• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-1271
2022-10-07
N/A
8.8 HIGH
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.
CVE-2022-1270
2023-02-01
N/A
7.8 HIGH
In GraphicsMagick, a heap buffer overflow was found when parsing MIFF.
CVE-2022-1269
2022-10-27
N/A
6.1 MEDIUM
The Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting
CVE-2022-1268
2022-05-28
N/A
6.1 MEDIUM
The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting
CVE-2022-1267
2022-05-24
N/A
6.1 MEDIUM
The BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site Scripting
CVE-2022-1266
2022-06-30
N/A
4.8 MEDIUM
The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2022-1265
2022-05-24
N/A
4.8 MEDIUM
The BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2022-1264
2022-07-27
N/A
8.8 HIGH
The affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.
CVE-2022-1263
2022-09-07
N/A
5.5 MEDIUM
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.
CVE-2022-1262
Dir-878 Firmware, Dlink
Dir-816_firmware, Dir-816, Dsl-2750u_firmware, Dsl-2750u, Dir-806_firmware, Dir-806, Dcs-930l_firmware, Dcs-930l, Dcs-931l_firmware, Dcs-931l
2022-04-18
N/A
7.8 HIGH
A command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.
« Previous 1 … 10,973 10,974 10,975 10,976 10,977 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE