Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-0224 | 8 Fedoraproject, Filezilla-project, Mariadb and 5 more | 19 Fedora, Filezilla Server, Mariadb and 16 more | 2022-07-28 | 5.8 MEDIUM | 7.4 HIGH |
| OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability. | |||||
| CVE-2012-2135 | 3 Canonical, Debian, Python | 3 Ubuntu Linux, Debian Linux, Python | 2022-07-28 | 6.4 MEDIUM | N/A |
| The utf-16 decoder in Python 3.1 through 3.3 does not update the aligned_end variable after calling the unicode_decode_call_errorhandler function, which allows remote attackers to obtain sensitive information (process memory) or cause a denial of service (memory corruption and crash) via unspecified vectors. | |||||
| CVE-2021-24405 | 1 Izsoft | 1 Easy Cookies Policy | 2022-07-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If users can't register, this can be done through CSRF. Furthermore, the cookie banner setting is not sanitised or validated before being output in all pages of the frontend and the backend settings one, leading to a Stored Cross-Site Scripting issue. | |||||
| CVE-2022-36364 | 2022-07-28 | N/A | N/A | ||
| Apache Calcite Avatica JDBC driver creates HTTP client instances based on class names provided via `httpclient_impl` connection property; however, the driver does not verify if the class implements the expected interface before instantiating it, which can lead to code execution loaded via arbitrary classes and in rare cases remote code execution. To exploit the vulnerability: 1) the attacker needs to have privileges to control JDBC connection parameters; 2) and there should be a vulnerable class (constructor with URL parameter and ability to execute code) in the classpath. From Apache Calcite Avatica 1.22.0 onwards, it will be verified that the class implements the expected interface before invoking its constructor. | |||||
| CVE-2022-2164 | 2022-07-28 | N/A | N/A | ||
| Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page. | |||||
| CVE-2022-2162 | 2022-07-28 | N/A | N/A | ||
| Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. | |||||
| CVE-2022-2161 | 2022-07-28 | N/A | N/A | ||
| Use after free in WebApp Provider in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who convinced the user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | |||||
| CVE-2022-2157 | 2022-07-28 | N/A | N/A | ||
| Use after free in Interest groups in Google Chrome prior to 103.0.5060.53 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2156 | 2022-07-28 | N/A | N/A | ||
| Use after free in Core in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2011 | 2022-07-28 | N/A | N/A | ||
| Use after free in ANGLE in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2010 | 2022-07-28 | N/A | N/A | ||
| Out of bounds read in compositing in Google Chrome prior to 102.0.5005.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2022-2008 | 2022-07-28 | N/A | N/A | ||
| Double free in WebGL in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-2007 | 2022-07-28 | N/A | N/A | ||
| Use after free in WebGPU in Google Chrome prior to 102.0.5005.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-34140 | 2022-07-28 | N/A | N/A | ||
| A stored cross-site scripting (XSS) vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field. | |||||
| CVE-2021-33371 | 2022-07-28 | N/A | N/A | ||
| A stored cross-site scripting (XSS) vulnerability in /nav_bar_action.php of Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat box. | |||||
| CVE-2021-46830 | 2022-07-28 | N/A | N/A | ||
| A path traversal vulnerability exists within GoAnywhere MFT before 6.8.3 that utilize self-registration for the GoAnywhere Web Client. This vulnerability could potentially allow an external user who self-registers with a specific username and/or profile information to gain access to files at a higher directory level than intended. | |||||
| CVE-2022-1876 | 2022-07-28 | N/A | N/A | ||
| Heap buffer overflow in DevTools in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1875 | 2022-07-28 | N/A | N/A | ||
| Inappropriate implementation in PDF in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1873 | 2022-07-28 | N/A | N/A | ||
| Insufficient policy enforcement in COOP in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2022-1872 | 2022-07-28 | N/A | N/A | ||
| Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. | |||||
| CVE-2022-1871 | 2022-07-28 | N/A | N/A | ||
| Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page. | |||||
| CVE-2022-1870 | 2022-07-28 | N/A | N/A | ||
| Use after free in App Service in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. | |||||
| CVE-2022-1869 | 2022-07-28 | N/A | N/A | ||
