Search Results (363502 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2073 1 Getgrav 1 Grav 2024-11-21 7.2 High
Code Injection in GitHub repository getgrav/grav prior to 1.7.34.
CVE-2022-2072 1 Name Directory Project 1 Name Directory 2024-11-21 6.1 Medium
The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well
CVE-2022-2071 1 Name Directory Project 1 Name Directory 2024-11-21 6.1 Medium
The Name Directory WordPress plugin before 1.25.4 does not have CSRF check when importing names, and is also lacking sanitisation as well as escaping in some of the imported data, which could allow attackers to make a logged in admin import arbitrary names with XSS payloads in them.
CVE-2022-2067 1 Rosariosis 1 Rosariosis 2024-11-21 9.1 Critical
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.
CVE-2022-2066 1 Facturascripts 1 Facturascripts 2024-11-21 6.1 Medium
Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06.
CVE-2022-2065 1 Facturascripts 1 Facturascripts 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06.
CVE-2022-2061 1 Chafa Project 1 Chafa 2024-11-21 3.3 Low
Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0.
CVE-2022-2060 1 Dolibarr 1 Dolibarr Erp\/crm 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.
CVE-2022-2059 1 Pandorafms 1 Pandora Fms 2024-11-21 3.5 Low
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is vulnerable to a Stored Cross Site-Scripting. This vulnerability can be exploited by an attacker with administrator privileges logged in the system.
CVE-2022-2058 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-11-21 5.5 Medium
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
CVE-2022-2057 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-11-21 5.5 Medium
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
CVE-2022-2056 5 Debian, Fedoraproject, Libtiff and 2 more 5 Debian Linux, Fedora, Libtiff and 2 more 2024-11-21 5.5 Medium
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.
CVE-2022-2053 1 Redhat 5 Integration Camel K, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus and 2 more 2024-11-21 7.5 High
When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in "All workers are in error state" and mod_cluster responds "503 Service Unavailable" for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the "retry" timeout passes. However, luckily, mod_proxy_balancer has "forcerecovery" setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding "503 Service Unavailable". An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2.
CVE-2022-2050 1 Maxfoundry 1 Wp-paginate 2024-11-21 4.8 Medium
The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed
CVE-2022-2049 3 Linux, Microsoft, Octopus 3 Linux Kernel, Windows, Octopus Server 2024-11-21 7.5 High
In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.
CVE-2022-2048 5 Debian, Eclipse, Jenkins and 2 more 12 Debian Linux, Jetty, Jenkins and 9 more 2024-11-21 7.5 High
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.
CVE-2022-2047 4 Debian, Eclipse, Netapp and 1 more 9 Debian Linux, Jetty, Element Plug-in For Vcenter Server and 6 more 2024-11-21 2.7 Low
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.
CVE-2022-2046 1 Wpwax 1 Directorist 2024-11-21 4.9 Medium
The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.
CVE-2022-2042 2 Apple, Vim 2 Macos, Vim 2024-11-21 7.8 High
Use After Free in GitHub repository vim/vim prior to 8.2.
CVE-2022-2037 1 Tooljet 1 Tooljet 2024-11-21 8.0 High
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0.