• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-1325
2022-09-07
N/A
5.5 MEDIUM
A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer.
CVE-2022-1324
2022-08-04
N/A
4.8 MEDIUM
The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2022-1323
2022-08-12
N/A
6.5 MEDIUM
The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.
CVE-2022-1322
2022-08-23
N/A
4.8 MEDIUM
The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2022-1321
2022-07-07
N/A
4.8 MEDIUM
The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)
CVE-2022-1320
2022-05-30
N/A
4.8 MEDIUM
The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2022-1319
Redhat, Single Sign-on
Jboss_core_services, Enterprise_linux, Jboss_enterprise_application_platform, Enterprise_linux_server, Jboss_amq_clients_2, Openstack, Virtualization, Virtualization_host, Single_sign-on, Openshift_container_platform
2022-11-07
N/A
7.5 HIGH
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.
CVE-2022-1318
2022-04-29
N/A
5.5 MEDIUM
Hills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required.
CVE-2022-1316
2022-04-18
N/A
7.8 HIGH
ZeroTierOne for windows local privilege escalation because of incorrect directory privilege in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation
CVE-2022-1314
2022-08-30
N/A
8.8 HIGH
Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
« Previous 1 … 10,968 10,969 10,970 10,971 10,972 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE