Search Results (363419 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-1382 1 Radare 1 Radare2 2024-11-21 5.5 Medium
NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system.
CVE-2022-1381 3 Apple, Fedoraproject, Vim 3 Macos, Fedora, Vim 2024-11-21 7.8 High
global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution
CVE-2022-1380 1 Snipeitapp 1 Snipe-it 2024-11-21 5.4 Medium
Stored Cross Site Scripting vulnerability in Item name parameter in GitHub repository snipe/snipe-it prior to v5.4.3. The vulnerability is capable of stolen the user Cookie.
CVE-2022-1379 2 Fedoraproject, Plantuml 2 Fedora, Plantuml 2024-11-21 9.1 Critical
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers.
CVE-2022-1365 2 Cross-fetch Project, Redhat 4 Cross-fetch, Acm, Jboss Enterprise Bpms Platform and 1 more 2024-11-21 6.5 Medium
Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.
CVE-2022-1355 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-11-21 6.1 Medium
A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service.
CVE-2022-1354 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-11-21 5.5 Medium
A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.
CVE-2022-1353 4 Debian, Linux, Netapp and 1 more 21 Debian Linux, Linux Kernel, H300e and 18 more 2024-11-21 7.1 High
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVE-2022-1352 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.
CVE-2022-1351 1 Pimcore 1 Pimcore 2024-11-21 5.4 Medium
Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.
CVE-2022-1349 1 2code 1 Wpqa Builder 2024-11-21 4.3 Medium
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user.
CVE-2022-1347 1 Organizr 1 Organizr 2024-11-21 8.4 High
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation
CVE-2022-1346 1 Organizr 1 Organizr 2024-11-21 9.0 Critical
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
CVE-2022-1345 1 Organizr 1 Organizr 2024-11-21 9.0 Critical
Stored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
CVE-2022-1344 1 Organizr 1 Organizr 2024-11-21 9.0 Critical
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.
CVE-2022-1342 1 Devolutions 1 Remote Desktop Manager 2024-11-21 4.6 Medium
A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions.
CVE-2022-1341 1 Bwm-ng Project 1 Bwm-ng 2024-11-21 7.5 High
An issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c.
CVE-2022-1340 1 Yetiforce 1 Yetiforce Customer Relationship Management 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.
CVE-2022-1339 1 Pimcore 1 Pimcore 2024-11-21 7.5 High
SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data
CVE-2022-1338 1 Commonninja 1 Easily Generate Rest Api 2024-11-21 4.8 Medium
The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed