Total
318 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28487 | 3 Netapp, Redhat, Sudo Project | 5 Active Iq Unified Manager, Enterprise Linux, Openshift Data Foundation and 2 more | 2024-11-21 | 5.3 Medium |
| Sudo before 1.9.13 does not escape control characters in sudoreplay output. | ||||
| CVE-2023-28486 | 3 Netapp, Redhat, Sudo Project | 5 Active Iq Unified Manager, Enterprise Linux, Openshift Data Foundation and 2 more | 2024-11-21 | 5.3 Medium |
| Sudo before 1.9.13 does not escape control characters in log messages. | ||||
| CVE-2023-26289 | 1 Ibm | 1 Aspera Orchestrator | 2024-11-21 | 5.4 Medium |
| IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 248478. | ||||
| CVE-2023-26279 | 1 Ibm | 1 Qradar Wincollect | 2024-11-21 | 3.3 Low |
| IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160. | ||||
| CVE-2022-45143 | 2 Apache, Redhat | 4 Tomcat, Jboss Enterprise Web Server, Jboss Fuse and 1 more | 2024-11-21 | 7.5 High |
| The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data and it was therefore possible for users to supply values that invalidated or manipulated the JSON output. | ||||
| CVE-2022-43713 | 1 Gxsoftware | 1 Xperiencentral | 2024-11-21 | 7.5 High |
| Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed. | ||||
| CVE-2022-41443 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 9.8 Critical |
| phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php. | ||||
| CVE-2022-3941 | 1 Activity Log Project | 1 Activity Log | 2024-11-21 | 5.3 Medium |
| A vulnerability has been found in Activity Log Plugin and classified as critical. This vulnerability affects unknown code of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper output neutralization for logs. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-213448. | ||||
| CVE-2022-36446 | 1 Webmin | 1 Webmin | 2024-11-21 | 9.8 Critical |
| software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command. | ||||
| CVE-2022-35153 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 9.8 Critical |
| FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. | ||||
| CVE-2022-32549 | 1 Apache | 2 Sling Api, Sling Commons Log | 2024-11-21 | 5.3 Medium |
| Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files. | ||||
| CVE-2022-31458 | 1 Rtx Trap Project | 1 Rtx Trap | 2024-11-21 | 6.1 Medium |
| RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning. | ||||
| CVE-2022-30966 | 1 Jenkins | 1 Random String Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Random String Parameter Plugin 1.0 and earlier does not escape the name and description of Random String parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-30781 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 High |
| Gitea before 1.16.7 does not escape git fetch remote. | ||||
| CVE-2022-2619 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 4.3 Medium |
| Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. | ||||
| CVE-2022-2241 | 1 Fifu | 1 Featured Image From Url | 2024-11-21 | 6.1 Medium |
| The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues | ||||
| CVE-2022-2099 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | 4.8 Medium |
| The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles | ||||
| CVE-2022-29599 | 3 Apache, Debian, Redhat | 8 Maven Shared Utils, Debian Linux, Enterprise Linux and 5 more | 2024-11-21 | 9.8 Critical |
| In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | ||||
| CVE-2022-28960 | 1 Spip | 1 Spip | 2024-11-21 | 8.8 High |
| A PHP injection vulnerability in Spip before v3.2.8 allows attackers to execute arbitrary PHP code via the _oups parameter at /ecrire. | ||||
| CVE-2022-26174 | 1 Beekeeperstudio | 1 Beekeeper-studio | 2024-11-21 | 9.8 Critical |
| A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields. | ||||