Search Results (366859 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-0540 1 Atlassian 3 Jira Data Center, Jira Server, Jira Service Management 2024-11-21 9.8 Critical
A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication by sending a specially crafted HTTP request. This affects Atlassian Jira Server and Data Center versions before 8.13.18, versions 8.14.0 and later before 8.20.6, and versions 8.21.0 and later before 8.22.0. This also affects Atlassian Jira Service Management Server and Data Center versions before 4.13.18, versions 4.14.0 and later before 4.20.6, and versions 4.21.0 and later before 4.22.0.
CVE-2022-0539 1 Beanstalk Console Project 1 Beanstalk Console 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14.
CVE-2022-0538 1 Jenkins 1 Jenkins 2024-11-21 7.5 High
Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.
CVE-2022-0537 1 Mappresspro 1 Mappress 2024-11-21 7.2 High
The MapPress Maps for WordPress plugin before 2.73.13 allows a high privileged user to bypass the DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS settings and upload arbitrary files to the site through the "ajax_save" function. The file is written relative to the current 's stylesheet directory, and a .php file extension is added. No validation is performed on the content of the file, triggering an RCE vulnerability by uploading a web shell. Further the name parameter is not sanitized, allowing the payload to be uploaded to any directory to which the server has write access.
CVE-2022-0535 1 E2pdf 1 E2pdf 2024-11-21 4.8 Medium
The E2Pdf WordPress plugin before 1.16.45 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
CVE-2022-0534 2 Debian, Htmldoc Project 2 Debian Linux, Htmldoc 2024-11-21 5.5 Medium
A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).
CVE-2022-0533 1 Metaphorcreations 1 Ditty 2024-11-21 6.1 Medium
The Ditty (formerly Ditty News Ticker) WordPress plugin before 3.0.15 is affected by a Reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2022-0532 2 Kubernetes, Redhat 3 Cri-o, Openshift, Openshift Container Platform 2024-11-21 4.2 Medium
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.
CVE-2022-0531 1 Wpvivid 1 Migration\, Backup\, Staging 2024-11-21 6.1 Medium
The Migration, Backup, Staging WordPress plugin before 0.9.70 does not sanitise and escape the sub_page parameter before outputting it back in the page, leading to a reflected Cross-Site Scripting
CVE-2022-0527 1 Chatwoot 1 Chatwoot 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.
CVE-2022-0526 1 Chatwoot 1 Chatwoot 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0.
CVE-2022-0525 1 Mruby 1 Mruby 2024-11-21 9.1 Critical
Out-of-bounds Read in Homebrew mruby prior to 3.2.
CVE-2022-0524 1 Publify Project 1 Publify 2024-11-21 7.5 High
Business Logic Errors in GitHub repository publify/publify prior to 9.2.7.
CVE-2022-0523 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.8 High
Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2022-0522 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.1 High
Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2.
CVE-2022-0521 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.1 High
Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2022-0520 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.8 High
Use After Free in NPM radare2.js prior to 5.6.2.
CVE-2022-0519 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.1 High
Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2022-0518 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-11-21 7.1 High
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2.
CVE-2022-0516 5 Debian, Fedoraproject, Linux and 2 more 32 Debian Linux, Fedora, Linux Kernel and 29 more 2024-11-21 7.8 High
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.