Total
29460 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2539 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 5.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization. | |||||
| CVE-2022-2512 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs. | |||||
| CVE-2022-2493 | 1 Open-emr | 1 Openemr | 2024-11-21 | N/A | 8.1 HIGH |
| Data Access from Outside Expected Data Manager Component in GitHub repository openemr/openemr prior to 7.0.0. | |||||
| CVE-2022-2475 | 1 Haascnc | 2 Haas Controller, Haas Controller Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any user is able to write macros into registers outside of the authorized accessible range. This could allow a user to access privileged resources or resources out of context. | |||||
| CVE-2022-2456 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.9 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request. | |||||
| CVE-2022-2393 | 2 Pki-core Project, Redhat | 3 Pki-core, Certificate System, Enterprise Linux | 2024-11-21 | N/A | 5.7 MEDIUM |
| A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content. | |||||
| CVE-2022-2390 | 1 Google | 1 Google Play Services Software Development Kit | 2024-11-21 | N/A | 6.1 MEDIUM |
| Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. As Google Play services SDK is so widely used, this bug affects many applications. For an application affected, this bug will let the attacker, gain the access to all non-exported providers and/or gain the access to other providers the victim has permissions. We recommend upgrading to version 18.0.2 of the Play Service SDK as well as rebuilding and redeploying apps. | |||||
| CVE-2022-2244 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature. | |||||
| CVE-2022-2229 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of. | |||||
| CVE-2022-2225 | 1 Cloudflare | 1 Warp | 2024-11-21 | N/A | 8.1 HIGH |
| By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'. | |||||
| CVE-2022-2165 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | N/A | 4.3 MEDIUM |
| Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name. | |||||
| CVE-2022-2155 | 1 Hitachienergy | 1 Lumada Asset Performance Management | 2024-11-21 | N/A | 5.7 MEDIUM |
| A vulnerability exists in the affected versions of Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role, granting it access to the embedded Power BI reports feature. An attacker that manages to exploit the vulnerability on a customer’s Lumada APM could access unauthorized information by gaining unauthorized access to any Power BI reports installed by the customer. Furthermore, the vulnerability enables an attacker to manipulate asset issue comments on assets, which should not be available to the attacker. Affected versions * Lumada APM on-premises version 6.0.0.0 - 6.4.0.* List of CPEs: * cpe:2.3:a:hitachienergy:lumada_apm:6.0.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.1.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.2.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.3.0.0:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:lumada_apm:6.4.0.0:*:*:*:*:*:*:* | |||||
| CVE-2022-2143 | 1 Advantech | 1 Iview | 2024-11-21 | N/A | 9.8 CRITICAL |
| The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2022-2132 | 4 Debian, Dpdk, Fedoraproject and 1 more | 8 Debian Linux, Data Plane Development Kit, Fedora and 5 more | 2024-11-21 | N/A | 8.6 HIGH |
| A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | |||||
| CVE-2022-2105 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2024-11-21 | 6.4 MEDIUM | 9.4 CRITICAL |
| Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters. | |||||
| CVE-2022-2088 | 1 Smartics | 1 Smartics | 2024-11-21 | 6.8 MEDIUM | 6.8 MEDIUM |
| An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. | |||||
| CVE-2022-2052 | 1 Trumpf | 5 Job Order Interface, Oseon, Trutops Boost and 2 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system. | |||||
| CVE-2022-2048 | 4 Debian, Eclipse, Jenkins and 1 more | 8 Debian Linux, Jetty, Jenkins and 5 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. | |||||
| CVE-2022-2037 | 1 Tooljet | 1 Tooljet | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. | |||||
| CVE-2022-2019 | 1 Prison Management System Project | 1 Prison Management System | 2024-11-21 | 4.3 MEDIUM | 7.3 HIGH |
| A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||