Search Results (363401 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-1509 1 Hestiacp 1 Control Panel 2024-11-21 9.9 Critical
Command Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.
CVE-2022-1508 1 Linux 1 Linux Kernel 2024-11-21 6.1 Medium
An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds.
CVE-2022-1507 2 Chafa Project, Fedoraproject 2 Chafa, Fedora 2024-11-21 5.5 Medium
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.
CVE-2022-1506 1 Wp Born Babies Project 1 Wp Born Babies 2024-11-21 5.4 Medium
The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks
CVE-2022-1504 1 Microweber 1 Microweber 2024-11-21 6.1 Medium
XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks.
CVE-2022-1502 1 Octopus 1 Server 2024-11-21 4.3 Medium
Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions.
CVE-2022-1501 1 Google 1 Chrome 2024-11-21 6.5 Medium
Inappropriate implementation in iframe in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-1500 1 Google 1 Chrome 2024-11-21 6.5 Medium
Insufficient data validation in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2022-1499 1 Google 1 Chrome 2024-11-21 6.3 Medium
Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
CVE-2022-1498 1 Google 1 Chrome 2024-11-21 4.3 Medium
Inappropriate implementation in HTML Parser in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-1497 1 Google 1 Chrome 2024-11-21 6.5 Medium
Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page.
CVE-2022-1496 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in File Manager in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
CVE-2022-1495 1 Google 2 Android, Chrome 2024-11-21 4.3 Medium
Incorrect security UI in Downloads in Google Chrome on Android prior to 101.0.4951.41 allowed a remote attacker to spoof the APK downloads dialog via a crafted HTML page.
CVE-2022-1494 1 Google 1 Chrome 2024-11-21 6.1 Medium
Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass trusted types policy via a crafted HTML page.
CVE-2022-1493 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Dev Tools in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
CVE-2022-1492 1 Google 1 Chrome 2024-11-21 6.1 Medium
Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to inject arbitrary scripts or HTML via a crafted HTML page.
CVE-2022-1491 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Bookmarks in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific and direct user interaction.
CVE-2022-1490 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Browser Switcher in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-1489 1 Google 2 Chrome, Chrome Os 2024-11-21 8.8 High
Out of bounds memory access in UI Shelf in Google Chrome on Chrome OS, Lacros prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via specific user interactions.
CVE-2022-1488 1 Google 1 Chrome 2024-11-21 4.3 Medium
Inappropriate implementation in Extensions API in Google Chrome prior to 101.0.4951.41 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension.