Total
29698 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1279 | 1 Ebics Java Project | 1 Ebics Java | 2024-11-21 | 6.5 Medium |
| A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2. | ||||
| CVE-2022-1243 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 6.1 Medium |
| CRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11. | ||||
| CVE-2022-1111 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.4 Low |
| A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages | ||||
| CVE-2022-1105 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled | ||||
| CVE-2022-1025 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 8.8 High |
| All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. | ||||
| CVE-2022-0895 | 1 Microweber | 1 Microweber | 2024-11-21 | 9.8 Critical |
| Static Code Injection in GitHub repository microweber/microweber prior to 1.3. | ||||
| CVE-2022-0823 | 1 Zyxel | 8 Gs1200-5, Gs1200-5 Firmware, Gs1200-5hp and 5 more | 2024-11-21 | 6.2 Medium |
| An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. | ||||
| CVE-2022-0821 | 1 Orchardcore | 1 Orchardcore | 2024-11-21 | 6.5 Medium |
| Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. | ||||
| CVE-2022-0819 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 8.8 High |
| Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. | ||||
| CVE-2022-0803 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Permissions in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to tamper with the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2022-0764 | 1 Strapi | 1 Strapi | 2024-11-21 | 6.7 Medium |
| Arbitrary Command Injection in GitHub repository strapi/strapi prior to 4.1.0. | ||||
| CVE-2022-0746 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 4.3 Medium |
| Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
| CVE-2022-0736 | 1 Lfprojects | 1 Mlflow | 2024-11-21 | 7.5 High |
| Insecure Temporary File in GitHub repository mlflow/mlflow prior to 1.23.1. | ||||
| CVE-2022-0689 | 1 Microweber | 1 Microweber | 2024-11-21 | 5.3 Medium |
| Use multiple time the one-time coupon in Packagist microweber/microweber prior to 1.2.11. | ||||
| CVE-2022-0685 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 7.8 High |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. | ||||
| CVE-2022-0677 | 1 Bitdefender | 3 Endpoint Security Tools, Gravityzone, Update Server | 2024-11-21 | 7.5 High |
| Improper Handling of Length Parameter Inconsistency vulnerability in the Update Server component of Bitdefender Endpoint Security Tools (in relay role), GravityZone (in Update Server role) allows an attacker to cause a Denial-of-Service. This issue affects: Bitdefender Update Server versions prior to 3.4.0.276. Bitdefender GravityZone versions prior to 26.4-1. Bitdefender Endpoint Security Tools for Linux versions prior to 6.2.21.171. Bitdefender Endpoint Security Tools for Windows versions prior to 7.4.1.111. | ||||
| CVE-2022-0618 | 1 Apple | 1 Swiftnio Http\/2 | 2024-11-21 | 7.5 High |
| A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE frame with HTTP/2 padding information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. | ||||
| CVE-2022-0578 | 1 Publify Project | 1 Publify | 2024-11-21 | 6.5 Medium |
| Code Injection in GitHub repository publify/publify prior to 9.2.8. | ||||
| CVE-2022-0541 | 1 Flothemes | 1 Flo-launch | 2024-11-21 | 9.8 Critical |
| The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value. | ||||
| CVE-2022-0441 | 1 Stylemixthemes | 1 Masterstudy Lms | 2024-11-21 | 9.8 Critical |
| The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin | ||||