CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1651 CVE-2022-2105 841 Bypass 2022-06-24 2022-06-24
0.0
None ??? ??? ??? ??? ??? ???
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters.
1652 CVE-2022-2106 23 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files.
1653 CVE-2022-2140 79 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters.
1654 CVE-2022-2145 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.
1655 CVE-2022-2185 Exec Code 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature.
1656 CVE-2022-2197 287 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations.
1657 CVE-2022-2206 125 2022-06-26 2022-07-04
0.0
None ??? ??? ??? ??? ??? ???
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.
1658 CVE-2022-2207 122 Overflow 2022-06-27 2022-07-04
0.0
None ??? ??? ??? ??? ??? ???
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
1659 CVE-2022-2208 476 2022-06-27 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.
1660 CVE-2022-2210 787 2022-06-27 2022-07-04
0.0
None ??? ??? ??? ??? ??? ???
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.
1661 CVE-2022-2212 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
1662 CVE-2022-2213 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin_details.php?id=admin. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
1663 CVE-2022-2214 Sql 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the input ' AND (SELECT 9198 FROM (SELECT(SLEEP(5)))iqZA)-- PbtB leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
1664 CVE-2022-2216 918 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0.
1665 CVE-2022-2217 79 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0.
1666 CVE-2022-2218 79 XSS 2022-06-27 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0.
1667 CVE-2022-2221 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8.
1668 CVE-2022-2227 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions
1669 CVE-2022-2228 +Info 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range
1670 CVE-2022-2229 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of.
1671 CVE-2022-2230 Exec Code XSS 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf.
1672 CVE-2022-2231 476 2022-06-28 2022-07-04
0.0
None ??? ??? ??? ??? ??? ???
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.
1673 CVE-2022-2235 XSS 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link
1674 CVE-2022-2243 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects.
1675 CVE-2022-2244 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role to manage issues in project's error tracking feature.
1676 CVE-2022-2246 1321 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
Prototype Pollution in GitHub repository clever/underscore.deep prior to 0.5.3.
1677 CVE-2022-2250 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL.
1678 CVE-2022-2252 601 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19.
1679 CVE-2022-2253 78 Exec Code 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server.
1680 CVE-2022-2254 79 XSS 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users.
1681 CVE-2022-2257 125 2022-06-30 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
1682 CVE-2022-2264 122 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
1683 CVE-2022-2268 94 2022-07-04 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE
1684 CVE-2022-2270 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification.
1685 CVE-2022-2274 Exec Code Mem. Corr. 2022-07-01 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.
1686 CVE-2022-2279 476 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.
1687 CVE-2022-2280 79 XSS 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
1688 CVE-2022-2281 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases.
1689 CVE-2022-2282 285 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Improper Authorization in GitHub repository saltstack/salt prior to 3004.2.
1690 CVE-2022-2284 122 Overflow 2022-07-02 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
1691 CVE-2022-2285 190 Overflow 2022-07-02 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.
1692 CVE-2022-2286 125 2022-07-02 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
1693 CVE-2022-2287 125 2022-07-02 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.
1694 CVE-2022-2288 787 2022-07-03 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.
1695 CVE-2022-2289 416 2022-07-03 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Use After Free in GitHub repository vim/vim prior to 9.0.
1696 CVE-2022-2290 XSS 2022-07-03 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.
1697 CVE-2022-2300 79 XSS 2022-07-04 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.
1698 CVE-2022-2301 2022-07-04 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.
1699 CVE-2022-2304 121 Overflow 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
1700 CVE-2022-2306 613 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Old session tokens can be used to authenticate to the application and send authenticated requests.
Total number of vulnerabilities : 2011   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 (This Page)35 36 37 38 39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.