Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0184 | 1 Nvidia | 7 Geforce, Gpu Display Driver, Nvs and 4 more | 2024-11-21 | N/A | 8.8 HIGH |
|
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.
|
|||||
| CVE-2023-0180 | 5 Citrix, Linux, Nvidia and 2 more | 5 Hypervisor, Linux Kernel, Virtual Gpu and 2 more | 2024-11-21 | N/A | 7.1 HIGH |
|
NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure.
|
|||||
| CVE-2023-0140 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2023-0029 | 1 Multilaserempresas | 2 Re708, Re708 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in Multilaser RE708 RE1200R4GC-2T2R-V3_v3411b_MUL029B. It has been rated as problematic. This issue affects some unknown processing of the component Telnet Service. The manipulation leads to denial of service. The attack may be initiated remotely. The identifier VDB-217169 was assigned to this vulnerability.
|
|||||
| CVE-2023-0009 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | N/A | 7.8 HIGH |
|
A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.
|
|||||
| CVE-2023-0004 | 2 Fedoraproject, Paloaltonetworks | 2 Fedora, Pan-os | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A local file deletion vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to delete files from the local file system with elevated privileges.
These files can include logs and system components that impact the integrity and availability of PAN-OS software.
|
|||||
| CVE-2022-4955 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-4952 | 1 Dotnetfoundation | 1 C\# Language Server Protocol | 2024-11-21 | 2.7 LOW | 3.5 LOW |
|
A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads to resource consumption. Upgrading to version 0.19.7 is able to address this issue. The patch is identified as 7fd2219f194a9ef2a8901bb131c5fa12272305ce. It is recommended to upgrade the affected compone ...
Show More |
|||||
| CVE-2022-4926 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-4923 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 3.1 LOW |
|
Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)
|
|||||
| CVE-2022-4922 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-4917 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2022-4915 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-4913 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2022-4910 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-4909 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.3 MEDIUM |
|
Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low)
|
|||||
| CVE-2022-4908 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-4907 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-4906 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)
|
|||||
| CVE-2022-4869 | 1 Evolution-events | 1 Artaxerxes | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in Evolution Events Artaxerxes. It has been declared as problematic. This vulnerability affects unknown code of the file arta/common/middleware.py of the component POST Parameter Handler. The manipulation of the argument password leads to information disclosure. The attack can be initiated remotely. The patch is identified as 022111407d34815c16c6eada2de69ca34084dc0d. It is recommended to apply a patch to fix this issue. VDB-217438 is the identifier assigned to this vuln ...
Show More |
|||||
| CVE-2022-4816 | 1 Lenovo | 1 Safecenter | 2024-11-21 | N/A | 6.2 MEDIUM |
|
A denial-of-service vulnerability has been identified in Lenovo Safecenter that could allow a local user to crash the application.
|
|||||
| CVE-2022-4719 | 1 Ikus-soft | 1 Rdiffweb | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.5.
|
|||||
| CVE-2022-4574 | 1 Lenovo | 108 Thinkpad L14, Thinkpad L14 Firmware, Thinkpad L14 Gen 2 and 105 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
An SMI handler input validation vulnerability in the BIOS of some ThinkPad models could allow an attacker with local access and elevated privileges to execute arbitrary code.
|
|||||
| CVE-2022-4573 | 1 Lenovo | 2 Thinkpad X1 Fold Gen 1, Thinkpad X1 Fold Gen 1 Firmware | 2024-11-21 | N/A | 6.7 MEDIUM |
|
An SMI handler input validation vulnerability in the ThinkPad X1 Fold Gen 1 could allow an attacker with local access and elevated privileges to execute arbitrary code.
|
|||||
| CVE-2022-4569 | 1 Lenovo | 2 Thinkpad Hybrid Usb-c With Usb-a Dock, Thinkpad Hybrid Usb-c With Usb-a Dock Firmware | 2024-11-21 | N/A | 7.8 HIGH |
|
A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during the package upgrade or installation.
|
|||||
| CVE-2022-4462 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.0 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response.
|
|||||
| CVE-2022-4457 | 1 Cloudflare | 1 Warp | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when installed on the victim's device.
|
|||||
| CVE-2022-4376 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 3.1 LOW |
|
An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance.
|
|||||
| CVE-2022-4343 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.0 MEDIUM |
|
An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile.
|
|||||
| CVE-2022-4342 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A malicious Maintainer can leak masked webhook secrets by changing target URL of the webhook.
|
|||||
| CVE-2022-4332 | 1 Sprecher-automation | 12 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p Dl6-1 and 9 more | 2024-11-21 | N/A | 6.8 MEDIUM |
|
In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device.
|
|||||
| CVE-2022-4294 | 5 Avast, Avg, Avira and 2 more | 5 Antivirus, Antivirus, Avira Security and 2 more | 2024-11-21 | N/A | 7.1 HIGH |
|
Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
|
|||||
| CVE-2022-4289 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 6.4 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were not hidden, could be leaked from instance, group, or project settings to other users.
|
|||||
| CVE-2022-4280 | 1 Dottech | 1 Smart Campus System | 2024-11-21 | N/A | 4.3 MEDIUM |
|
A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-4255 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An info leak issue was identified in all versions of GitLab EE from 13.7 prior to 15.4.6, 15.5 prior to 15.5.5, and 15.6 prior to 15.6.1 which exposes user email id through webhook payload.
|
|||||
| CVE-2022-4195 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium)
|
|||||
| CVE-2022-4193 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-4190 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 8.8 HIGH |
|
Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium)
|
|||||
| CVE-2022-4189 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium)
|
|||||
| CVE-2022-4187 | 2 Google, Microsoft | 2 Chrome, Windows | 2024-11-21 | N/A | 6.5 MEDIUM |
|
Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)
|
|||||