Total
29593 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1783 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.7 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group. | ||||
| CVE-2022-1716 | 1 Kitetech | 1 Keep My Notes | 2024-11-21 | 4.6 Medium |
| Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. | ||||
| CVE-2022-1715 | 1 Facturascripts | 1 Facturascripts | 2024-11-21 | 9.8 Critical |
| Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. | ||||
| CVE-2022-1678 | 2 Linux, Netapp | 26 Linux Kernel, Active Iq Unified Manager, Bootstrap Os and 23 more | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. | ||||
| CVE-2022-1665 | 1 Redhat | 1 Enterprise Linux | 2024-11-21 | 8.2 High |
| A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code. | ||||
| CVE-2022-1663 | 1 Stop Spam Comments Project | 1 Stop Spam Comments | 2024-11-21 | 6.5 Medium |
| The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request. | ||||
| CVE-2022-1561 | 2 Krakend, Luraproject | 2 Krakend, Lura | 2024-11-21 | 4 Medium |
| Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable. | ||||
| CVE-2022-1545 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note. | ||||
| CVE-2022-1543 | 1 Erudika | 1 Scoold | 2024-11-21 | 8.8 High |
| Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server. | ||||
| CVE-2022-1502 | 1 Octopus | 1 Server | 2024-11-21 | 4.3 Medium |
| Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions. | ||||
| CVE-2022-1349 | 1 2code | 1 Wpqa Builder | 2024-11-21 | 4.3 Medium |
| The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user. | ||||
| CVE-2022-1279 | 1 Ebics Java Project | 1 Ebics Java | 2024-11-21 | 6.5 Medium |
| A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2. | ||||
| CVE-2022-1243 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 6.1 Medium |
| CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11. | ||||
| CVE-2022-1111 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.4 Low |
| A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages | ||||
| CVE-2022-1105 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled | ||||
| CVE-2022-1025 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 8.8 High |
| All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. | ||||
| CVE-2022-0895 | 1 Microweber | 1 Microweber | 2024-11-21 | 9.8 Critical |
| Static Code Injection in GitHub repository microweber/microweber prior to 1.3. | ||||
| CVE-2022-0823 | 1 Zyxel | 8 Gs1200-5, Gs1200-5 Firmware, Gs1200-5hp and 5 more | 2024-11-21 | 6.2 Medium |
| An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. | ||||
| CVE-2022-0821 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 6.5 Medium |
| Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. | ||||
| CVE-2022-0819 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 8.8 High |
| Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. | ||||