Total
3460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22522 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | N/A | 8.8 HIGH |
| This Template Injection vulnerability allows an authenticated attacker, including one with anonymous access, to inject unsafe user input into a Confluence page. Using this approach, an attacker is able to achieve Remote Code Execution (RCE) on an affected instance. Publicly accessible Confluence Data Center and Server versions as listed below are at risk and require immediate attention. See the advisory for additional details Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. | |||||
| CVE-2023-20057 | 1 Cisco | 13 Asyncos, Email Security Appliance C160, Email Security Appliance C170 and 10 more | 2024-11-21 | N/A | N/A |
| A vulnerability in the URL filtering mechanism of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device. | |||||
| CVE-2023-1523 | 1 Canonical | 2 Snapd, Ubuntu Linux | 2024-11-21 | N/A | 10.0 CRITICAL |
| Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap sandbox after the snap exits. Graphical terminal emulators like xterm, gnome-terminal and others are not affected - this can only be exploited when snaps are run on a virtual console. | |||||
| CVE-2023-1287 | 1 3ds | 1 Enovia Live Collaboration | 2024-11-21 | N/A | 9.0 CRITICAL |
| An XSL template vulnerability in ENOVIA Live Collaboration V6R2013xE allows Remote Code Execution. | |||||
| CVE-2023-0493 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | N/A | 5.3 MEDIUM |
| Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. | |||||
| CVE-2023-0302 | 1 Radare | 1 Radare2 | 2024-11-21 | N/A | 7.8 HIGH |
| Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in GitHub repository radareorg/radare2 prior to 5.8.2. | |||||
| CVE-2022-4864 | 1 Froxlor | 1 Froxlor | 2024-11-21 | N/A | 5.4 MEDIUM |
| Argument Injection in GitHub repository froxlor/froxlor prior to 2.0.0-beta1. | |||||
| CVE-2022-4768 | 1 Dropbox | 1 Merou | 2024-11-21 | N/A | 6.3 MEDIUM |
| A vulnerability was found in Dropbox merou. It has been classified as critical. Affected is the function add_public_key of the file grouper/public_key.py of the component SSH Public Key Handler. The manipulation of the argument public_key_str leads to injection. It is possible to launch the attack remotely. The name of the patch is d93087973afa26bc0a2d0a5eb5c0fde748bdd107. It is recommended to apply a patch to fix this issue. VDB-216906 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4188 | 1 Google | 2 Android, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2022-4145 | 1 Redhat | 1 Openshift Container Platform | 2024-11-21 | N/A | 4.3 MEDIUM |
| A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation. | |||||
| CVE-2022-47583 | 1 Mintty Project | 1 Mintty | 2024-11-21 | N/A | 9.8 CRITICAL |
| Terminal character injection in Mintty before 3.6.3 allows code execution via unescaped output to the terminal. | |||||
| CVE-2022-46265 | 1 Siemens | 1 Polarion Alm | 2024-11-21 | N/A | 5.4 MEDIUM |
| A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites. | |||||
| CVE-2022-46180 | 1 Discourse | 1 Mermaid | 2024-11-21 | N/A | 5.0 MEDIUM |
| Discourse Mermaid (discourse-mermaid-theme-component) allows users of Discourse, open-source forum software, to create graphs using the Mermaid syntax. Users of discourse-mermaid-theme-component version 1.0.0 who can create posts are able to inject arbitrary HTML on that post. The issue has been fixed on the `main` branch of the GitHub repository, with 1.1.0 named as a patched version. Admins can update the theme component through the admin UI. As a workaround, admins can temporarily disable discourse-mermaid-theme-component. | |||||
| CVE-2022-46162 | 1 Discourse | 1 Discourse Bbcode | 2024-11-21 | N/A | 8.8 HIGH |
| discourse-bbcode is the official BBCode plugin for Discourse. Prior to commit 91478f5, CSS injection can occur when rendering content generated with the discourse-bccode plugin. This vulnerability only affects sites which have the discourse-bbcode plugin installed and enabled. This issue is patched in commit 91478f5. As a workaround, ensure that the Content Security Policy is enabled and monitor any posts that contain bbcode. | |||||
| CVE-2022-45801 | 1 Apache | 1 Streampark | 2024-11-21 | N/A | 5.4 MEDIUM |
| Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability. LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, it's possible to modify LDAP statements through techniques similar to SQL Injection. LDAP injection attacks could result in the granting of permissions to unauthorized queries, and content modification inside the LDAP tree. This risk may only occur when the user logs in with ldap, and the user name and password login will not be affected, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later. | |||||
| CVE-2022-45048 | 1 Apache | 1 Ranger | 2024-11-21 | N/A | 8.4 HIGH |
| Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0. | |||||
| CVE-2022-43756 | 1 Suse | 1 Wrangler | 2024-11-21 | N/A | 5.9 MEDIUM |
| A Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in SUSE Rancher allows remote attackers to cause denial of service by supplying specially crafted git credentials. This issue affects: SUSE Rancher wrangler version 0.7.3 and prior versions; wrangler version 0.8.4 and prior versions; wrangler version 1.0.0 and prior versions. | |||||
| CVE-2022-43562 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2024-11-21 | N/A | 3.0 LOW |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. | |||||
| CVE-2022-42797 | 1 Apple | 1 Xcode | 2024-11-21 | N/A | 7.8 HIGH |
| An injection issue was addressed with improved input validation. This issue is fixed in Xcode 14.1. An app may be able to gain root privileges. | |||||
| CVE-2022-42472 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | N/A | 4.2 MEDIUM |
| A improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS versions 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.11, 6.2.0 through 6.2.12, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.1, 7.0.0 through 7.0.7, 2.0.0 through 2.0.10, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6 may allow an authenticated and remote attacker to perform an HTTP request splitting attack which gives attackers control of the remaining headers and body of the response. | |||||