• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-21172
2022-08-22
N/A
6.7 MEDIUM
Out of bounds write for some Intel(R) PROSet/Wireless WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2022-21170
2022-03-16
N/A
3.7 LOW
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.
CVE-2022-2117
2022-07-25
N/A
5.3 MEDIUM
The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. This functionality has been completely removed in version 2.20.2.
CVE-2022-21169
2022-09-28
N/A
6.1 MEDIUM
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.
CVE-2022-21168
Alpha5 Smart Loader, Fujielectric
Alpha7_pc_loader_firmware, Alpha7_pc_loader, Alpha5_smart_loader_firmware, Alpha5_smart_loader
2022-04-21
N/A
5.5 MEDIUM
The affected product is vulnerable due to an invalid pointer initialization, which may lead to information disclosure.
CVE-2022-21167
2022-10-07
N/A
9.8 CRITICAL
All versions of package masuit.tools.core are vulnerable to Arbitrary Code Execution via the ReceiveVarData function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.
CVE-2022-21166
2022-08-19
N/A
5.5 MEDIUM
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21165
2022-09-02
N/A
9.8 CRITICAL
All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function.
CVE-2022-21164
2022-03-28
N/A
7.5 HIGH
The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check.
CVE-2022-21163
2023-02-17
N/A
N/A
Improper access control in the Crypto API Toolkit for Intel(R) SGX before version 2.0 commit ID 91ee496 may allow an authenticated user to potentially enable escalation of privilege via local access.
« Previous 1 … 10,798 10,799 10,800 10,801 10,802 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE