Search Results (363853 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2742 1 Google 3 Chrome, Chrome Os, Linux And Chrome Os 2024-11-21 8.8 High
Use after free in Exosphere in Google Chrome on Chrome OS and Lacros prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chrome security severity: High)
CVE-2022-2739 2 Podman Project, Redhat 4 Podman, Enterprise Linux Server, Enterprise Linux Workstation and 1 more 2024-11-21 5.3 Medium
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables.
CVE-2022-2738 2 Podman Project, Redhat 4 Podman, Enterprise Linux Server, Enterprise Linux Workstation and 1 more 2024-11-21 7.5 High
The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification.
CVE-2022-2737 1 Wp-staging 1 Wp Staging 2024-11-21 4.8 Medium
The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-2735 3 Clusterlabs, Debian, Redhat 4 Pcs, Debian Linux, Enterprise Linux and 1 more 2024-11-21 7.8 High
A vulnerability was found in the PCS project. This issue occurs due to incorrect permissions on a Unix socket used for internal communication between PCS daemons. A privilege escalation could happen by obtaining an authentication token for a hacluster user. With the "hacluster" token, this flaw allows an attacker to have complete control over the cluster managed by PCS.
CVE-2022-2734 1 Open-emr 1 Openemr 2024-11-21 5.4 Medium
Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2733 1 Open-emr 1 Openemr 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2731 1 Open-emr 1 Openemr 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2730 1 Open-emr 1 Openemr 2024-11-21 6.5 Medium
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2729 1 Open-emr 1 Openemr 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.
CVE-2022-2714 1 Rosariosis 1 Rosariosis 2024-11-21 9.8 Critical
Improper Handling of Length Parameter Inconsistency in GitHub repository francoisjacquet/rosariosis prior to 10.0.
CVE-2022-2710 1 Scroll To Top Project 1 Scroll To Top 2024-11-21 4.8 Medium
The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-2675 1 Unitree 2 Go 1, Go 1 Firmware 2024-11-21 6.5 Medium
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1.
CVE-2022-2668 1 Redhat 3 Keycloak, Red Hat Single Sign On, Single Sign-on 2024-11-21 7.2 High
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled
CVE-2022-2663 3 Debian, Linux, Redhat 5 Debian Linux, Linux Kernel, Enterprise Linux and 2 more 2024-11-21 5.3 Medium
An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured.
CVE-2022-2657 1 Wc-marketplace 1 Multivendor Marketplace Solution For Woocommerce - Wc Marketplace 2024-11-21 4.3 Medium
The Multivendor Marketplace Solution for WooCommerce WordPress plugin before 3.8.12 is lacking authorisation and CSRF in multiple AJAX actions, which could allow any authenticated users, such as subscriber to call them and suspend vendors (reporter by the submitter) or update arbitrary order status (identified by WPScan when verifying the issue) for example. Other unauthenticated attacks are also possible, either directly or via CSRF
CVE-2022-2655 1 Radiustheme 1 Classified Listing 2024-11-21 6.1 Medium
The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2022-2653 1 Planka 1 Planka 2024-11-21 6.5 Medium
With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system.
CVE-2022-2652 1 V4l2loopback Project 1 V4l2loopback 2024-11-21 6.0 Medium
Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row).
CVE-2022-2651 1 Joinbookwyrm 1 Bookwyrm 2024-11-21 9.8 Critical
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5.