Search Results (363821 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2522 1 Vim 1 Vim 2024-11-21 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061.
CVE-2022-2521 3 Debian, Libtiff, Redhat 3 Debian Linux, Libtiff, Enterprise Linux 2024-11-21 6.5 Medium
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.
CVE-2022-2520 3 Debian, Libtiff, Redhat 3 Debian Linux, Libtiff, Enterprise Linux 2024-11-21 6.5 Medium
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input.
CVE-2022-2519 3 Debian, Libtiff, Redhat 3 Debian Linux, Libtiff, Enterprise Linux 2024-11-21 6.5 Medium
There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1
CVE-2022-2514 1 Fava Project 1 Fava 2024-11-21 6.1 Medium
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.
CVE-2022-2512 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs.
CVE-2022-2511 1 Hallowelt 1 Bluespice 2024-11-21 4.3 Medium
Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice allows an attacker to inject arbitrary HTML into a page using the title parameter of the call URL.
CVE-2022-2510 1 Hallowelt 1 Bluespice 2024-11-21 4.3 Medium
Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH BlueSpice allows attacker to inject arbitrary HTML (XSS) on page "Special:SearchCenter", using the search term in the URL.
CVE-2022-2501 1 Gitlab 1 Gitlab 2024-11-21 5.9 Medium
An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required.
CVE-2022-2500 1 Gitlab 1 Gitlab 2024-11-21 4.4 Medium
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.
CVE-2022-2499 1 Gitlab 1 Gitlab 2024-11-21 3.5 Low
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab's Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues.
CVE-2022-2498 1 Gitlab 1 Gitlab 2024-11-21 6.4 Medium
An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author.
CVE-2022-2497 1 Gitlab 1 Gitlab 2024-11-21 8.5 High
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server.
CVE-2022-2495 1 Microweber 1 Microweber 2024-11-21 4.8 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.21.
CVE-2022-2494 1 Open-emr 1 Openemr 2024-11-21 5.4 Medium
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.
CVE-2022-2493 1 Open-emr 1 Openemr 2024-11-21 8.1 High
Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0.
CVE-2022-2481 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.
CVE-2022-2480 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-2479 1 Google 2 Android, Chrome 2024-11-21 4.3 Medium
Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.
CVE-2022-2478 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.