| Type Confusion in V8 in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1868 | 2022-07-28 | N/A | N/A | ||
| Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. | |||||
| CVE-2022-1866 | 2022-07-28 | N/A | N/A | ||
| Use after free in Tablet Mode in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific user interactions. | |||||
| CVE-2022-1865 | 2022-07-28 | N/A | N/A | ||
| Use after free in Bookmarks in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. | |||||
| CVE-2022-1864 | 2022-07-28 | N/A | N/A | ||
| Use after free in WebApp Installs in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. | |||||
| CVE-2022-1863 | 2022-07-28 | N/A | N/A | ||
| Use after free in Tab Groups in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension and specific user interaction. | |||||
| CVE-2022-1862 | 2022-07-28 | N/A | N/A | ||
| Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page. | |||||
| CVE-2022-1861 | 2022-07-28 | N/A | N/A | ||
| Use after free in Sharing in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific user interaction. | |||||
| CVE-2022-1860 | 2022-07-28 | N/A | N/A | ||
| Use after free in UI Foundations in Google Chrome on Chrome OS prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via specific user interactions. | |||||
| CVE-2022-1859 | 2022-07-28 | N/A | N/A | ||
| Use after free in Performance Manager in Google Chrome prior to 102.0.5005.61 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1858 | 2022-07-28 | N/A | N/A | ||
| Out of bounds read in DevTools in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform an out of bounds memory read via specific user interaction. | |||||
| CVE-2022-1857 | 2022-07-28 | N/A | N/A | ||
| Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. | |||||
| CVE-2022-1856 | 2022-07-28 | N/A | N/A | ||
| Use after free in User Education in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension or specific user interaction. | |||||
| CVE-2022-1855 | 2022-07-28 | N/A | N/A | ||
| Use after free in Messaging in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1854 | 2022-07-28 | N/A | N/A | ||
| Use after free in ANGLE in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1853 | 2022-07-28 | N/A | N/A | ||
| Use after free in Indexed DB in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2022-36956 | 2022-07-28 | N/A | N/A | ||
| In Veritas NetBackup, the NetBackup Client allows arbitrary command execution from any remote host that has access to a valid host-id NetBackup certificate/private key from the same domain. The affects 9.0.x through 9.0.0.1 and 9.1.x through 9.1.0.1. | |||||
| CVE-2022-36955 | 2022-07-28 | N/A | N/A | ||
| In Veritas NetBackup, an attacker with unprivileged local access to a NetBackup Client may send specific commands to escalate their privileges. This affects 8.0 through 8.1.2, 8.2, 8.3 through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1. | |||||
| CVE-2022-36954 | 2022-07-28 | N/A | N/A | ||
| In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36953 | 2022-07-28 | N/A | N/A | ||
| In Veritas NetBackup OpsCenter, certain endpoints could allow an unauthenticated remote attacker to gain sensitive information. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36952 | 2022-07-28 | N/A | N/A | ||
| In Veritas NetBackup OpsCenter, a hard-coded credential exists that could be used to exploit the underlying VxSS subsystem. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36951 | 2022-07-28 | N/A | N/A | ||
| In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may compromise the host by exploiting an incorrectly patched vulnerability. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36950 | 2022-07-28 | N/A | N/A | ||
| In Veritas NetBackup OpsCenter, an unauthenticated remote attacker may be able to perform remote command execution through a Java classloader manipulation. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36949 | 2022-07-28 | N/A | N/A | ||
| In Veritas NetBackup OpsCenter, an attacker with local access to a NetBackup OpsCenter server could potentially escalate their privileges. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36948 | 2022-07-28 | N/A | N/A | ||
| In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-35911 | 2022-07-28 | N/A | N/A | ||
| On Patlite NH-FB series devices through 1.46, remote attackers can cause a denial of service by omitting the query string. | |||||
| CVE-2021-42537 | 2022-07-28 | N/A | N/A | ||
| VISAM VBASE version 11.6.0.6 processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. | |||||
| CVE-2021-42535 | 2022-07-28 | N/A | N/A | ||
| VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage. | |||||