Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-24626 | 1 Chameleon Css Project | 1 Chameleon Css | 2022-11-09 | 6.5 MEDIUM | 8.8 HIGH |
The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection | |||||
CVE-2021-24685 | 1 Flat Preloader Project | 1 Flat Preloader | 2022-11-09 | 5.0 MEDIUM | 5.4 MEDIUM |
The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload (triggered either in the frontend or backend depending on the payload) | |||||
CVE-2021-24570 | 1 Wpplugin | 1 Accept Donations With Paypal | 2022-11-09 | 4.3 MEDIUM | 4.3 MEDIUM |
The Accept Donations with PayPal WordPress plugin before 1.3.1 offers a function to create donation buttons, which internally are posts. The process to create a new button is lacking a CSRF check. An attacker could use this to make an authenticated admin create a new button. Furthermore, one of the Button field is not escaped before being output in an attribute when editing a Button, leading to a Stored Cross-Site Scripting issue as well. | |||||
CVE-2021-24543 | 1 Jquery-reply-to-comment Project | 1 Jquery-reply-to-comment | 2022-11-09 | 4.3 MEDIUM | 6.1 MEDIUM |
The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue. | |||||
CVE-2022-26520 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql Jdbc Driver | 2022-11-09 | 7.5 HIGH | 9.8 CRITICAL |
** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties. | |||||
CVE-2022-25243 | 1 Hashicorp | 1 Vault | 2022-11-09 | 3.5 LOW | 6.5 MEDIUM |
"Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4. | |||||
CVE-2022-24716 | 1 Icinga | 1 Icinga Web 2 | 2022-11-09 | 5.0 MEDIUM | 7.5 HIGH |
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Unauthenticated users can leak the contents of files of the local system accessible to the web-server user, including `icingaweb2` configuration files with database credentials. This issue has been resolved in versions 2.9.6 and 2.10 of Icinga Web 2. Database credentials should be rotated. | |||||
CVE-2022-24714 | 1 Icinga | 1 Icinga Web 2 | 2022-11-09 | 4.3 MEDIUM | 5.3 MEDIUM |
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may still have access to a collection of content. Note that this only applies if a role has implicitly permitted access to hosts, due to permitted access to at least one of their services. If access to a host is permitted by other means, no sensible information has been disclosed to unauthorized users. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. | |||||
CVE-2022-23708 | 1 Elastic | 1 Elasticsearch | 2022-11-09 | 4.0 MEDIUM | 4.3 MEDIUM |
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. | |||||
CVE-2021-24730 | 1 Infornweb | 1 Logo Showcase With Slick Slider | 2022-11-09 | 4.0 MEDIUM | 4.3 MEDIUM |
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. | |||||
CVE-2022-1391 | 1 Kanev | 1 Cab Fare Calculator | 2022-11-09 | 7.5 HIGH | 9.8 CRITICAL |
The Cab fare calculator WordPress plugin before 1.0.4 does not validate the controller parameter before using it in require statements, which could lead to Local File Inclusion issues. | |||||
CVE-2022-29078 | 1 Ejs | 1 Ejs | 2022-11-09 | 7.5 HIGH | 9.8 CRITICAL |
The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation). | |||||
CVE-2022-25169 | 2 Apache, Oracle | 2 Tika, Primavera Unifier | 2022-11-09 | 4.3 MEDIUM | 5.5 MEDIUM |
The BPG parser in versions of Apache Tika before 1.28.2 and 2.4.0 may allocate an unreasonable amount of memory on carefully crafted files. | |||||
CVE-2021-25094 | 1 Brandexponents | 1 Tatsu | 2022-11-09 | 6.8 MEDIUM | 8.1 HIGH |
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By adding a PHP shell with a filename starting with a dot ".", this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker. | |||||
CVE-2022-24715 | 1 Icinga | 1 Icinga Web 2 | 2022-11-09 | 6.0 MEDIUM | 8.8 HIGH |
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration. | |||||
CVE-2022-23806 | 3 Debian, Golang, Netapp | 6 Debian Linux, Go, Beegfs Csi Driver and 3 more | 2022-11-09 | 6.4 MEDIUM | 9.1 CRITICAL |
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | |||||
CVE-2019-15691 | 2 Opensuse, Tigervnc | 2 Leap, Tigervnc | 2022-11-09 | 6.5 MEDIUM | 7.2 HIGH |
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack unwinding. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | |||||
CVE-2022-39390 | 2022-11-09 | N/A | N/A | ||
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-36534. Reason: This candidate is a reservation duplicate of CVE-2020-36534. Notes: All CVE users should reference CVE-2020-36534 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
CVE-2022-37866 | 1 Apache | 1 Ivy | 2022-11-09 | N/A | 7.5 HIGH |
When Apache Ivy downloads artifacts from a repository it stores them in the local file system based on a user-supplied "pattern" that may include placeholders for artifacts coordinates like the organisation, module or version. If said coordinates contain "../" sequences - which are valid characters for Ivy coordinates in general - it is possible the artifacts are stored outside of Ivy's local cache or repository or can overwrite different artifacts inside of the local cache. In order to exploit this vulnerability an attacker needs collaboration by the remote repository as Ivy will issue http requests containing ".." sequences and a "normal" repository will not interpret them as part of the artifact coordinates. Users of Apache Ivy 2.0.0 to 2.5.1 should upgrade to Ivy 2.5.1. | |||||
CVE-2022-30543 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-11-09 | N/A | 8.8 HIGH |
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability. |