Export limit exceeded: 359442 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35571 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35571 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-33936 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2024-11-21 | 8 High |
| Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. | ||||
| CVE-2022-33917 | 1 Arm | 1 Valhall Gpu Kernel Driver | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory. | ||||
| CVE-2022-33916 | 1 Opcfoundation | 1 Ua .net Standard Stack | 2024-11-21 | 7.5 High |
| OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information. | ||||
| CVE-2022-33903 | 1 Torproject | 1 Tor | 2024-11-21 | 7.5 High |
| Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. | ||||
| CVE-2022-33882 | 1 Autodesk | 1 Autodesk Desktop | 2024-11-21 | 9.8 Critical |
| Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code. | ||||
| CVE-2022-33755 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 5.3 Medium |
| CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. | ||||
| CVE-2022-33753 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 8.8 High |
| CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. | ||||
| CVE-2022-33751 | 1 Broadcom | 1 Ca Automic Automation | 2024-11-21 | 7.5 High |
| CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data. | ||||
| CVE-2022-33745 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 8.8 High |
| insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. | ||||
| CVE-2022-33744 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2024-11-21 | 4.7 Medium |
| Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. | ||||
| CVE-2022-33743 | 4 Debian, Linux, Redhat and 1 more | 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more | 2024-11-21 | 7.8 High |
| network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. | ||||
| CVE-2022-33729 | 1 Google | 1 Android | 2024-11-21 | 5.9 Medium |
| Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||||
| CVE-2022-33728 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal. | ||||
| CVE-2022-33726 | 1 Google | 1 Android | 2024-11-21 | 3.3 Low |
| Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. | ||||
| CVE-2022-33725 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. | ||||
| CVE-2022-33722 | 1 Google | 1 Android | 2024-11-21 | 4 Medium |
| Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. | ||||
| CVE-2022-33127 | 2 Diffy Project, Microsoft | 2 Diffy, Windows | 2024-11-21 | 9.8 Critical |
| The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string. | ||||
| CVE-2022-33085 | 1 Ecisp | 1 Espcms-p8 | 2024-11-21 | 7.2 High |
| ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates. | ||||
| CVE-2022-33082 | 1 Openpolicyagent | 1 Open Policy Agent | 2024-11-21 | 7.5 High |
| An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2022-33070 | 2 Fedoraproject, Protobuf-c Project | 2 Fedora, Protobuf-c | 2024-11-21 | 5.5 Medium |
| Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | ||||