Export limit exceeded: 10205 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10205 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1233 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 6.1 Medium |
| URL Confusion When Scheme Not Supplied in GitHub repository medialize/uri.js prior to 1.19.11. | ||||
| CVE-2022-1183 | 2 Isc, Netapp | 11 Bind, H300s, H300s Firmware and 8 more | 2024-11-21 | 7.5 High |
| On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch. | ||||
| CVE-2022-1165 | 1 Plugin-planet | 1 Blackhole For Bad Bots | 2024-11-21 | 9.1 Critical |
| The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP, CLIENT-IP etc to determine the IP address of requests hitting the blackhole URL, which allows them to be spoofed. This could result in blocking arbitrary IP addresses, such as legitimate/good search engine crawlers / bots. This could also be abused by competitors to cause damage related to visibility in search engines, can be used to bypass arbitrary blocks caused by this plugin, block any visitor or even the administrator and even more. | ||||
| CVE-2022-1137 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. | ||||
| CVE-2022-1058 | 1 Gitea | 1 Gitea | 2024-11-21 | 6.1 Medium |
| Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. | ||||
| CVE-2022-0991 | 1 Admidio | 1 Admidio | 2024-11-21 | 7.1 High |
| Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. | ||||
| CVE-2022-0947 | 1 Abb | 48 Arc600a2323na, Arc600a2323na Firmware, Arc600a2324na and 45 more | 2024-11-21 | 9 Critical |
| A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration. | ||||
| CVE-2022-0897 | 2 Netapp, Redhat | 3 Ontap Select Deploy Administration Utility, Enterprise Linux, Libvirt | 2024-11-21 | 4.3 Medium |
| A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the driver->nwfilters mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the driver->nwfilters object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt's API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). | ||||
| CVE-2022-0869 | 1 Spirit-project | 1 Spirit | 2024-11-21 | 6.1 Medium |
| Multiple Open Redirect in GitHub repository nitely/spirit prior to 0.12.3. | ||||
| CVE-2022-0868 | 1 Uri.js Project | 1 Uri.js | 2024-11-21 | 6.1 Medium |
| Open Redirect in GitHub repository medialize/uri.js prior to 1.19.10. | ||||
| CVE-2022-0865 | 5 Debian, Fedoraproject, Libtiff and 2 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2024-11-21 | 5.5 Medium |
| Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 5e180045. | ||||
| CVE-2022-0861 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 3.5 Low |
| A XML Extended entity vulnerability in McAfee Enterprise ePolicy Orchestrator (ePO) prior to 5.10 Update 13 allows a remote administrator attacker to upload a malicious XML file through the extension import functionality. The impact is limited to some access to confidential information and some ability to alter data. | ||||
| CVE-2022-0852 | 2 Convert2rhel Project, Redhat | 3 Convert2rhel, Convert2rhel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel. | ||||
| CVE-2022-0815 | 1 Mcafee | 1 Webadvisor | 2024-11-21 | 6.5 Medium |
| Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. | ||||
| CVE-2022-0777 | 1 Microweber | 1 Microweber | 2024-11-21 | 7.5 High |
| Weak Password Recovery Mechanism for Forgotten Password in GitHub repository microweber/microweber prior to 1.3. | ||||
| CVE-2022-0732 | 1 1byte | 9 Copy9, Exactspy, Fonetracker and 6 more | 2024-11-21 | 7.5 High |
| The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. | ||||
| CVE-2022-0731 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.5 Medium |
| Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | ||||
| CVE-2022-0697 | 1 Archivy Project | 1 Archivy | 2024-11-21 | 6.1 Medium |
| Open Redirect in GitHub repository archivy/archivy prior to 1.7.0. | ||||
| CVE-2022-0692 | 1 Alltube Project | 1 Alltube | 2024-11-21 | 6.1 Medium |
| Open Redirect on Rudloff/alltube in Packagist rudloff/alltube prior to 3.0.1. | ||||
| CVE-2022-0691 | 2 Redhat, Url-parse Project | 2 Rhmt, Url-parse | 2024-11-21 | 9.8 Critical |
| Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. | ||||