Export limit exceeded: 35202 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35202 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31862 | 1 Apache | 1 Zeppelin | 2025-05-05 | 5.3 Medium |
| Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | ||||
| CVE-2024-31865 | 1 Apache | 1 Zeppelin | 2025-05-05 | 6.5 Medium |
| Improper Input Validation vulnerability in Apache Zeppelin. The attackers can call updating cron API with invalid or improper privileges so that the notebook can run with the privileges. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | ||||
| CVE-2022-42327 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-05-05 | 7.1 High |
| x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests. | ||||
| CVE-2024-31867 | 1 Apache | 1 Zeppelin | 2025-05-05 | 6.5 Medium |
| Improper Input Validation vulnerability in Apache Zeppelin. The attackers can execute malicious queries by setting improper configuration properties to LDAP search filter. This issue affects Apache Zeppelin: from 0.8.2 before 0.11.1. Users are recommended to upgrade to version 0.11.1, which fixes the issue. | ||||
| CVE-2024-1983 | 1 Plugin-planet | 1 Simple Ajax Chat | 2025-05-05 | 7.1 High |
| The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. | ||||
| CVE-2022-43351 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-05-05 | 6.5 Medium |
| Sanitization Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | ||||
| CVE-2022-43319 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2025-05-05 | 7.5 High |
| An information disclosure vulnerability in the component vcs/downloadFiles.php?download=./search.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files. | ||||
| CVE-2024-35384 | 1 Cesanta | 1 Mjs | 2025-05-05 | 5.5 Medium |
| An issue in Cesanta mjs 2.20.0 allows a remote attacker to cause a denial of service via the mjs_array_length function in the mjs.c file. | ||||
| CVE-2022-42798 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-05 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. Parsing a maliciously crafted audio file may lead to disclosure of user information. | ||||
| CVE-2022-36338 | 1 Insyde | 1 Insydeh2o | 2025-05-05 | 8.2 High |
| An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver FwBlockServiceSmm, creating SMM, leads to arbitrary code execution. An attacker can replace the pointer to the UEFI boot service GetVariable with a pointer to malware, and then generate a software SMI. | ||||
| CVE-2022-35252 | 6 Apple, Debian, Haxx and 3 more | 21 Macos, Debian Linux, Curl and 18 more | 2025-05-05 | 3.7 Low |
| When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings. | ||||
| CVE-2022-32899 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-05 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32898 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-05 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7 and iPadOS 15.7, iOS 16, macOS Ventura 13, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32889 | 1 Apple | 2 Iphone Os, Watchos | 2025-05-05 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16, watchOS 9. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-28697 | 1 Intel | 2 Active Management Technology Firmware, Standard Manageability | 2025-05-05 | 6.8 Medium |
| Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | ||||
| CVE-2022-26373 | 3 Debian, Intel, Redhat | 987 Debian Linux, Celeron 5305u, Celeron 5305u Firmware and 984 more | 2025-05-05 | 5.5 Medium |
| Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | ||||
| CVE-2022-24297 | 1 Intel | 118 Lapbc510, Lapbc510 Firmware, Lapbc710 and 115 more | 2025-05-05 | 6.7 Medium |
| Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-21233 | 2 Intel, Redhat | 670 Atom C3308, Atom C3308 Firmware, Atom C3336 and 667 more | 2025-05-05 | 5.5 Medium |
| Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2022-21229 | 1 Intel | 5 Control Center, Lapqc71a, Lapqc71b and 2 more | 2025-05-05 | 7.8 High |
| Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-0004 | 1 Intel | 796 Atom P5921b, Atom P5921b Firmware, Atom P5931b and 793 more | 2025-05-05 | 6.8 Medium |
| Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in Intel(R) Boot Guard and Intel(R) TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | ||||