Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-25613 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2022-04-11 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in FV Flowplayer Video Player (WordPress plugin) versions <= 7.5.18.727 via &fv_wp_flowplayer_field_splash parameter. | |||||
| CVE-2020-6382 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2017-5052 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting. | |||||
| CVE-2022-0740 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Incorrect authorization in the Asana integration's branch restriction feature in all versions of GitLab CE/EE starting from version 7.8.0 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 makes it possible to close Asana tasks from unrestricted branches. | |||||
| CVE-2022-1105 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an unauthorized user to access pipeline analytics even when public pipelines are disabled | |||||
| CVE-2020-6385 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in storage in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to bypass site isolation via a crafted HTML page. | |||||
| CVE-2022-1100 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage. | |||||
| CVE-2022-26616 | 1 Public Knowledge Project | 1 Open Journal Systems | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| PKP Vendor Open Journal System v2.4.8 to v3.3.8 allows attackers to perform reflected cross-site scripting (XSS) attacks via crafted HTTP headers. | |||||
| CVE-2022-1099 | 1 Gitlab | 1 Gitlab | 2022-04-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Adding a very large number of tags to a runner in GitLab CE/EE affecting all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows an attacker to impact the performance of GitLab | |||||
| CVE-2020-6390 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6391 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-04-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient validation of untrusted input in Blink in Google Chrome prior to 80.0.3987.87 allowed a local attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-6396 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2022-04-11 | 4.3 MEDIUM | 4.3 MEDIUM |
| Inappropriate implementation in Skia in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | |||||
| CVE-2020-6811 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2022-04-11 | 6.8 MEDIUM | 8.8 HIGH |
| The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as Curl' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. This vulnerability affects Thunderbird < 68.6, Firefox < 74, Firefox < ESR68.6, and Firefox ESR < 68.6. | |||||
| CVE-2016-7410 | 1 Libdwarf Project | 1 Libdwarf | 2022-04-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file. | |||||
| CVE-2021-44138 | 1 Caucho | 1 Resin | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| There is a Directory traversal vulnerability in Caucho Resin, as distributed in Resin 4.0.52 - 4.0.56, which allows remote attackers to read files in arbitrary directories via a ; in a pathname within an HTTP request. | |||||
| CVE-2022-24802 | 1 Deepmerge-ts Project | 1 Deepmerge-ts | 2022-04-11 | 7.5 HIGH | 9.8 CRITICAL |
| deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords(). This issue has been patched in version 4.0.2. There are no known workarounds for this issue. | |||||
| CVE-2022-28380 | 1 Rc-httpd Project | 1 Rc-httpd | 2022-04-11 | 5.0 MEDIUM | 7.5 HIGH |
| The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal if serve-static is used. | |||||
| CVE-2022-0958 | 1 Mark Posts Project | 1 Mark Posts | 2022-04-11 | 3.5 LOW | 4.8 MEDIUM |
| The Mark Posts WordPress plugin before 2.0.1 does not escape new markers, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-0901 | 1 Ad Inserter Project | 1 Ad Inserter | 2022-04-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ad Inserter Free and Pro WordPress plugins before 2.7.12 do not sanitise and escape the REQUEST_URI before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters | |||||
| CVE-2022-0887 | 1 Cybernetikz | 1 Easy Social Icons | 2022-04-11 | 6.5 MEDIUM | 7.2 HIGH |
| The Easy Social Icons WordPress plugin before 3.1.4 does not sanitize the selected_icons attribute to the cnss_widget before using it in an SQL statement, leading to a SQL injection vulnerability. | |||||