• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-1976
2023-02-14
N/A
7.8 HIGH
A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation.
CVE-2022-1975
2022-09-07
N/A
5.5 MEDIUM
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space.
CVE-2022-1974
Linux, Linux Kernel
Acrn, Audit, Dhcp6c, Direct_connect, Infiniband_hfi1_driver, Ipsec_tools_racoon_daemon, Kernel, Layer_2_tunneling_protocol, Linux_kernel, Linux_kernel_i40e/i40evf
2022-09-07
N/A
4.1 MEDIUM
A use-after-free flaw was found in the Linux kernel's NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information.
CVE-2022-1973
Linux, Linux Kernel
Acrn, Audit, Dhcp6c, Direct_connect, Infiniband_hfi1_driver, Ipsec_tools_racoon_daemon, Kernel, Layer_2_tunneling_protocol, Linux_kernel, Linux_kernel_i40e/i40evf
2023-02-23
N/A
7.1 HIGH
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.
CVE-2022-1972
2022-09-14
N/A
N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2078. Reason: This candidate is a reservation duplicate of CVE-2022-2078. Notes: All CVE users should reference CVE-2022-2078 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2022-1971
2022-07-06
N/A
4.8 MEDIUM
The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-1970
2023-02-16
N/A
6.1 MEDIUM
keycloak 18.0.0: open redirect in auth endpoint via the redirect_uri parameter.
CVE-2022-1969
2022-06-21
N/A
8.8 HIGH
The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVE-2022-1968
2022-12-08
N/A
7.8 HIGH
Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-1967
2022-07-12
N/A
6.5 MEDIUM
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues
« Previous 1 … 10,906 10,907 10,908 10,909 10,910 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE