Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45031 | 1 Mepsan | 1 Stawiz Usc\+\+ | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. | |||||
| CVE-2022-1155 | 1 Snipeitapp | 1 Snipe-it | 2022-04-05 | 6.5 MEDIUM | 7.4 HIGH |
| Old sessions are not blocked by the login enable function. in GitHub repository snipe/snipe-it prior to 5.3.10. | |||||
| CVE-2022-28209 | 1 Mediawiki | 1 Mediawiki | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. | |||||
| CVE-2019-4045 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2022-04-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241. | |||||
| CVE-2019-3599 | 1 Mcafee | 1 Agent | 2022-04-05 | 4.3 MEDIUM | 7.5 HIGH |
| Information Disclosure vulnerability in Remote logging (which is disabled by default) in McAfee Agent (MA) 5.x allows remote unauthenticated users to access sensitive information via remote logging when it is enabled. | |||||
| CVE-2019-9942 | 2 Debian, Symfony | 2 Debian Linux, Twig | 2022-04-05 | 4.3 MEDIUM | 3.7 LOW |
| A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place. | |||||
| CVE-2022-27250 | 1 Unisoc | 1 Unisoc Chipset | 2022-04-05 | 10.0 HIGH | 9.8 CRITICAL |
| The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data. | |||||
| CVE-2022-26646 | 1 Banking System Project | 1 Banking System | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter. | |||||
| CVE-2022-28206 | 1 Mediawiki | 1 Mediawiki | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. | |||||
| CVE-2022-28205 | 1 Mediawiki | 1 Mediawiki | 2022-04-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. | |||||
| CVE-2020-36327 | 3 Bundler, Fedoraproject, Microsoft | 3 Bundler, Fedora, Package Manager Configurations | 2022-04-05 | 9.3 HIGH | 8.8 HIGH |
| Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. | |||||
| CVE-2021-43105 | 1 Technitium | 1 Dns Server | 2022-04-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the bailiwick checking function in Technitium DNS Server <= v7.0 exists that allows specific malicious users to inject `NS` records of any domain (even TLDs) into the cache and conduct a DNS cache poisoning attack. | |||||
| CVE-2022-0751 | 1 Gitlab | 1 Gitlab | 2022-04-05 | 6.8 MEDIUM | 8.8 HIGH |
| Inaccurate display of Snippet files containing special characters in all versions of GitLab CE/EE allows an attacker to create Snippets with misleading content which could trick unsuspecting users into executing arbitrary commands | |||||
| CVE-2022-23799 | 1 Joomla | 1 Joomla\! | 2022-04-05 | 6.8 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. | |||||
| CVE-2021-46433 | 1 Fenom Project | 1 Fenom | 2022-04-04 | 6.8 MEDIUM | 10.0 CRITICAL |
| In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true. | |||||
| CVE-2022-0344 | 1 Gitlab | 1 Gitlab | 2022-04-04 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 10.0 before 14.5.4, all versions starting from 10.1 before 14.6.4, all versions starting from 10.2 before 14.7.1. Private project paths can be disclosed to unauthorized users via system notes when an Issue is closed via a Merge Request and later moved to a public project | |||||
| CVE-2022-0549 | 1 Gitlab | 1 Gitlab | 2022-04-04 | 3.5 LOW | 6.5 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Under certain conditions, GitLab REST API may allow unprivileged users to add other users to groups even if that is not possible to do through the Web UI. | |||||
| CVE-2022-0371 | 1 Gitlab | 1 Gitlab | 2022-04-04 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 before 14.5.4, all versions starting from 14.6 before 14.6.4, all versions starting from 14.7 before 14.7.1. GitLab search may allow authenticated users to search other users by their respective private emails even if a user set their email to private. | |||||
| CVE-2015-10002 | 1 Kiddoware | 1 Kids Place | 2022-04-04 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is recommended to upgrade the affected component. | |||||
| CVE-2021-46434 | 1 Emqx | 1 Emqx | 2022-04-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** EMQ X Dashboard V3.0.0 is affected by username enumeration in the "/api /v3/auth" interface. When a user login, the application returns different results depending on whether the account is correct, that allowed an attacker to determine if a given username was valid. | |||||