CVE Vulnerability Database

Search and browse 111 known security vulnerabilities. Filter by severity, vendor, product, and year.

111 vulnerabilities found
Recent Highest Score Oldest
Year: 2022 ร— Clear all
CVE-2022-27782
7.5 high

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH se

Haxx Curl Jun 2, 2022
CVE-2022-27781
7.5 high

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

Haxx Curl Jun 2, 2022
CVE-2022-27775
7.5 high

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

Haxx Curl Jun 2, 2022
CVE-2022-27774
5.7 medium

An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols o

Haxx Curl Jun 2, 2022
CVE-2022-22576
8.1 high

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols:

Haxx Curl May 26, 2022
CVE-2022-22977
7.1 high

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or uninte

Vmware Tools May 24, 2022
CVE-2022-0900
5.4 medium

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NetDataSoft DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from unspecified before v.4.6.2.0.

Netdatasoft Divvy Drive May 23, 2022
CVE-2022-23742
7.8 high

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges. An attacker can replace those files with malicious or linked content, such as exploiting CVE-2020-0896 on unpatched systems or using symbolic links.

Checkpoint Endpoint Security May 12, 2022
CVE-2022-29145
7.5 high

.NET and Visual Studio Denial of Service Vulnerability

Microsoft .Net May 10, 2022
CVE-2022-29117
7.5 high

.NET and Visual Studio Denial of Service Vulnerability

Microsoft .Net May 10, 2022
CVE-2022-29109
7.8 high

Microsoft Excel Remote Code Execution Vulnerability

Microsoft 365 Apps May 10, 2022
CVE-2022-29107
5.5 medium

Microsoft Office Security Feature Bypass Vulnerability

Microsoft 365 Apps May 10, 2022
CVE-2022-26926
7.8 high

Windows Address Book Remote Code Execution Vulnerability

Microsoft Windows 10 May 10, 2022
CVE-2022-26934
6.5 medium

Windows Graphics Component Information Disclosure Vulnerability

Microsoft 365 Apps May 10, 2022
CVE-2022-27224
7.2 high

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and D

Galsys Nts-6002-Gps Firmware May 9, 2022
CVE-2022-25647
7.7 high

The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks.

Google Gson May 1, 2022
CVE-2022-0354
7.3 high

A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window.

Lenovo System Update Apr 22, 2022
CVE-2022-21476
7.5 high

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vuln

Oracle Graalvm Apr 19, 2022
CVE-2022-26826
7.2 high

Windows DNS Server Remote Code Execution Vulnerability

Microsoft Windows 10 Apr 15, 2022
CVE-2022-26901
7.8 high

Microsoft Excel Remote Code Execution Vulnerability

Microsoft 365 Apps Apr 15, 2022
CVE-2022-26795
7.8 high

Windows Print Spooler Elevation of Privilege Vulnerability

Microsoft Windows 10 Apr 15, 2022
CVE-2022-24473
7.8 high

Microsoft Excel Remote Code Execution Vulnerability

Microsoft 365 Apps Apr 15, 2022
CVE-2022-0778
7.5 high

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a

Openssl Openssl Mar 15, 2022
CVE-2021-36368
3.7 low

An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication i

Openbsd Openssh Mar 13, 2022