CVE's - CVE Vulnerability

CVE

Vendors

Products

Updated

CVSS v2

CVSS v3

CVE-2022-2113

2022-06-27

N/A

5.4 MEDIUM

Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2.

CVE-2022-21129

2023-02-07

N/A

9.8 CRITICAL

Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. **Note:** In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium dependencies.

CVE-2022-21128

2022-05-23

N/A

7.8 HIGH

Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access.

CVE-2022-21127

2023-01-31

N/A

5.5 MEDIUM

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-21126

2022-12-01

N/A

7.8 HIGH

The package com.github.samtools:htsjdk before 3.0.1 are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the createTempDir() function in util/IOUtil.java not checking for the existence of the temporary directory before attempting to create it.

CVE-2022-21125

2022-08-19

N/A

5.5 MEDIUM

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-21124

2022-06-16

N/A

7.8 HIGH

Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234.

CVE-2022-21123

2022-08-19

N/A

5.5 MEDIUM

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

CVE-2022-21122

2022-06-17

N/A

9.8 CRITICAL

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor.

CVE-2022-2112

2022-06-29

N/A

8.8 HIGH

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.

« Previous 1 … 10,802 10,803 10,804 10,805 10,806 … 11,258 Next »