Total
35559 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-30060 | 1 Ftcms | 1 Ftcms | 2024-11-21 | 8.8 High |
| ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php | ||||
| CVE-2022-2806 | 3 Ovirt, Redhat, Sos Project | 3 Log Collector, Rhev Manager, Sos | 2024-11-21 | 5.5 Medium |
| It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev | ||||
| CVE-2022-2764 | 2 Netapp, Redhat | 11 Active Iq Unified Manager, Cloud Secure Agent, Oncommand Insight and 8 more | 2024-11-21 | 4.9 Medium |
| A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. | ||||
| CVE-2022-2668 | 1 Redhat | 3 Keycloak, Red Hat Single Sign On, Single Sign-on | 2024-11-21 | 7.2 High |
| An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled | ||||
| CVE-2022-2616 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. | ||||
| CVE-2022-2611 | 2 Fedoraproject, Google | 3 Fedora, Android, Chrome | 2024-11-21 | 4.3 Medium |
| Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | ||||
| CVE-2022-2576 | 1 Eclipse | 1 Californium | 2024-11-21 | 7.5 High |
| In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0. | ||||
| CVE-2022-2534 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.2 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration. | ||||
| CVE-2022-2497 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.5 High |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious developer could exfiltrate an integration's access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. | ||||
| CVE-2022-2385 | 1 Kubernetes | 1 Aws-iam-authenticator | 2024-11-21 | 8.1 High |
| A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. | ||||
| CVE-2022-2346 | 1 Octopus | 1 Octopus Server | 2024-11-21 | 5.5 Medium |
| In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints. | ||||
| CVE-2022-2314 | 1 Vr Calendar Project | 1 Vr Calendar | 2024-11-21 | 9.8 Critical |
| The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site. | ||||
| CVE-2022-2281 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.6 Low |
| An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases. | ||||
| CVE-2022-2228 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range | ||||
| CVE-2022-2164 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.3 Medium |
| Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page. | ||||
| CVE-2022-2162 | 3 Fedoraproject, Google, Microsoft | 3 Fedora, Chrome, Windows | 2024-11-21 | 8.8 High |
| Insufficient policy enforcement in File System API in Google Chrome on Windows prior to 103.0.5060.53 allowed a remote attacker to bypass file system access via a crafted HTML page. | ||||
| CVE-2022-2075 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. | ||||
| CVE-2022-2074 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. | ||||
| CVE-2022-2049 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2024-11-21 | 7.5 High |
| In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. | ||||
| CVE-2022-2013 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Deploy | 2024-11-21 | 7.5 High |
| In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space. | ||||