• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-21235
2022-04-08
N/A
9.8 CRITICAL
The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.
CVE-2022-21234
2022-04-21
N/A
8.8 HIGH
An SQL injection vulnerability exists in the EchoAssets.aspx functionality of Lansweeper lansweeper 9.1.20.2. A specially-crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2022-21233
Atom C3336, Intel
Core_i7-6970hq_firmware, Core_i7-6970hq, Core_i7-6920hq_firmware, Core_i7-6920hq, Core_i7-6870hq_firmware, Core_i7-6870hq, Core_i7-6822eq_firmware, Core_i7-6822eq, Core_i7-6820hq_firmware, Core_i7-6820hq
2022-10-28
N/A
5.5 MEDIUM
Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2022-21231
2022-07-06
N/A
9.8 CRITICAL
All versions of package deep-get-set are vulnerable to Prototype Pollution via the 'deep' function. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7715](https://security.snyk.io/vuln/SNYK-JS-DEEPGETSET-598666)
CVE-2022-21230
2022-05-11
N/A
5.5 MEDIUM
This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. **Workaround:** Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue.
CVE-2022-2123
2022-07-15
N/A
4.3 MEDIUM
The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.
CVE-2022-21229
2022-08-23
N/A
7.8 HIGH
Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-21228
Alpha5 Smart Loader, Fujielectric
Alpha7_pc_loader_firmware, Alpha7_pc_loader, Alpha5_smart_loader_firmware, Alpha5_smart_loader
2022-04-21
N/A
7.8 HIGH
The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.
CVE-2022-21227
2022-05-11
N/A
7.5 HIGH
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine.
CVE-2022-21226
2022-02-15
N/A
5.5 MEDIUM
Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access.
« Previous 1 … 10,792 10,793 10,794 10,795 10,796 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE