Search Results (363855 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2889 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Use After Free in GitHub repository vim/vim prior to 9.0.0225.
CVE-2022-2887 1 Acnam 1 Wp Server Health Stats 2024-11-21 4.8 Medium
The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-2885 1 Yetiforce 1 Yetiforce Customer Relationship Management 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-2877 1 Cm-wp 1 Titan Anti-spam \& Security 2024-11-21 5.3 Medium
The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.
CVE-2022-2874 1 Vim 1 Vim 2024-11-21 5.5 Medium
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.
CVE-2022-2873 5 Debian, Fedoraproject, Linux and 2 more 16 Debian Linux, Fedora, Linux Kernel and 13 more 2024-11-21 5.5 Medium
An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.
CVE-2022-2871 1 Notrinos 1 Notrinoserp 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.
CVE-2022-2869 4 Debian, Fedoraproject, Libtiff and 1 more 4 Debian Linux, Fedora, Libtiff and 1 more 2024-11-21 5.5 Medium
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.
CVE-2022-2868 4 Debian, Fedoraproject, Libtiff and 1 more 4 Debian Linux, Fedora, Libtiff and 1 more 2024-11-21 5.5 Medium
libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.
CVE-2022-2867 4 Debian, Fedoraproject, Libtiff and 1 more 4 Debian Linux, Fedora, Libtiff and 1 more 2024-11-21 5.5 Medium
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
CVE-2022-2863 1 Wpvivid 1 Migration\, Backup\, Staging 2024-11-21 4.9 Medium
The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack
CVE-2022-2862 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Use After Free in GitHub repository vim/vim prior to 9.0.0221.
CVE-2022-2849 2 Fedoraproject, Vim 2 Fedora, Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.
CVE-2022-2840 1 Zephyr-one 1 Zephyr Project Manager 2024-11-21 9.8 Critical
The Zephyr Project Manager WordPress plugin before 3.2.5 does not sanitise and escape various parameters before using them in SQL statements via various AJAX actions available to both unauthenticated and authenticated users, leading to SQL injections
CVE-2022-2839 1 Zephyr-one 1 Zephyr Project Manager 2024-11-21 5.4 Medium
The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.
CVE-2022-2838 1 Eclipse 1 Sphinx 2024-11-21 5.3 Medium
In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.
CVE-2022-2833 1 Blender 1 Blender 2024-11-21 7.5 High
Endless Infinite loop in Blender-thumnailing due to logical bugs.
CVE-2022-2832 2 Blender, Redhat 2 Blender, Openshift Sandboxed Containers 2024-11-21 7.5 High
A flaw was found in Blender 3.3.0. A null pointer dereference exists in source/blender/gpu/opengl/gl_backend.cc that may lead to loss of confidentiality and integrity.
CVE-2022-2831 1 Blender 1 Blender 2024-11-21 7.5 High
A flaw was found in Blender 3.3.0. An interger overflow in source/blender/blendthumb/src/blendthumb_extract.cc may lead to program crash or memory corruption.
CVE-2022-2830 1 Bitdefender 1 Gravityzone 2024-11-21 8.8 High
Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone Cloud Console versions prior to 6.27.2-2.