Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-43478 1 Hoosk 1 Hoosk 2022-04-11 5.5 MEDIUM 5.4 MEDIUM
A vulnerability exists in Hoosk 1.8.0 in /install/index.php, due to a failure to check if config.php already exists in the root directory, which could let a malicious user reinstall the website.
CVE-2021-3422 1 Splunk 1 Splunk 2022-04-11 4.3 MEDIUM 7.5 HIGH
The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of either or both reduces the severity to Medium.
CVE-2021-32970 1 Moxa 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more 2022-04-11 7.8 HIGH 7.5 HIGH
Data can be copied without validation in the built-in web server in Moxa NPort IAW5000A-I/O series firmware version 2.2 or earlier, which may allow a remote attacker to cause denial-of-service conditions.
CVE-2022-1120 1 Gitlab 1 Gitlab 2022-04-11 4.0 MEDIUM 6.5 MEDIUM
Missing filtering in an error message in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 exposed sensitive information when an include directive fails in the CI/CD configuration.
CVE-2022-1111 1 Gitlab 1 Gitlab 2022-04-11 3.5 LOW 2.7 LOW
A business logic error in Project Import in GitLab CE/EE versions 14.9 prior to 14.9.2, 14.8 prior to 14.8.5, and 14.0 prior to 14.7.7 under certain conditions caused imported projects to show an incorrect user in the 'Access Granted' column in the project membership pages
CVE-2022-1148 1 Gitlab 1 Gitlab 2022-04-11 4.3 MEDIUM 6.5 MEDIUM
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11.5 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to steal a user's access token on an attacker-controlled private GitLab Pages website and reuse that token on the victim's other private websites
CVE-2022-1121 1 Gitlab 1 Gitlab 2022-04-11 5.0 MEDIUM 5.3 MEDIUM
A lack of appropriate timeouts in GitLab Pages included in GitLab CE/EE all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to cause unlimited resource consumption.
CVE-2021-32968 1 Moxa 8 Nport Iaw5150a-12i\/o, Nport Iaw5150a-12i\/o Firmware, Nport Iaw5150a-6i\/o and 5 more 2022-04-11 5.0 MEDIUM 7.5 HIGH
Two buffer overflows in the built-in web server in Moxa NPort IAW5000A-I/O Series firmware version 2.2 or earlier may allow a remote attacker to cause a denial-of-service condition.
CVE-2022-28355 1 Scala-js 1 Scala.js 2022-04-11 5.0 MEDIUM 7.5 HIGH
randomUUID in Scala.js before 1.10.0 generates predictable values.
CVE-2022-1189 1 Gitlab 1 Gitlab 2022-04-11 4.0 MEDIUM 4.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project.
CVE-2017-5094 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2022-04-11 4.3 MEDIUM 6.5 MEDIUM
Type confusion in extensions JavaScript bindings in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted HTML page.
CVE-2022-1188 1 Gitlab 1 Gitlab 2022-04-11 5.0 MEDIUM 5.3 MEDIUM
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible.
CVE-2017-5059 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2022-04-11 6.8 MEDIUM 8.8 HIGH
Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac, and 58.0.3029.83 for Android, allowed a remote attacker to potentially obtain code execution via a crafted HTML page.
CVE-2017-5057 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2022-04-11 6.8 MEDIUM 8.8 HIGH
Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
CVE-2017-5056 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2022-04-11 6.8 MEDIUM 8.8 HIGH
A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2017-5054 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2022-04-11 6.8 MEDIUM 8.8 HIGH
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.
CVE-2017-5053 5 Apple, Google, Linux and 2 more 8 Macos, Android, Chrome and 5 more 2022-04-11 6.8 MEDIUM 9.6 CRITICAL
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.
CVE-2022-21947 1 Suse 1 Rancher Desktop 2022-04-11 5.8 MEDIUM 8.8 HIGH
A Improper Access Control vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.
CVE-2020-6381 6 Debian, Fedoraproject, Google and 3 more 11 Debian Linux, Fedora, Android and 8 more 2022-04-11 6.8 MEDIUM 8.8 HIGH
Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2022-25618 1 Tms-outsource 1 Wpdatatables Lite 2022-04-11 3.5 LOW 4.8 MEDIUM
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in wpDataTables (WordPress plugin) versions <= 2.1.27