Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2938 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2022-11-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections. | |||||
| CVE-2017-2931 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2022-11-17 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-2930 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2022-11-17 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-2928 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2022-11-17 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to setting visual mode effects. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2022-0819 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 6.5 MEDIUM | 8.8 HIGH |
| Code Injection in GitHub repository dolibarr/dolibarr prior to 15.0.1. | |||||
| CVE-2022-0414 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2022-0746 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| Business Logic Errors in GitHub repository dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2022-0224 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| dolibarr is vulnerable to Improper Neutralization of Special Elements used in an SQL Command | |||||
| CVE-2022-2060 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2022-0731 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | |||||
| CVE-2022-0174 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| dolibarr is vulnerable to Business Logic Errors | |||||
| CVE-2022-3963 | 1 Gnuboard | 1 Gnuboard5 | 2022-11-17 | N/A | 5.4 MEDIUM |
| A vulnerability was found in gnuboard5. It has been classified as problematic. Affected is an unknown function of the file bbs/faq.php of the component FAQ Key ID Handler. The manipulation of the argument fm_id leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 5.5.8.2.1 is able to address this issue. The name of the patch is ba062ca5b62809106d5a2f7df942ffcb44ecb5a9. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-213540. | |||||
| CVE-2022-45196 | 1 Hyperledger | 1 Fabric | 2022-11-17 | N/A | 7.5 HIGH |
| Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist. | |||||
| CVE-2022-30875 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. | |||||
| CVE-2022-22293 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 3.5 LOW | 5.4 MEDIUM |
| admin/limits.php in Dolibarr 7.0.2 allows HTML injection, as demonstrated by the MAIN_MAX_DECIMALS_TOT parameter. | |||||
| CVE-2021-33816 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 7.5 HIGH | 9.8 CRITICAL |
| The website builder module in Dolibarr 13.0.2 allows remote PHP code execution because of an incomplete protection mechanism in which system, exec, and shell_exec are blocked but backticks are not blocked. | |||||
| CVE-2021-33618 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. | |||||
| CVE-2021-25956 | 1 Dolibarr | 2 Dolibarr, Dolibarr Erp\/crm | 2022-11-17 | 6.5 MEDIUM | 7.2 HIGH |
| In “Dolibarr” application, v3.3.beta1_20121221 to v13.0.2 have “Modify” access for admin level users to change other user’s details but fails to validate already existing “Login” name, while renaming the user “Login”. This leads to complete account takeover of the victim user. This happens since the password gets overwritten for the victim user having a similar login name. | |||||
| CVE-2020-35136 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 9.0 HIGH | 7.2 HIGH |
| Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php. | |||||
| CVE-2020-13828 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2022-11-17 | 3.5 LOW | 5.4 MEDIUM |
| Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities that could allow remote authenticated attackers to inject arbitrary web script or HTML via ticket/card.php?action=create with the subject, message, or address parameter; adherents/card.php with the societe or address parameter; product/card.php with the label or customcode parameter; or societe/card.php with the alias or barcode parameter. | |||||