Export limit exceeded: 25383 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25383 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30719 | 1 Google | 1 Android | 2024-11-21 | 2.5 Low |
| Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | ||||
| CVE-2022-30713 | 1 Google | 1 Android | 2024-11-21 | 8.5 High |
| Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | ||||
| CVE-2022-30712 | 1 Google | 1 Android | 2024-11-21 | 8.5 High |
| Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | ||||
| CVE-2022-30711 | 1 Google | 1 Android | 2024-11-21 | 8.5 High |
| Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | ||||
| CVE-2022-30710 | 1 Google | 1 Android | 2024-11-21 | 8.5 High |
| Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | ||||
| CVE-2022-30709 | 1 Google | 1 Android | 2024-11-21 | 2.5 Low |
| Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | ||||
| CVE-2022-30693 | 1 Cybozu | 1 Office | 2024-11-21 | 5.3 Medium |
| Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors. | ||||
| CVE-2022-30625 | 1 Chcnav | 2 P5e Gnss, P5e Gnss Firmware | 2024-11-21 | 5.7 Medium |
| Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. A directory listing provides an attacker with the complete index of all the resources located inside of the directory. The specific risks and consequences vary depending on which files are listed and accessible. | ||||
| CVE-2022-30607 | 2 Ibm, Microsoft | 2 Robotic Process Automation, Windows | 2024-11-21 | 6.5 Medium |
| IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294. | ||||
| CVE-2022-30598 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 4.3 Medium |
| A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. | ||||
| CVE-2022-30586 | 1 Gradle | 1 Gradle | 2024-11-21 | 7.2 High |
| Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. | ||||
| CVE-2022-30535 | 1 F5 | 1 Nginx Ingress Controller | 2024-11-21 | 6.5 Medium |
| In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-30334 | 1 Brave | 1 Brave | 2024-11-21 | 5.3 Medium |
| Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser." | ||||
| CVE-2022-30331 | 1 Tigergraph | 1 Tigergraph | 2024-11-21 | 8.8 High |
| The User-Defined Functions (UDF) feature in TigerGraph 3.6.0 allows installation of a query (in the GSQL query language) without proper validation. Consequently, an attacker can execute arbitrary C++ code. NOTE: the vendor's position is "GSQL was behaving as expected." | ||||
| CVE-2022-30330 | 1 Keepkey | 2 Keepkey, Keepkey Firmware | 2024-11-21 | 6.6 Medium |
| In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes. | ||||
| CVE-2022-30233 | 1 Schneider-electric | 4 Wiser Smart Eer21000, Wiser Smart Eer21000 Firmware, Wiser Smart Eer21001 and 1 more | 2024-11-21 | 6.5 Medium |
| A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | ||||
| CVE-2022-30232 | 1 Schneider-electric | 2 Powerlogic Ion Setup, Powerlogic Ion Setup Firmware | 2024-11-21 | 8 High |
| A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | ||||
| CVE-2022-2891 | 1 Wpwhitesecurity | 1 Wp 2fa | 2024-11-21 | 5.9 Medium |
| The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared. | ||||
| CVE-2022-2868 | 4 Debian, Fedoraproject, Libtiff and 1 more | 4 Debian Linux, Fedora, Libtiff and 1 more | 2024-11-21 | 5.5 Medium |
| libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. | ||||
| CVE-2022-2806 | 3 Ovirt, Redhat, Sos Project | 3 Log Collector, Rhev Manager, Sos | 2024-11-21 | 5.5 Medium |
| It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev | ||||