure of user information. | ||||
| CVE-2022-32876 | 1 Apple | 1 Macos | 2024-11-21 | 3.3 Low |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13. A shortcut may be able to view the hidden photos album without authentication. | ||||
| CVE-2022-32868 | 1 Apple | 3 Ipados, Iphone Os, Safari | 2024-11-21 | 4.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 16, iOS 16, iOS 15.7 and iPadOS 15.7. A website may be able to track users through Safari web extensions. | ||||