Total
35190 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-0384 | 1 Imdpen | 1 Video Conferencing With Zoom | 2024-11-21 | 4.3 Medium |
| The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog | ||||
| CVE-2022-0371 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private. | ||||
| CVE-2022-0354 | 1 Lenovo | 1 System Update | 2024-11-21 | 7.3 High |
| A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. | ||||
| CVE-2022-0353 | 1 Lenovo | 3 Diagnostics, Hardwarescan Addin, Hardwarescan Plugin | 2024-11-21 | 4.4 Medium |
| A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash. | ||||
| CVE-2022-0344 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project | ||||
| CVE-2022-0331 | 1 Sophos | 1 Sfos | 2024-11-21 | 5.3 Medium |
| An information disclosure vulnerability in Webadmin allows an unauthenticated remote attacker to read the device serial number in Sophos Firewall version v18.5 MR2 and older. | ||||
| CVE-2022-0305 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | ||||
| CVE-2022-0294 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | ||||
| CVE-2022-0292 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | ||||
| CVE-2022-0291 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | ||||
| CVE-2022-0151 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial of Service under specific conditions. | ||||
| CVE-2022-0130 | 1 Tenable | 1 Tenable.sc | 2024-11-21 | 8.1 High |
| Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances. An attacker would first have to stage a specific file type in the web server root of the Tenable.sc host prior to remote exploitation. | ||||
| CVE-2022-0118 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2022-0116 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2022-0112 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 Medium |
| Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL. | ||||
| CVE-2022-0109 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. | ||||
| CVE-2022-0097 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 9.6 Critical |
| Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. | ||||
| CVE-2021-4326 | 1 Linuxfoundation | 1 Zowe | 2024-11-21 | 3.3 Low |
| A vulnerability in Imperative framework which allows already-privileged local actors to execute arbitrary shell commands via plugin install/update commands, or maliciously formed environment variables. Impacts Zowe CLI. | ||||
| CVE-2021-4210 | 1 Lenovo | 64 A540-24icb, A540-24icb Firmware, A540-27icb and 61 more | 2024-11-21 | 6.7 Medium |
| A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. | ||||
| CVE-2021-4191 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API. | ||||