Total
2245 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1417 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs | ||||
| CVE-2022-1401 | 1 Device42 | 1 Cmdb | 2024-11-21 | 6.9 Medium |
| Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00. | ||||
| CVE-2022-1365 | 2 Cross-fetch Project, Redhat | 4 Cross-fetch, Acm, Jboss Enterprise Bpms Platform and 1 more | 2024-11-21 | 6.5 Medium |
| Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5. | ||||
| CVE-2022-1309 | 1 Google | 1 Chrome | 2024-11-21 | 9.6 Critical |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | ||||
| CVE-2022-1224 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 6.5 Medium |
| Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | ||||
| CVE-2022-1223 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 6.5 Medium |
| Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. | ||||
| CVE-2022-1193 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allows a malicious actor to obtain details of the latest commit in a private project via Merge Requests under certain circumstances | ||||
| CVE-2022-1177 | 1 Open-emr | 1 Openemr | 2024-11-21 | 4.3 Medium |
| Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0. | ||||
| CVE-2022-1132 | 1 Google | 2 Chrome, Chrome Os | 2024-11-21 | 6.1 Medium |
| Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device. | ||||
| CVE-2022-1124 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled | ||||
| CVE-2022-1025 | 2 Argoproj, Redhat | 2 Argo Cd, Openshift Gitops | 2024-11-21 | 8.8 High |
| All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. | ||||
| CVE-2022-0985 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 Medium |
| Insufficient capability checks could allow users with the moodle/site:uploadusers capability to delete users, without having the necessary moodle/user:delete capability. | ||||
| CVE-2022-0984 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2024-11-21 | 4.3 Medium |
| Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. | ||||
| CVE-2022-0981 | 2 Quarkus, Redhat | 4 Quarkus, Camel Quarkus, Quarkus and 1 more | 2024-11-21 | 8.8 High |
| A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended. | ||||
| CVE-2022-0920 | 1 Salonbookingsystem | 1 Salon Booking System | 2024-11-21 | 7.5 High |
| The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper authorisation in some of its endpoints, which could allow customers to access all bookings and other customer's data | ||||
| CVE-2022-0866 | 1 Redhat | 4 Jboss Enterprise Application Platform, Openstack Platform, Red Hat Single Sign On and 1 more | 2024-11-21 | 5.3 Medium |
| This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it's also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled. | ||||
| CVE-2022-0860 | 2 Cobbler Project, Fedoraproject | 2 Cobbler, Fedora | 2024-11-21 | 9.1 Critical |
| Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. | ||||
| CVE-2022-0829 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.1 High |
| Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | ||||
| CVE-2022-0825 | 1 Tms-outsource | 1 Amelia | 2024-11-21 | 5.4 Medium |
| The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. | ||||
| CVE-2022-0824 | 1 Webmin | 1 Webmin | 2024-11-21 | 8.8 High |
| Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | ||||