Search Results (363781 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2980 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 5.5 Medium
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.
CVE-2022-2978 2 Debian, Linux 2 Debian Linux, Linux Kernel 2024-11-21 7.8 High
A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVE-2022-2977 1 Linux 1 Linux Kernel 2024-11-21 7.8 High
A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-free and create a situation where it may be possible to escalate privileges on the system.
CVE-2022-2975 1 Avaya 1 Aura Application Enablement Services 2024-11-21 7.7 High
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement Services web application, allowing an administrative user to modify accounts leading to execution of arbitrary code as the root user. This issue affects Application Enablement Services versions 8.0.0.0 through 8.1.3.4 and 10.1.0.0 through 10.1.0.1. Versions prior to 8.0.0.0 are end of manufacturing support and were not evaluated.
CVE-2022-2965 1 Notrinos 1 Notrinoserp 2024-11-21 4.3 Medium
Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7.
CVE-2022-2964 3 Linux, Netapp, Redhat 18 Linux Kernel, H300s, H300s Firmware and 15 more 2024-11-21 7.8 High
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
CVE-2022-2961 3 Fedoraproject, Linux, Netapp 12 Fedora, Linux Kernel, H300s and 9 more 2024-11-21 7.0 High
A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-2959 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2024-11-21 7.0 High
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2022-2958 1 Badgeos 1 Badgos 2024-11-21 8.8 High
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections
CVE-2022-2953 4 Debian, Libtiff, Netapp and 1 more 4 Debian Linux, Libtiff, Ontap Select Deploy Administration Utility and 1 more 2024-11-21 5.5 Medium
LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.
CVE-2022-2946 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2024-11-21 7.8 High
Use After Free in GitHub repository vim/vim prior to 9.0.0246.
CVE-2022-2938 4 Fedoraproject, Linux, Netapp and 1 more 15 Fedora, Linux Kernel, H300s and 12 more 2024-11-21 7.8 High
A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.
CVE-2022-2932 1 Bdg 1 Mobiledoc Kit 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mobiledoc-kit prior to 0.14.2.
CVE-2022-2930 1 Octoprint 1 Octoprint 2024-11-21 7.8 High
Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.
CVE-2022-2929 4 Debian, Fedoraproject, Isc and 1 more 4 Debian Linux, Fedora, Dhcp and 1 more 2024-11-21 6.5 Medium
In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory.
CVE-2022-2928 4 Debian, Fedoraproject, Isc and 1 more 4 Debian Linux, Fedora, Dhcp and 1 more 2024-11-21 6.5 Medium
In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort.
CVE-2022-2927 1 Notrinos 1 Notrinoserp 2024-11-21 9.8 Critical
Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.
CVE-2022-2925 1 Appwrite 1 Appwrite 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1.
CVE-2022-2923 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 5.5 Medium
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.
CVE-2022-2921 1 Notrinos 1 Notrinoserp 2024-11-21 8.8 High
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions.