Search Results (363576 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2511 1 Hallowelt 1 Bluespice 2024-11-21 4.3 Medium
Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL.
CVE-2022-2510 1 Hallowelt 1 Bluespice 2024-11-21 4.3 Medium
Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL.
CVE-2022-2501 1 Gitlab 1 Gitlab 2024-11-21 5.9 Medium
An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required.
CVE-2022-2500 1 Gitlab 1 Gitlab 2024-11-21 4.4 Medium
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.
CVE-2022-2499 1 Gitlab 1 Gitlab 2024-11-21 3.5 Low
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues.
CVE-2022-2498 1 Gitlab 1 Gitlab 2024-11-21 6.4 Medium
An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.
CVE-2022-2497 1 Gitlab 1 Gitlab 2024-11-21 8.5 High
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
CVE-2022-2495 1 Microweber 1 Microweber 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.
CVE-2022-2494 1 Open-emr 1 Openemr 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.
CVE-2022-2493 1 Open-emr 1 Openemr 2024-11-21 8.1 High
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
CVE-2022-2481 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.
CVE-2022-2480 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2479 1 Google 2 Android, Chrome 2024-11-21 4.3 Medium
Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.
CVE-2022-2478 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2477 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2476 2 Fedoraproject, Wavpack 2 Fedora, Wavpack 2024-11-21 5.5 Medium
A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. ==84257==Hint: address points to the zero page. #0 0x561b47a970c5 in main cli/wvunpack.c:834 #1 0x7efc4f5c0082 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x24082) #2 0x561b47a945ed in _start (/usr/local/bin/wvunpack+0xa5ed) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV cli/wvunpack.c:834 in main ==84257==ABORTING
CVE-2022-2472 1 Ezviz 2 Cs-c6n-a0-1c2wfr, Cs-c6n-a0-1c2wfr Firmware 2024-11-21 7.6 High
Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. This issue affects: EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428.
CVE-2022-2471 1 Ezviz 10 Cs-c3w-a0-3h4wfrl, Cs-c3w-a0-3h4wfrl Firmware, Cs-c6n-a0-1c2wfr and 7 more 2024-11-21 9.9 Critical
Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. This issue affects: EZVIZ CS-CV248 versions prior to 5.2.3 build 220725. EZVIZ CS-C6N-A0-1C2WFR versions prior to 5.3.0 build 220428. EZVIZ CS-DB1C-A0-1E2W2FR versions prior to 5.3.0 build 220802. EZVIZ CS-C6N-B0-1G2WF versions prior to 5.3.0 build 220712. EZVIZ CS-C3W-A0-3H4WFRL versions prior to 5.3.5 build 220723.
CVE-2022-2470 1 Microweber 1 Microweber 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.21.
CVE-2022-2469 2 Debian, Gnu 2 Debian Linux, Gnu Sasl 2024-11-21 3.8 Low
GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client