Search Results (365349 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-45597 1 Componentspace 1 Saml 2024-11-21 9.8 Critical
ComponentSpace.Saml2 4.4.0 Missing SSL Certificate Validation. NOTE: the vendor does not consider this a vulnerability because the report is only about use of certificates at the application layer (not the transport layer) and "Certificates are exchanged in a controlled fashion between entities within a trust relationship. This is why self-signed certificates may be used and why validating certificates isn’t as important as doing so for the transport layer certificates."
CVE-2022-45582 1 Openstack 1 Horizon 2024-11-21 6.1 Medium
Open Redirect vulnerability in Horizon Web Dashboard 19.4.0 thru 20.1.4 via the success_url parameter.
CVE-2022-45544 1 Schlix 1 Cms 2024-11-21 8.8 High
Insecure Permission vulnerability in Schlix Web Inc SCHLIX CMS 2.2.7-2 allows attacker to upload arbitrary files and execute arbitrary code via the tristao parameter. NOTE: this is disputed by the vendor because an admin is intentionally allowed to upload new executable PHP code, such as a theme that was obtained from a trusted source or was developed for their own website. Only an admin can upload such code, not someone else in an "attacker" role.
CVE-2022-45493 1 Json.h Project 1 Json.h 2024-11-21 7.8 High
Buffer overflow vulnerability in function json_parse_key in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.
CVE-2022-45492 1 Json.h Project 1 Json.h 2024-11-21 7.8 High
Buffer overflow vulnerability in function json_parse_number in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.
CVE-2022-45469 4 Apple, Google, Intel and 1 more 4 Iphone Os, Android, Unison Software and 1 more 2024-11-21 2.2 Low
Improper input validation for some Intel Unison software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-45451 1 Acronis 3 Agent, Cyber Protect, Cyber Protect Home Office 2024-11-21 7.8 High
Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984.
CVE-2022-45449 2024-11-21 N/A
Sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 30984.
CVE-2022-45448 1 Prestashop 1 M4 Pdf 2024-11-21 3.5 Low
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter.
CVE-2022-45447 1 Prestashop 1 M4 Pdf 2024-11-21 6.5 Medium
M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists.
CVE-2022-45379 2 Jenkins, Redhat 2 Script Security, Openshift 2024-11-21 7.5 High
Jenkins Script Security Plugin 1189.vb_a_b_7c8fd5fde and earlier stores whole-script approvals as the SHA-1 hash of the script, making it vulnerable to collision attacks.
CVE-2022-45378 1 Apache 1 Soap 2024-11-21 9.8 Critical
In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the classpath that meet certain criteria. Depending on what classes are available on the classpath this might even lead to arbitrary remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2022-45375 1 Cyberchimps 1 Ifeature Slider 2024-11-21 5.4 Medium
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in iFeature Slider plugin <= 1.2 on WordPress.
CVE-2022-45372 1 Codeixer 1 Product Gallery Slider For Woocommerce 2024-11-21 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Codeixer Product Gallery Slider for WooCommerce plugin <= 2.2.8 versions.
CVE-2022-45366 1 Wp-slimstat 1 Slimstat Analytics 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.4 versions.
CVE-2022-45363 1 Muffingroup 1 Betheme 2024-11-21 5.4 Medium
Auth. (subscriber+) Stored Cross-Site Scripting (XSS) in Muffingroup Betheme theme <= 26.6.1 on WordPress.
CVE-2022-45218 1 Oretnom23 1 Human Resource Management System 2024-11-21 6.1 Medium
Human Resource Management System v1.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability. This vulnerability is triggered via a crafted payload injected into an authentication error message.
CVE-2022-45199 1 Python 1 Pillow 2024-11-21 7.5 High
Pillow before 9.3.0 allows denial of service via SAMPLESPERPIXEL.
CVE-2022-45198 1 Python 1 Pillow 2024-11-21 7.5 High
Pillow before 9.2.0 performs Improper Handling of Highly Compressed GIF Data (Data Amplification).
CVE-2022-45184 1 Ironmansoftware 1 Powershell Universal 2024-11-21 7.2 High
The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafted HTTP request to particular endpoints in the web server. Patched Versions are 3.5.3 and 3.4.7.