Search Results (363701 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0538 1 Jenkins 1 Jenkins 2024-11-21 7.5 High
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
CVE-2022-0537 1 Mappresspro 1 Mappress 2024-11-21 7.2 High
The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to the current 's stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write access.
CVE-2022-0535 1 E2pdf 1 E2pdf 2024-11-21 4.8 Medium
The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2022-0534 2 Debian, Htmldoc Project 2 Debian Linux, Htmldoc 2024-11-21 5.5 Medium
A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).
CVE-2022-0533 1 Metaphorcreations 1 Ditty 2024-11-21 6.1 Medium
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2022-0532 2 Kubernetes, Redhat 3 Cri-o, Openshift, Openshift Container Platform 2024-11-21 4.2 Medium
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.
CVE-2022-0531 1 Wpvivid 1 Migration\, Backup\, Staging 2024-11-21 6.1 Medium
The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting
CVE-2022-0527 1 Chatwoot 1 Chatwoot 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.
CVE-2022-0526 1 Chatwoot 1 Chatwoot 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.
CVE-2022-0525 1 Mruby 1 Mruby 2024-11-21 9.1 Critical
Out-of-bounds Read in Homebrew mruby prior to 3.2.
CVE-2022-0524 1 Publify Project 1 Publify 2024-11-21 7.5 High
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
CVE-2022-0523 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.8 High
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2022-0522 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.1 High
Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.
CVE-2022-0521 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.1 High
Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2022-0520 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.8 High
Use After Free in NPM radare2.js prior to 5.6.2.
CVE-2022-0519 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.1 High
Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2022-0518 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.1 High
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2022-0516 5 Debian, Fedoraproject, Linux and 2 more 32 Debian Linux, Fedora, Linux Kernel and 29 more 2024-11-21 7.8 High
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.
CVE-2022-0515 1 Craterapp 1 Crater 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
CVE-2022-0514 1 Craterapp 1 Crater 2024-11-21 6.5 Medium
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.