• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-21835
2022-05-23
N/A
7.8 HIGH
Microsoft Cryptographic Services Elevation of Privilege Vulnerability.
CVE-2022-21834
2022-05-23
N/A
7.8 HIGH
Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability.
CVE-2022-21833
2022-05-23
N/A
7.8 HIGH
Virtual Machine IDE Drive Elevation of Privilege Vulnerability.
CVE-2022-21831
Active Storage, Rubyonrails
Actionpack, Actionpack_page-caching, Actionview, Active_job, Active_record_session_store, Active_resource, Active_storage, Globalid, Html_sanitizer, Jquery-rails
2023-01-27
N/A
9.8 CRITICAL
A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.
CVE-2022-21830
2022-04-08
N/A
6.1 MEDIUM
A blind self XSS vulnerability exists in RocketChat LiveChat
CVE-2022-2183
2022-09-01
N/A
7.8 HIGH
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
CVE-2022-21829
2022-07-05
N/A
9.8 CRITICAL
Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520.
CVE-2022-21828
2022-03-21
N/A
7.2 HIGH
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.
CVE-2022-21827
2022-06-08
N/A
7.1 HIGH
An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.
CVE-2022-21826
2022-10-04
N/A
5.4 MEDIUM
Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.
« Previous 1 … 10,729 10,730 10,731 10,732 10,733 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE