Search Results (364869 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-3182 1 Devolutions 1 Remote Desktop Manager 2024-11-21 7.0 High
Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. This issue affects: Devolutions Remote Desktop Manager version 2022.2.14 and prior versions.
CVE-2022-3179 1 Ikus-soft 1 Rdiffweb 2024-11-21 8.8 High
Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.
CVE-2022-3178 1 Gpac 1 Gpac 2024-11-21 7.8 High
Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.
CVE-2022-3175 1 Ikus-soft 1 Rdiffweb 2024-11-21 5.3 Medium
Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2.
CVE-2022-3174 1 Ikus-soft 1 Rdiffweb 2024-11-21 7.5 High
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2.
CVE-2022-3173 1 Snipeitapp 1 Snipe-it 2024-11-21 4.3 Medium
Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.
CVE-2022-3170 1 Linux 1 Linux Kernel 2024-11-21 7.8 High
An out-of-bounds access issue was found in the Linux kernel sound subsystem. It could occur when the 'id->name' provided by the user did not end with '\0'. A privileged local user could pass a specially crafted name through ioctl() interface and crash the system or potentially escalate their privileges on the system.
CVE-2022-3169 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2024-11-21 5.5 Medium
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.
CVE-2022-3167 1 Ikus-soft 1 Rdiffweb 2024-11-21 8.8 High
Improper Restriction of Rendered UI Layers or Frames in GitHub repository ikus060/rdiffweb prior to 2.4.1.
CVE-2022-3154 3 Integration For Billingo \& Gravity Forms Project, Integration For Szamlazz.hu \& Gravity Forms Project, Woo Billingo Plus Project 3 Integration For Billingo \& Gravity Forms, Integration For Szamlazz.hu \& Gravity Forms, Woo Billingo Plus 2024-11-21 7.1 High
The Woo Billingo Plus WordPress plugin before 4.4.5.4, Integration for Billingo & Gravity Forms WordPress plugin before 1.0.4, Integration for Szamlazz.hu & Gravity Forms WordPress plugin before 1.2.7 are lacking CSRF checks in various AJAX actions, which could allow attackers to make logged in Shop Managers and above perform unwanted actions, such as deactivate the plugin's license
CVE-2022-3153 1 Vim 1 Vim 2024-11-21 5.5 Medium
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404.
CVE-2022-3152 1 Php-fusion 1 Phpfusion 2024-11-21 8.8 High
Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20.
CVE-2022-3148 1 Diagrams 1 Drawio 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
CVE-2022-3142 1 Basixonline 1 Nex-forms 2024-11-21 8.8 High
The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured otherwise via the plugin settings.
CVE-2022-3141 1 Cozmoslabs 1 Translatepress 2024-11-21 8.8 High
The Translate Multilingual sites WordPress plugin before 2.3.3 is vulnerable to an authenticated SQL injection. By adding a new language (via the settings page) containing specific special characters, the backticks in the SQL query can be surpassed and a time-based blind payload can be injected.
CVE-2022-3140 4 Debian, Fedoraproject, Libreoffice and 1 more 4 Debian Linux, Fedora, Libreoffice and 1 more 2024-11-21 6.3 Medium
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6.
CVE-2022-3138 1 Diagrams 1 Drawio 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Generic in GitHub repository jgraph/drawio prior to 20.3.0.
CVE-2022-3137 1 Taskbuilder 1 Taskbuilder 2024-11-21 5.4 Medium
The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task's attachments, which could allow any authenticated user (such as subscriber) creating a task to perform Stored Cross-Site Scripting by attaching a malicious SVG file
CVE-2022-3136 1 Wpsocialrocket 1 Social Rocket 2024-11-21 4.8 Medium
The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-3133 1 Diagrams 1 Drawio 2024-11-21 7.8 High
OS Command Injection in GitHub repository jgraph/drawio prior to 20.3.0.