Search Results (363851 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2539 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization.
CVE-2022-2538 1 Nsp-code 1 Wp Hide \& Security Enhancer 2024-11-21 6.1 Medium
The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting
CVE-2022-2537 1 Wpovernight 1 Woocommerce Pdf Invoices\& Packing Slips 2024-11-21 6.1 Medium
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.
CVE-2022-2535 1 Searchwp 1 Searchwp Live Ajax Search 2024-11-21 5.3 Medium
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink
CVE-2022-2534 1 Gitlab 1 Gitlab 2024-11-21 2.2 Low
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.
CVE-2022-2532 1 Slickremix 1 Feed Them Social 2024-11-21 6.1 Medium
The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting
CVE-2022-2531 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability.
CVE-2022-2528 1 Octopus 1 Octopus Server 2024-11-21 6.5 Medium
In affected versions of Octopus Deploy it is possible to upload a package to built-in feed with insufficient permissions after re-indexing packages.
CVE-2022-2526 3 Netapp, Redhat, Systemd Project 14 Active Iq Unified Manager, H300s, H300s Firmware and 11 more 2024-11-21 9.8 Critical
A use-after-free vulnerability was found in systemd. This issue occurs due to the on_stream_io() function and dns_stream_complete() function in 'resolved-dns-stream.c' not incrementing the reference counting for the DnsStream object. Therefore, other functions and callbacks called can dereference the DNSStream object, causing the use-after-free when the reference is still used later.
CVE-2022-2523 1 Fava Project 1 Fava 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository beancount/fava prior to 1.22.2.
CVE-2022-2522 1 Vim 1 Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
CVE-2022-2521 3 Debian, Libtiff, Redhat 3 Debian Linux, Libtiff, Enterprise Linux 2024-11-21 6.5 Medium
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.
CVE-2022-2520 3 Debian, Libtiff, Redhat 3 Debian Linux, Libtiff, Enterprise Linux 2024-11-21 6.5 Medium
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
CVE-2022-2519 3 Debian, Libtiff, Redhat 3 Debian Linux, Libtiff, Enterprise Linux 2024-11-21 6.5 Medium
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1
CVE-2022-2514 1 Fava Project 1 Fava 2024-11-21 6.1 Medium
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
CVE-2022-2512 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.
CVE-2022-2511 1 Hallowelt 1 Bluespice 2024-11-21 4.3 Medium
Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL.
CVE-2022-2510 1 Hallowelt 1 Bluespice 2024-11-21 4.3 Medium
Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL.
CVE-2022-2501 1 Gitlab 1 Gitlab 2024-11-21 5.9 Medium
An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required.
CVE-2022-2500 1 Gitlab 1 Gitlab 2024-11-21 4.4 Medium
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.