Export limit exceeded: 35015 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35015 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1963 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users. | ||||
| CVE-2022-1958 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 6.3 Medium |
| A vulnerability classified as critical has been found in FileCloud. Affected is an unknown function of the component NTFS Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-201960. | ||||
| CVE-2022-1872 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 Medium |
| Insufficient policy enforcement in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass downloads policy via a crafted HTML page. | ||||
| CVE-2022-1871 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 Medium |
| Insufficient policy enforcement in File System API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass file system policy via a crafted HTML page. | ||||
| CVE-2022-1868 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Extensions API in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted HTML page. | ||||
| CVE-2022-1862 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Extensions in Google Chrome prior to 102.0.5005.61 allowed an attacker who convinced a user to install a malicious extension to bypass profile restrictions via a crafted HTML page. | ||||
| CVE-2022-1848 | 1 Erudika | 1 Para | 2024-11-21 | 5.3 Medium |
| Business Logic Errors in GitHub repository erudika/para prior to 1.45.11. | ||||
| CVE-2022-1823 | 1 Mcafee | 1 Consumer Product Removal Tool | 2024-11-21 | 7.9 High |
| Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code, through not correctly checking the integrity of the configuration file. | ||||
| CVE-2022-1821 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. | ||||
| CVE-2022-1680 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 9.9 Critical |
| An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus - in the absence of 2FA - take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account. | ||||
| CVE-2022-1677 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2024-11-21 | 6.3 Medium |
| In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control. | ||||
| CVE-2022-1670 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 7.5 High |
| When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users. | ||||
| CVE-2022-1602 | 1 Hp | 16 Mt21, Mt22, Mt32 and 13 more | 2024-11-21 | 5.5 Medium |
| A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). The security vulnerability in SP8 is not remedied after upgrading from SP8 to Service Pack 9 (SP9). HP has released Service Pack 10 (SP10) to remediate the potential vulnerability introduced in SP8. | ||||
| CVE-2022-1353 | 4 Debian, Linux, Netapp and 1 more | 21 Debian Linux, Linux Kernel, H300e and 18 more | 2024-11-21 | 7.1 High |
| A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. | ||||
| CVE-2022-1302 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 7.5 High |
| In the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service. | ||||
| CVE-2022-1259 | 2 Netapp, Redhat | 12 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 9 more | 2024-11-21 | 7.5 High |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. | ||||
| CVE-2022-1189 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project. | ||||
| CVE-2022-1155 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 7.4 High |
| Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. | ||||
| CVE-2022-1035 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.5 Medium |
| Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV. | ||||
| CVE-2022-0989 | 1 Nsthemes | 1 Ns Watermark For Woocommerce | 2024-11-21 | 7.5 High |
| An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain. | ||||