Skip to main content
CVE-2022-0167 MEDIUM POC This Month

An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2022-31605 CRITICAL PATCH Act Now

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its utils module, where YAML files are loaded via yaml.load() instead of yaml.safe_load(). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Denial Of Service Nvflare
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-31604 CRITICAL PATCH Act Now

NVFLARE, versions prior to 2.1.2, contains a vulnerability in its PKI implementation module, where The CA credentials are transported via pickle and no safe deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization RCE Denial Of Service Nvflare
NVD GitHub
CVSS 3.1
9.8
EPSS
1.9%
CVE-2022-32295 CRITICAL Act Now

On Ampere Altra and AltraMax devices before SRP 1.09, the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ampere Altra Firmware Ampere Altra Max Firmware
NVD
CVSS 3.1
9.8
EPSS
1.2%
CVE-2022-25876 MEDIUM POC PATCH This Month

The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

SSRF Link Preview Js
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-2279 MEDIUM POC PATCH This Month

NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Null Pointer Dereference Libmobi
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2022-2280 MEDIUM POC PATCH This Month

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Microweber
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-32988 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dsl N14U B1 Firmware
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-2253 CRITICAL Act Now

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Webhmi Firmware
NVD
CVSS 3.1
9.1
EPSS
1.1%
CVE-2022-33103 HIGH This Week

Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow U Boot
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-2229 HIGH This Week

An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
1.2%
CVE-2022-27904 HIGH This Week

Automox Agent for macOS before version 39 was vulnerable to a time-of-check/time-of-use (TOCTOU) race-condition attack during the agent install process. Rated high severity (CVSS 7.0). No vendor patch available.

Apple Information Disclosure Automox
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2022-2228 MEDIUM This Month

Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-31113 MEDIUM PATCH This Month

Canarytokens is an open source tool which helps track activity and actions on your network. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Canarytokens
NVD GitHub
CVSS 3.1
6.1
EPSS
0.5%
CVE-2022-2250 MEDIUM This Month

An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Open Redirect
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2022-22367 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-22373 MEDIUM PATCH This Month

An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM SAP Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2022-2235 MEDIUM This Month

Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2022-1954 MEDIUM This Month

A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Gitlab
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2022-2270 MEDIUM This Month

An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Gitlab
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-1999 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2022-1963 MEDIUM This Month

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2022-2281 MEDIUM This Month

An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2022-34894 MEDIUM This Month

In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Hub
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-25896 MEDIUM PATCH This Month

This affects the package passport before 0.6.0. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required.

Session Fixation Information Disclosure Passport
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2022-2254 MEDIUM This Month

A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Webhmi Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2022-2230 MEDIUM This Month

A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab XSS
NVD
CVSS 3.1
4.8
EPSS
56.2%
CVE-2022-22366 MEDIUM PATCH This Month

IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Urbancode Deploy
NVD
CVSS 3.1
4.4
EPSS
0.4%
CVE-2022-2244 MEDIUM This Month

An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project memebers with reporter role. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2022-2243 MEDIUM This Month

An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-2227 MEDIUM This Month

Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Gitlab Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2022-1983 MEDIUM This Month

Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2022-1981 LOW Monitor

An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab
NVD
CVSS 3.1
2.7
EPSS
0.7%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy