Search Results (364353 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2097 6 Debian, Fedoraproject, Netapp and 3 more 24 Debian Linux, Fedora, Active Iq Unified Manager and 21 more 2024-11-21 5.3 Medium
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).
CVE-2022-2095 1 Gitlab 1 Gitlab 2024-11-21 4.3 Medium
An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project's Deploy Key's public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key.
CVE-2022-2093 1 Ninjateam 1 Wp Duplicate Page 2024-11-21 4.8 Medium
The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
CVE-2022-2092 1 Wpovernight 1 Woocommerce Pdf Invoices\& Packing Slips 2024-11-21 6.1 Medium
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.
CVE-2022-2091 1 Cache Images Project 1 Cache Images 2024-11-21 6.5 Medium
The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack.
CVE-2022-2090 1 Flycart 1 Discount Rules For Woocommerce 2024-11-21 6.1 Medium
The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting
CVE-2022-2089 1 Bold-themes 1 Bold Page Builder 2024-11-21 4.8 Medium
The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
CVE-2022-2083 1 Simple Sign On Project 1 Simple Sign On 2024-11-21 7.5 High
The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site.
CVE-2022-2080 1 Automattic 1 Sensei Lms 2024-11-21 4.3 Medium
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student
CVE-2022-2078 3 Debian, Linux, Redhat 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more 2024-11-21 5.5 Medium
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code.
CVE-2022-2075 3 Linux, Microsoft, Octopus 3 Linux Kernel, Windows, Octopus Server 2024-11-21 7.5 High
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.
CVE-2022-2074 3 Linux, Microsoft, Octopus 3 Linux Kernel, Windows, Octopus Server 2024-11-21 7.5 High
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.
CVE-2022-2073 1 Getgrav 1 Grav 2024-11-21 7.2 High
Code Injection in GitHub repository getgrav/grav prior to 1.7.34.
CVE-2022-2072 1 Name Directory Project 1 Name Directory 2024-11-21 6.1 Medium
The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well
CVE-2022-2071 1 Name Directory Project 1 Name Directory 2024-11-21 6.1 Medium
The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them.
CVE-2022-2067 1 Rosariosis 1 Rosariosis 2024-11-21 9.1 Critical
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.
CVE-2022-2066 1 Facturascripts 1 Facturascripts 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06.
CVE-2022-2065 1 Facturascripts 1 Facturascripts 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06.
CVE-2022-2061 1 Chafa Project 1 Chafa 2024-11-21 3.3 Low
Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0.
CVE-2022-2060 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.