Search Results (364870 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-3239 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2024-11-21 7.8 High
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.
CVE-2022-3235 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2024-11-21 7.8 High
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
CVE-2022-3234 3 Debian, Fedoraproject, Vim 3 Debian Linux, Fedora, Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
CVE-2022-3232 1 Ikus-soft 1 Rdiffweb 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.
CVE-2022-3231 1 Librenms 1 Librenms 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.
CVE-2022-3224 1 Parse-url Project 1 Parse-url 2024-11-21 6.1 Medium
Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0.
CVE-2022-3223 1 Diagrams 1 Drawio 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.
CVE-2022-3222 1 Gpac 1 Gpac 2024-11-21 5.5 Medium
Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVE-2022-3221 1 Ikus-soft 1 Rdiffweb 2024-11-21 8.8 High
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3.
CVE-2022-3220 1 Webgilde 1 Advanced Comment Form 2024-11-21 4.8 Medium
The Advanced Comment Form WordPress plugin before 1.2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-3218 1 Necta 1 Wifi Mouse Server 2024-11-21 9.8 Critical
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's authentication mechanism is trivially bypassed, which can result in remote code execution.
CVE-2022-3217 1 Visam 1 Vbase 2024-11-21 7.5 High
When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. An unauthenticated remote attacker with the ability to capture a login session can obtain the login credentials.
CVE-2022-3213 2 Fedoraproject, Imagemagick 3 Extra Packages For Enterprise Linux, Fedora, Imagemagick 2024-11-21 5.5 Medium
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.
CVE-2022-3212 1 Axum-core Project 1 Axum-core 2024-11-21 7.5 High
<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. That meant if a malicious peer would send a very large (or infinite) body your server might run out of memory and crash. This also applies to these extractors which used Bytes::from_request internally: axum::extract::Form axum::extract::Json String
CVE-2022-3211 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.
CVE-2022-3209 1 Pencidesign 1 Soledad 2024-11-21 6.1 Medium
The soledad WordPress theme before 8.2.5 does not sanitise the {id,datafilter[type],...} parameters in its penci_more_slist_post_ajax AJAX action, leading to a Reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2022-3208 1 Simplefilelist 1 Simple-file-list 2024-11-21 6.5 Medium
The Simple File List WordPress plugin before 4.4.12 does not implement nonce checks, which could allow attackers to make a logged in admin create new page and change it's content via a CSRF attack.
CVE-2022-3207 1 Simplefilelist 1 Simple-file-list 2024-11-21 4.8 Medium
The Simple File List WordPress plugin before 4.4.12 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-3205 1 Redhat 1 Ansible Automation Platform 2024-11-21 4.6 Medium
Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection
CVE-2022-3202 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-11-21 7.1 High
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.