Search Results (363701 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0567 2 Ovn, Redhat 2 Ovn-kubernetes, Openshift 2024-11-21 9.1 Critical
A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable.
CVE-2022-0562 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-11-21 5.5 Medium
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
CVE-2022-0561 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-11-21 5.5 Medium
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
CVE-2022-0560 1 Microweber 1 Microweber 2024-11-21 6.1 Medium
Open Redirect in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0559 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 9.8 Critical
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2022-0558 1 Microweber 1 Microweber 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0557 1 Microweber 1 Microweber 2024-11-21 7.2 High
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
CVE-2022-0556 1 Zyxel 1 Zyxel Ap Configurator 2024-11-21 7.3 High
A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator.
CVE-2022-0554 5 Apple, Debian, Fedoraproject and 2 more 5 Macos, Debian Linux, Fedora and 2 more 2024-11-21 7.8 High
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.
CVE-2022-0552 1 Redhat 2 Logging, Origin-aggregated-logging 2024-11-21 5.9 Medium
A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11.
CVE-2022-0551 1 Nozominetworks 2 Cmc, Guardian 2024-11-21 7.2 High
Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.
CVE-2022-0550 1 Nozominetworks 2 Cmc, Guardian 2024-11-21 7.2 High
Improper Input Validation vulnerability in custom report logo upload in Nozomi Networks Guardian, and CMC allows an authenticated attacker with admin or report manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0.
CVE-2022-0549 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI.
CVE-2022-0546 3 Blender, Debian, Fedoraproject 4 Blender, Debian Linux, Extra Packages For Enterprise Linux and 1 more 2024-11-21 7.8 High
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution.
CVE-2022-0545 2 Blender, Debian 2 Blender, Debian Linux 2024-11-21 7.8 High
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-0544 2 Blender, Debian 2 Blender, Debian Linux 2024-11-21 5.5 Medium
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1.
CVE-2022-0542 1 Chatwoot 1 Chatwoot 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0.
CVE-2022-0541 1 Flothemes 1 Flo-launch 2024-11-21 9.8 Critical
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value.
CVE-2022-0540 1 Atlassian 3 Jira Data Center, Jira Server, Jira Service Management 2024-11-21 9.8 Critical
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
CVE-2022-0539 1 Beanstalk Console Project 1 Beanstalk Console 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14.