CVE's - CVE Vulnerability

CVE

Vendors

Products

Updated

CVSS v2

CVSS v3

CVE-2022-1799

2022-08-05

N/A

9.8 CRITICAL

Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release.

CVE-2022-1798

2022-09-19

N/A

6.5 MEDIUM

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. /proc/self/<> is not accessible.

CVE-2022-1797

2022-06-11

N/A

8.6 HIGH

A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online.

CVE-2022-1796

2022-08-26

N/A

7.8 HIGH

Use After Free in GitHub repository vim/vim prior to 8.2.4979.

CVE-2022-1795

2022-05-26

N/A

9.8 CRITICAL

Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.

CVE-2022-1794

Microsoft, Windows

20007_office_system, 27mhz_wireless_keyboard, 365_apps, 3d_builder, 3d_viewer, Access, Accessibility_insights_for_android, Accessibility_insights_for_web, Access_multilingual_user_interface_pack, Active_directory

2022-09-23

N/A

5.5 MEDIUM

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.

CVE-2022-1793

2022-06-21

N/A

4.3 MEDIUM

The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public

CVE-2022-1792

2022-06-21

N/A

5.4 MEDIUM

The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them

CVE-2022-1791

2022-06-21

N/A

8.1 HIGH

The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check.

CVE-2022-1790

2022-06-21

N/A

6.5 MEDIUM

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

« Previous 1 … 10,923 10,924 10,925 10,926 10,927 … 11,258 Next »