Export limit exceeded: 43614 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43614 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0792 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Out of bounds read in ANGLE in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0741 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.8 Medium |
| Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. | ||||
| CVE-2022-0729 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 8.8 High |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. | ||||
| CVE-2022-0717 | 1 Mruby | 1 Mruby | 2024-11-21 | 9.1 Critical |
| Out-of-bounds Read in GitHub repository mruby/mruby prior to 3.2. | ||||
| CVE-2022-0714 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 5.5 Medium |
| Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436. | ||||
| CVE-2022-0713 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 7.1 High |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. | ||||
| CVE-2022-0685 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 7.8 High |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. | ||||
| CVE-2022-0677 | 1 Bitdefender | 3 Endpoint Security Tools, Gravityzone, Update Server | 2024-11-21 | 7.5 High |
| Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111. | ||||
| CVE-2022-0676 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 7.8 High |
| Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.4. | ||||
| CVE-2022-0675 | 2 Puppet, Redhat | 2 Firewall, Openstack | 2024-11-21 | 5.6 Medium |
| In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state. | ||||
| CVE-2022-0636 | 1 Lenovo | 1 Thin Installer | 2024-11-21 | 5 Medium |
| A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. | ||||
| CVE-2022-0631 | 1 Mruby | 1 Mruby | 2024-11-21 | 9.8 Critical |
| Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. | ||||
| CVE-2022-0630 | 1 Mruby | 1 Mruby | 2024-11-21 | 7.1 High |
| Out-of-bounds Read in Homebrew mruby prior to 3.2. | ||||
| CVE-2022-0629 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 7.8 High |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | ||||
| CVE-2022-0623 | 1 Mruby | 1 Mruby | 2024-11-21 | 9.1 Critical |
| Out-of-bounds Read in Homebrew mruby prior to 3.2. | ||||
| CVE-2022-0618 | 1 Apple | 1 Swiftnio Http\/2 | 2024-11-21 | 7.5 High |
| A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE frame with HTTP/2 padding information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. | ||||
| CVE-2022-0614 | 1 Mruby | 1 Mruby | 2024-11-21 | 5.5 Medium |
| Use of Out-of-range Pointer Offset in Homebrew mruby prior to 3.2. | ||||
| CVE-2022-0613 | 3 Fedoraproject, Redhat, Uri.js Project | 6 Fedora, Acm, Enterprise Linux and 3 more | 2024-11-21 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. | ||||
| CVE-2022-0608 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Integer overflow in Mojo in Google Chrome prior to 98.0.4758.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2022-0596 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 Medium |
| Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11. | ||||