Total
1778 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1706 | 2 Fedoraproject, Redhat | 5 Fedora, Enterprise Linux, Ignition and 2 more | 2024-08-03 | 6.5 Medium |
| A vulnerability was found in Ignition where ignition configs are accessible from unprivileged containers in VMs running on VMware products. This issue is only relevant in user environments where the Ignition config contains secrets. The highest threat from this vulnerability is to data confidentiality. Possible workaround is to not put secrets in the Ignition config. | ||||
| CVE-2022-1631 | 1 Microweber | 1 Microweber | 2024-08-03 | 8.8 High |
| Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account. | ||||
| CVE-2022-1589 | 1 Change Wp-admin Login Project | 1 Change Wp-admin Login | 2024-08-03 | 7.5 High |
| The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector | ||||
| CVE-2022-1553 | 1 Publify Project | 1 Publify | 2024-08-03 | 4.9 Medium |
| Leaking password protected articles content due to improper access control in GitHub repository publify/publify prior to 9.2.8. Attackers can leverage this vulnerability to view the contents of any password-protected article present on the publify website, compromising confidentiality and integrity of users. | ||||
| CVE-2022-1499 | 1 Google | 1 Chrome | 2024-08-03 | 6.3 Medium |
| Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | ||||
| CVE-2022-1466 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Single Sign-on | 2024-08-03 | 6.5 Medium |
| Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. | ||||
| CVE-2022-1460 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 6.1 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not performing correct authorizations on scheduled pipelines allowing a malicious user to run a pipeline in the context of another user. | ||||
| CVE-2022-1417 | 1 Gitlab | 1 Gitlab | 2024-08-03 | 4.3 Medium |
| Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs | ||||
| CVE-2022-1365 | 2 Cross-fetch Project, Redhat | 4 Cross-fetch, Acm, Jboss Enterprise Bpms Platform and 1 more | 2024-08-03 | 6.5 Medium |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. | ||||
| CVE-2022-1309 | 1 Google | 1 Chrome | 2024-08-03 | 9.6 Critical |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2022-1224 | 1 Phpipam | 1 Phpipam | 2024-08-02 | 6.5 Medium |
| Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | ||||
| CVE-2022-1223 | 1 Phpipam | 1 Phpipam | 2024-08-02 | 6.5 Medium |
| Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | ||||
| CVE-2022-1193 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 4.3 Medium |
| Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances | ||||
| CVE-2022-1132 | 1 Google | 2 Chrome, Chrome Os | 2024-08-02 | 6.1 Medium |
| Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device. | ||||
| CVE-2022-1124 | 1 Gitlab | 1 Gitlab | 2024-08-02 | 4.3 Medium |
| An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled | ||||
| CVE-2022-1177 | 1 Open-emr | 1 Openemr | 2024-08-02 | 4.3 Medium |
| Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. | ||||
| CVE-2022-0981 | 2 Quarkus, Redhat | 4 Quarkus, Camel Quarkus, Quarkus and 1 more | 2024-08-02 | 8.8 High |
| A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended. | ||||
| CVE-2022-0984 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-08-02 | 4.3 Medium |
| Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. | ||||
| CVE-2022-0920 | 1 Salonbookingsystem | 1 Salon Booking System | 2024-08-02 | 7.5 High |
| The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data | ||||
| CVE-2022-0985 | 1 Moodle | 1 Moodle | 2024-08-02 | 4.3 Medium |
| Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. | ||||