Total
67 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4304 | 1 Froxlor | 1 Froxlor | 2024-11-21 | 3.8 Low |
| Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.22,2.1.0. | ||||
| CVE-2022-27782 | 4 Debian, Haxx, Redhat and 1 more | 4 Debian Linux, Curl, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. | ||||
| CVE-2022-1848 | 1 Erudika | 1 Para | 2024-11-21 | 5.3 Medium |
| Business Logic Errors in GitHub repository erudika/para prior to 1.45.11. | ||||
| CVE-2022-1155 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 7.4 High |
| Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. | ||||
| CVE-2022-0935 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 8.8 High |
| Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. | ||||
| CVE-2022-0746 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 4.3 Medium |
| Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
| CVE-2022-0689 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.3 Medium |
| Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0688 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.9 Medium |
| Business Logic Errors in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0524 | 1 Publify Project | 1 Publify | 2024-11-21 | 7.5 High |
| Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. | ||||
| CVE-2022-0514 | 1 Craterapp | 1 Crater | 2024-11-21 | 6.5 Medium |
| Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. | ||||
| CVE-2021-4171 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.8 Critical |
| calibre-web is vulnerable to Business Logic Errors | ||||
| CVE-2021-4146 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.3 Medium |
| Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6. | ||||
| CVE-2021-4117 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 4.3 Medium |
| yetiforcecrm is vulnerable to Business Logic Errors | ||||
| CVE-2021-4111 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 4.3 Medium |
| yetiforcecrm is vulnerable to Business Logic Errors | ||||
| CVE-2021-36012 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 6.5 Medium |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a business logic error in the placeOrder graphql mutation. An authenticated attacker can leverage this vulnerability to altar the price of an item. | ||||
| CVE-2021-22926 | 5 Haxx, Netapp, Oracle and 2 more | 26 Curl, Active Iq Unified Manager, Clustered Data Ontap and 23 more | 2024-11-21 | 7.5 High |
| libcurl-using applications can ask for a specific client certificate to be used in a transfer. This is done with the `CURLOPT_SSLCERT` option (`--cert` with the command line tool).When libcurl is built to use the macOS native TLS library Secure Transport, an application can ask for the client certificate by name or with a file name - using the same option. If the name exists as a file, it will be used instead of by name.If the appliction runs with a current working directory that is writable by other users (like `/tmp`), a malicious user can create a file name with the same name as the app wants to use by name, and thereby trick the application to use the file based cert instead of the one referred to by name making libcurl send the wrong client certificate in the TLS connection handshake. | ||||
| CVE-2021-22922 | 7 Fedoraproject, Haxx, Netapp and 4 more | 25 Fedora, Curl, Cloud Backup and 22 more | 2024-11-21 | 6.5 Medium |
| When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk. | ||||
| CVE-2021-22897 | 5 Haxx, Netapp, Oracle and 2 more | 30 Curl, Cloud Backup, H300e and 27 more | 2024-11-21 | 5.3 Medium |
| curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly. | ||||
| CVE-2020-8228 | 2 Nextcloud, Opensuse | 3 Preferred Providers, Backports Sle, Leap | 2024-11-21 | 5.3 Medium |
| A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | ||||
| CVE-2020-8181 | 1 Nextcloud | 1 Contacts | 2024-11-21 | 4.3 Medium |
| A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as avatars. | ||||