Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1670 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users.
|
|||||
| CVE-2022-1659 | 1 Artbees | 1 Jupiterx | 2024-11-21 | 7.5 HIGH | 5.4 MEDIUM |
|
Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack.
|
|||||
| CVE-2022-1658 | 1 Artbees | 1 Jupiter | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, any logged-in user can delete any installed plugin on the site.
|
|||||
| CVE-2022-1654 | 1 Artbees | 2 Jupiter, Jupiterx | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions
|
|||||
| CVE-2022-1602 | 1 Hp | 16 Mt21, Mt22, Mt32 and 13 more | 2024-11-21 | N/A | 5.5 MEDIUM |
|
A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8.
|
|||||
| CVE-2022-1548 | 1 Mattermost | 1 Playbooks | 2024-11-21 | 6.5 MEDIUM | 3.7 LOW |
|
Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins.
|
|||||
| CVE-2022-1353 | 4 Debian, Linux, Netapp and 1 more | 19 Debian Linux, Linux Kernel, H300e and 16 more | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
|
|||||
| CVE-2022-1302 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.
|
|||||
| CVE-2022-1289 | 1 Tildearrow | 1 Furnace | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
A denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.
|
|||||
| CVE-2022-1261 | 1 Honeywell | 1 Matrikon Opc Server | 2024-11-21 | 9.0 HIGH | 5.8 MEDIUM |
|
Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges.
|
|||||
| CVE-2022-1259 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 7 more | 2024-11-21 | N/A | 7.5 HIGH |
|
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.
|
|||||
| CVE-2022-1189 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 3.1 LOW |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project.
|
|||||
| CVE-2022-1186 | 1 Web-x | 1 Be Popia Compliant | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The WordPress plugin Be POPIA Compliant exposed sensitive information to unauthenticated users consisting of site visitors emails and usernames via an API route, in versions up to an including 1.1.5.
|
|||||
| CVE-2022-1155 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.5 MEDIUM | 7.4 HIGH |
|
Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10.
|
|||||
| CVE-2022-1035 | 1 Gpac | 1 Gpac | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.
|
|||||
| CVE-2022-0989 | 1 Nsthemes | 1 Ns Watermark For Woocommerce | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain.
|
|||||
| CVE-2022-0987 | 2 Packagekit Project, Redhat | 2 Packagekit, Enterprise Linux | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists.
|
|||||
| CVE-2022-0851 | 2 Convert2rhel Project, Redhat | 2 Convert2rhel, Enterprise Linux | 2024-11-21 | N/A | 5.5 MEDIUM |
|
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could ...
Show More |
|||||
| CVE-2022-0850 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 7.1 HIGH |
|
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
|
|||||
| CVE-2022-0812 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.
|
|||||
| CVE-2022-0807 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Inappropriate implementation in Autofill in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
|||||
| CVE-2022-0804 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
|
|||||
| CVE-2022-0802 | 4 Apple, Google, Linux and 1 more | 5 Macos, Android, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 99.0.4844.51 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page.
|
|||||
| CVE-2022-0751 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands
|
|||||
| CVE-2022-0735 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands.
|
|||||
| CVE-2022-0721 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Insertion of Sensitive Information Into Debugging Code in GitHub repository microweber/microweber prior to 1.3.
|
|||||
| CVE-2022-0709 | 1 Saasproject | 1 Booking Package | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability.
|
|||||
| CVE-2022-0688 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
Business Logic Errors in Packagist microweber/microweber prior to 1.2.11.
|
|||||
| CVE-2022-0670 | 3 Fedoraproject, Linuxfoundation, Redhat | 3 Fedora, Ceph, Ceph Storage | 2024-11-21 | N/A | 9.1 CRITICAL |
|
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.
|
|||||
| CVE-2022-0669 | 3 Dpdk, Openvswitch, Redhat | 3 Data Plane Development Kit, Openvswitch, Openshift Container Platform | 2024-11-21 | N/A | 6.5 MEDIUM |
|
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
|
|||||
| CVE-2022-0654 | 1 Node-request-retry Project | 1 Node-request-retry | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository fgribreau/node-request-retry prior to 7.0.0.
|
|||||
| CVE-2022-0567 | 1 Ovn | 1 Ovn-kubernetes | 2024-11-21 | 6.5 MEDIUM | 9.1 CRITICAL |
|
A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable.
|
|||||
| CVE-2022-0549 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI.
|
|||||
| CVE-2022-0540 | 1 Atlassian | 3 Jira Data Center, Jira Server, Jira Service Management | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
|
|||||
| CVE-2022-0516 | 5 Debian, Fedoraproject, Linux and 2 more | 31 Debian Linux, Fedora, Linux Kernel and 28 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.
|
|||||
| CVE-2022-0514 | 1 Craterapp | 1 Crater | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.
|
|||||
| CVE-2022-0477 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions.
|
|||||
| CVE-2022-0467 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Inappropriate implementation in Pointer Lock in Google Chrome on Windows prior to 98.0.4758.80 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
|
|||||
| CVE-2022-0466 | 1 Google | 1 Chrome | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
Inappropriate implementation in Extensions Platform in Google Chrome prior to 98.0.4758.80 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted HTML page.
|
|||||
| CVE-2022-0462 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Inappropriate implementation in Scroll in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
|
|||||