Export limit exceeded: 364787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364787 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-21127 3 Debian, Intel, Xen 5 Debian Linux, Sgx Dcap, Sgx Psw and 2 more 2025-05-05 5.5 Medium
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21125 6 Debian, Fedoraproject, Intel and 3 more 14 Debian Linux, Fedora, Sgx Dcap and 11 more 2025-05-05 5.5 Medium
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21123 6 Debian, Fedoraproject, Intel and 3 more 14 Debian Linux, Fedora, Sgx Dcap and 11 more 2025-05-05 5.5 Medium
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-1473 3 Netapp, Openssl, Redhat 44 A250, A250 Firmware, A700s and 41 more 2025-05-05 7.5 High
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
CVE-2022-1343 3 Netapp, Openssl, Redhat 44 A250, A250 Firmware, A700s and 41 more 2025-05-05 5.3 Medium
The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
CVE-2022-1094 1 Anmari 1 Amr Users 2025-05-05 4.8 Medium
The amr users WordPress plugin before 4.59.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2022-0005 1 Intel 918 Celeron G5205u, Celeron G5205u Firmware, Celeron G5305u and 915 more 2025-05-05 2.4 Low
Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.
CVE-2022-0004 1 Intel 796 Atom P5921b, Atom P5921b Firmware, Atom P5931b and 793 more 2025-05-05 6.8 Medium
Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in Intel(R) Boot Guard and Intel(R) TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
CVE-2022-0002 3 Intel, Oracle, Redhat 505 Atom C3308, Atom C3336, Atom C3338 and 502 more 2025-05-05 6.5 Medium
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2022-0001 3 Intel, Oracle, Redhat 459 Atom P5921b, Atom P5931b, Atom P5942b and 456 more 2025-05-05 6.5 Medium
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2021-46828 3 Debian, Libtirpc Project, Redhat 3 Debian Linux, Libtirpc, Enterprise Linux 2025-05-05 7.5 High
In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections.
CVE-2021-46143 5 Libexpat Project, Netapp, Redhat and 2 more 10 Libexpat, Active Iq Unified Manager, Clustered Data Ontap and 7 more 2025-05-05 8.1 High
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize.
CVE-2021-45960 6 Debian, Libexpat Project, Netapp and 3 more 10 Debian Linux, Libexpat, Active Iq Unified Manager and 7 more 2025-05-05 8.8 High
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
CVE-2021-44545 1 Intel 18 Killer Ac 1550, Killer Ac 1550 Firmware, Killer Wi-fi 6 Ax1650 and 15 more 2025-05-05 6.5 Medium
Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2021-44470 1 Intel 1 Connect M 2025-05-05 5.5 Medium
Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2021-44454 1 Intel 1 Quartus Prime 2025-05-05 7.8 High
Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-43523 2 Uclibc, Uclibc-ng Project 2 Uclibc, Uclibc-ng 2025-05-05 9.6 Critical
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names returned by DNS servers via gethostbyname, getaddrinfo, gethostbyaddr, and getnameinfo can lead to output of wrong hostnames (leading to domain hijacking) or injection into applications (leading to remote code execution, XSS, applications crashes, etc.). In other words, a validation step, which is expected in any stub resolver, does not occur.
CVE-2021-38111 1 Defcon 2 Def Con 27, Def Con 27 Firmware 2025-05-05 8.8 High
The DEF CON 27 badge allows remote attackers to exploit a buffer overflow by sending an oversized packet via the NFMI (Near Field Magnetic Induction) protocol.
CVE-2021-37409 1 Intel 26 Killer Ac 1550, Killer Ac 1550 Firmware, Killer Wi-fi 6 Ax1650 and 23 more 2025-05-05 7.8 High
Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2021-36980 2 Openvswitch, Redhat 3 Openvswitch, Enterprise Linux, Openshift 2025-05-05 5.5 Medium
Open vSwitch (aka openvswitch) 2.11.0 through 2.15.0 has a use-after-free in decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) during the decoding of a RAW_ENCAP action.