Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-24953 1 Pear 1 Crypt Gpg 2024-11-21 5.3 Medium
The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.
CVE-2022-24952 1 Eternal Terminal Project 1 Eternal Terminal 2024-11-21 6.5 Medium
Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC socket.
CVE-2022-24951 1 Eternal Terminal Project 1 Eternal Terminal 2024-11-21 7.0 High
A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future.
CVE-2022-24950 1 Eternal Terminal Project 1 Eternal Terminal 2024-11-21 7.5 High
A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().
CVE-2022-24949 1 Eternal Terminal Project 1 Eternal Terminal 2024-11-21 7.5 High
A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen().
CVE-2022-24948 1 Apache 1 Jspwiki 2024-11-21 6.1 Medium
A carefully crafted user preferences for submission could trigger an XSS vulnerability on Apache JSPWiki, related to the user preferences screen, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.2 or later.
CVE-2022-24947 1 Apache 1 Jspwiki 2024-11-21 8.8 High
Apache JSPWiki user preferences form is vulnerable to CSRF attacks, which can lead to account takeover. Apache JSPWiki users should upgrade to 2.11.2 or later.
CVE-2022-24935 1 Lexmark 2 Lexmark, Lexmark Firmware 2024-11-21 7.5 High
Lexmark products through 2022-02-10 have Incorrect Access Control.
CVE-2022-24934 1 Wps 1 Wps Office 2024-11-21 9.8 Critical
wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry.
CVE-2022-24932 2 Google, Samsung 2 Android, Cloud 2024-11-21 4.2 Medium
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.
CVE-2022-24931 1 Google 1 Android 2024-11-21 7.9 High
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission
CVE-2022-24930 1 Samsung 1 Wear Os 2024-11-21 4.4 Medium
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission
CVE-2022-24929 1 Google 1 Android 2024-11-21 4.1 Medium
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.
CVE-2022-24928 1 Google 1 Android 2024-11-21 5.9 Medium
Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP.
CVE-2022-24927 1 Samsung 1 Video Player 2024-11-21 4.2 Medium
Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission.
CVE-2022-24926 1 Samsung 1 Smarttagplugin 2024-11-21 5.7 Medium
Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices.
CVE-2022-24925 1 Google 1 Android 2024-11-21 4.4 Medium
Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices.
CVE-2022-24924 1 Samsung 1 Livewallpaperservice 2024-11-21 2.2 Low
An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.
CVE-2022-24923 1 Samsung 1 Searchwidget 2024-11-21 4 Medium
Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.
CVE-2022-24921 4 Debian, Golang, Netapp and 1 more 11 Debian Linux, Go, Astra Trident and 8 more 2024-11-21 7.5 High
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.