CVE's - CVE Vulnerability

CVE

Vendors

Products

Updated

CVSS v2

CVSS v3

CVE-2022-0188

2022-02-22

N/A

5.3 MEDIUM

The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, to arbitrarily change the coming soon page layout.

CVE-2022-0186

Image Photo Gallery Final Tiles Grid, Machothemes

Cpo_companion, Image_photo_gallery_final_tiles_grid, Modula_image_gallery, Newsmag, Strong_testimonials

2022-02-28

N/A

5.4 MEDIUM

The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery dashboard

CVE-2022-0185

Linux, Linux Kernel

Acrn, Audit, Dhcp6c, Direct_connect, Infiniband_hfi1_driver, Ipsec_tools_racoon_daemon, Kernel, Layer_2_tunneling_protocol, Linux_kernel, Linux_kernel_i40e/i40evf

2023-02-12

N/A

8.4 HIGH

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.

CVE-2022-0184

2022-01-28

N/A

4.3 MEDIUM

Insufficiently protected credentials vulnerability in 'TEPRA' PRO SR5900P Ver.1.080 and earlier and 'TEPRA' PRO SR-R7900P Ver.1.030 and earlier allows an attacker on the adjacent network to obtain credentials for connecting to the Wi-Fi access point with the infrastructure mode.

CVE-2022-0183

2022-01-26

N/A

4.6 MEDIUM

Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 firmware all versions and 'MIRUPASS' PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords.

CVE-2022-0182

2022-01-24

N/A

5.4 MEDIUM

Stored cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote authenticated attacker to inject an arbitrary script via an website that uses Quiz And Survey Master.

CVE-2022-0181

2022-01-24

N/A

6.1 MEDIUM

Reflected cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to inject an arbitrary script via unspecified vectors.

CVE-2022-0180

2022-01-24

N/A

8.8 HIGH

Cross-site request forgery (CSRF) vulnerability in Quiz And Survey Master versions prior to 7.3.7 allows a remote attacker to hijack the authentication of administrators and conduct arbitrary operations via a specially crafted web page.

CVE-2022-0179

2022-01-14

N/A

5.4 MEDIUM

snipe-it is vulnerable to Improper Access Control

CVE-2022-0178

2022-01-21

N/A

5.4 MEDIUM

snipe-it is vulnerable to Improper Access Control

« Previous 1 … 11,076 11,077 11,078 11,079 11,080 … 11,258 Next »