CVE's - CVE Vulnerability

CVE

Vendors

Products

Updated

CVSS v2

CVSS v3

CVE-2022-0404

2022-06-16

N/A

6.5 MEDIUM

The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site.

CVE-2022-0403

2022-04-11

N/A

8.1 HIGH

The Library File Manager WordPress plugin before 5.2.3 is using an outdated version of the elFinder library, which is know to be affected by security issues (CVE-2021-32682), and does not have any authorisation as well as CSRF checks in its connector AJAX action, allowing any authenticated users, such as subscriber to call it. Furthermore, as the options passed to the elFinder library does not restrict any file type, users with a role as low as subscriber can Create/Upload/Delete Arbitrary files and folders.

CVE-2022-0401

2022-02-04

N/A

9.8 CRITICAL

Path Traversal in NPM w-zip prior to 1.0.12.

CVE-2022-0400

2022-09-01

N/A

7.5 HIGH

An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.

CVE-2022-0399

2022-03-21

N/A

6.1 MEDIUM

The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action's response, leading to a Reflected Cross-Site Scripting

CVE-2022-0398

2022-05-04

N/A

5.4 MEDIUM

The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website

CVE-2022-0397

2022-04-04

N/A

5.4 MEDIUM

The WPC Smart Wishlist for WooCommerce WordPress plugin before 2.9.4 does not sanitise and escape the key parameter before outputting it back in the wishlist_quickview AJAX action's response (available to any authenticated user), leading to a Reflected Cross-Site Scripting

CVE-2022-0396

Baseboard Management Controller H700s Firmware, Netapp

500f, 500f_firmware, 7-mode_transition_tool, 8300, 8300_firmware, 8700, 8700_firmware, A220, A220_firmware, A250

2022-11-16

N/A

5.3 MEDIUM

BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.

CVE-2022-0395

2022-03-01

N/A

5.4 MEDIUM

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

CVE-2022-0394

2022-03-04

N/A

5.4 MEDIUM

Cross-site Scripting (XSS) - Stored in Packagist remdex/livehelperchat prior to 3.93v.

« Previous 1 … 11,056 11,057 11,058 11,059 11,060 … 11,258 Next »