Search Results (364053 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0132 1 Framasoft 1 Peertube 2024-11-21 7.5 High
peertube is vulnerable to Server-Side Request Forgery (SSRF)
CVE-2022-0131 1 Jmty 1 Jimoty 2024-11-21 3.3 Low
Jimoty App for Android versions prior to 3.7.42 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app.
CVE-2022-0130 1 Tenable 1 Tenable.sc 2024-11-21 8.1 High
Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation.
CVE-2022-0129 1 Mcafee 1 Techcheck 2024-11-21 7.4 High
Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user. This was achieved through placing the malicious DLL in the same directory that the process was run from.
CVE-2022-0128 2 Apple, Vim 3 Mac Os X, Macos, Vim 2024-11-21 7.8 High
vim is vulnerable to Out-of-bounds Read
CVE-2022-0125 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not verifying that a maintainer of a project had the right access to import members from a target project.
CVE-2022-0124 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. Gitlab's Slack integration is incorrectly validating user input and allows to craft malicious URLs that are sent to slack.
CVE-2022-0123 1 Gitlab 1 Gitlab 2024-11-21 5.9 Medium
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services.
CVE-2022-0122 1 Digitalbazaar 1 Forge 2024-11-21 6.1 Medium
forge is vulnerable to URL Redirection to Untrusted Site
CVE-2022-0120 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 6.5 Medium
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website.
CVE-2022-0118 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 4.3 Medium
Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0117 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 6.5 Medium
Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-0116 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 4.3 Medium
Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0115 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.8 High
Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2022-0114 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 8.1 High
Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver.
CVE-2022-0113 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 6.5 Medium
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2022-0112 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 4.3 Medium
Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL.
CVE-2022-0111 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 6.5 Medium
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page.
CVE-2022-0110 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 4.3 Medium
Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2022-0109 2 Fedoraproject, Google 2 Fedora, Chrome 2024-11-21 6.5 Medium
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page.