Search Results (36938 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-20004 1 Google 1 Android 2024-11-21 7.8 High
In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-179699767
CVE-2022-20002 1 Google 1 Android 2024-11-21 7.8 High
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-198657657
CVE-2022-1983 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured.
CVE-2022-1981 1 Gitlab 1 Gitlab 2024-11-21 2.7 Low
An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list.
CVE-2022-1950 1 Kainelabs 1 Youzify 2024-11-21 9.8 Critical
The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection
CVE-2022-1944 1 Gitlab 1 Gitlab 2024-11-21 5.4 Medium
When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs
CVE-2022-1936 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured
CVE-2022-1935 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured
CVE-2022-1931 1 Trudesk Project 1 Trudesk 2024-11-21 8.1 High
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3.
CVE-2022-1905 1 E-dynamics 1 Events Made Easy 2024-11-21 9.8 Critical
The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
CVE-2022-1903 1 Armemberplugin 1 Armember 2024-11-21 8.1 High
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username
CVE-2022-1883 1 Camptocamp 1 Terraboard 2024-11-21 8.8 High
SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.
CVE-2022-1869 1 Google 1 Chrome 2024-11-21 6.5 Medium
Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-1848 1 Erudika 1 Para 2024-11-21 5.3 Medium
Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.
CVE-2022-1809 1 Radare 1 Radare2 2024-11-21 7.8 High
Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.
CVE-2022-1801 1 Very Simple Contact Form Project 1 Very Simple Contact Form 2024-11-21 7.5 High
The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots.
CVE-2022-1800 1 Soflyy 1 Export Any Wordpress Data To Xml\/csv 2024-11-21 7.2 High
The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability.
CVE-2022-1786 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-11-21 7.8 High
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system.
CVE-2022-1777 1 Filr Project 1 Filr 2024-11-21 8.8 High
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as delete all files or arbitrary ones.
CVE-2022-1731 1 Allgeier 1 Metasonic Doc Webclient 2024-11-21 9.8 Critical
Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist.