Total
29612 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1543 | 1 Erudika | 1 Scoold | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server. | |||||
| CVE-2022-1502 | 1 Octopus | 1 Server | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
| Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions. | |||||
| CVE-2022-1349 | 1 2code | 1 Wpqa Builder | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user. | |||||
| CVE-2022-1279 | 1 Ebics Java Project | 1 Ebics Java | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2. | |||||
| CVE-2022-1243 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11. | |||||
| CVE-2022-1111 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 2.4 LOW |
| A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages | |||||
| CVE-2022-1105 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled | |||||
| CVE-2022-1025 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. | |||||
| CVE-2022-0895 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Static Code Injection in GitHub repository microweber/microweber prior to 1.3. | |||||
| CVE-2022-0882 | 1 Google | 1 Fuchsia | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater. | |||||
| CVE-2022-0823 | 1 Zyxel | 8 Gs1200-5, Gs1200-5 Firmware, Gs1200-5hp and 5 more | 2024-11-21 | 2.1 LOW | 6.2 MEDIUM |
| An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. | |||||
| CVE-2022-0821 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. | |||||
| CVE-2022-0819 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. | |||||
| CVE-2022-0803 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2022-0764 | 1 Strapi | 1 Strapi | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. | |||||
| CVE-2022-0746 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2022-0736 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. | |||||
| CVE-2022-0689 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-0685 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. | |||||
| CVE-2022-0677 | 1 Bitdefender | 3 Endpoint Security Tools, Gravityzone, Update Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111. | |||||