ColumnPack:ColumnPack-plugin (=1.0.3), com.antelink.reporter.jenkins.plugin:AntepediaReporter-CI-plugin (>=1.0 <=1.6.3) +634 more potentially affected by CVE-2012-4439 via org.jenkins-ci.main:jenkins-core (>=1.396 <=1.466.1)

org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.0, =1.0, =1.0-beta-1, =2.1, =1.0, =1.0, =0.1, =0.1, =0.5, =1.02.03, =1.0, =1.0.6 and more Source cves: CVE-2012-4439 Source advisory: OSV:GHSA-X97G-3GP9-CF2P...

CustomHistory:CustomHistory (>=1.1 <=1.3), com.amazonaws:aws-codepipeline (>=0.9 <=0.45) +158 more potentially affected by CVE-2012-4439 via org.jenkins-ci.main:jenkins-core (>=1.467 <=1.481)

org.jenkins-ci.main:jenkins-core MAVEN version =1.467, =1.1, =0.9, =0.3, =0.10, =1.0.3, =1.3.3, =1.99.0, =2.11.0, =1.8.5, =1.15, =1.6.0, =1.13.1 and more Source cves: CVE-2012-4439 Source advisory: OSV:GHSA-X97G-3GP9-CF2P...

Mutt 缓冲区错误漏洞

Mutt is a text-based email client for Unix-like systems by Michael Elkins, a personal developer. A security vulnerability exists in Mutt versions 0.94.13 through 2.2.3, which stems from a buffer overflow issue that allows the application to read the end of an input line...

aa-charlink (>=0.1.1 <=1.0.0), aa-drifters (=0.1.0a0) +218 more potentially affected by CVE-2022-28346 via django (>=4.0.0 <=4.0.3)

django PYPI version =4.0.0, =0.1.1, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =3.1.1, =3.6.4, =0.10.0, =1.1.2, =0.2.0, =0.6.1, =0.6.10 and more Source cves: CVE-2022-28346 Source advisory: OSV:GHSA-2GWJ-7JMV-H26R...

admin-tool-button (>=1.0.1a0 <=1.0.5a0), aimmo (>=2.0.0 <=2.0.1) +71 more potentially affected by CVE-2022-28347 via django (>=3.2.0 <=3.2.12)

django PYPI version =3.2.0, =1.0.1a0, =2.0.0, =0.2.0, =22.0.0.dev21, =22.0.0.dev13, =22.0.0.dev29, =6.0.0, =6.0.0, =6.4.1 - coldfront =1.1.0 - common-framework =2021.4.1 - directory-validators =9.0.0 and more Source cves: CVE-2022-28347 Source advisory: OSV:GHSA-W24H-V9QH-8GXJ...

ALPINE-CVE-2022-24070

Subversion's moddavsvn is vulnerable to memory corruption. While looking up path-based authorization rules, moddavsvn servers may attempt to use memory which has already been freed. Affected Subversion moddavsvn servers 1.10.0 through 1.14.1 inclusive. Servers that do not use moddavsvn are not...

@amedia/user (>=0.1.0 <=0.3.2), @aztec/alpha-sdk (=2.2.0) +61 more potentially affected by CVE-2022-21189 via dexie (>=3.0.0-rc.3 <=3.0.3)

dexie NPM version =3.0.0-rc.3, =0.1.0, =2.1.0-testnet.79, =2.2.0-alpha.5, =0.0.1-beta.1, =0.2.20, =0.14.37, =1.0.0, =2.2.0-alpha.3, =0.5.7, =0.5.7, =0.0.3, =0.0.3, =0.0.3, =0.0.6 and more Source cves: CVE-2022-21189 Source advisory: SNYK:JS-DEXIE-2607042...

CVE-2022-26110

An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon...

CVE-2022-1100

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user...

UBUNTU-CVE-2022-1175

Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes...

UBUNTU-CVE-2022-1100

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user...

2vyper (=0.3.0), ape-vyper (>=0.7.1 <=0.8.3) +23 more potentially affected by CVE-2022-24787 via vyper (>=0.1.0b12 <=0.3.10)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.1.3, =0.1.10 and more Source cves: CVE-2022-24787 Source advisory: OSV:PYSEC-2022-196...

@cao_steven/nb-core (=1.0.0), @dcodegroup-au/dsg-vue (>=0.0.17 <=0.0.18) +85 more potentially affected by CVE-2022-0350 via vditor (>=2.3.1 <=3.3.9)

vditor NPM version =2.3.1, =0.0.17, =2.1.5, =2.1.5, =2.1.5, =2.1.5, =2.1.5, =2.1.5, =2.1.5, =0.0.1, =0.0.2, =0.0.1-beta.15, =0.0.1, =0.0.0, =0.0.24 and more Source cves: CVE-2022-0350 Source advisory: OSV:GHSA-689X-X68P-FPH3...

GitLab Enterprise Edition 跨站脚本漏洞

GitLab Enterprise Edition is a content management system. A cross-site scripting vulnerability exists in GitLab Enterprise Edition versions 14.4.0 through 14.9.1 that stems from insufficient cleanup of user-supplied data in comments. A remote user can exploit this vulnerability to inject and...

PT-2022-13134 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.4 through 14.7.1 Description: The issue is related to improper access control, allowing project non-members to retrieve the service desk email address. Recommendations: For GitLab CE/EE versions 12.4 through 14.7.1,...

PT-2022-6720 · Adobe · Acrobat Reader

Name of the Vulnerable Software and Affected Versions: Acrobat Reader DC versions 17.012.30205 through 22.001.20085 Acrobat Reader DC versions 20.005.3031x and earlier Description: The issue is related to an out-of-bounds write vulnerability that could result in arbitrary code execution in the...

3deecelltracker (=1.0.0), abracadabra (>=0.0.0 <=0.0.7) +92 more potentially affected by CVE-2022-24758 via notebook (>=4.2.3 <=6.4.1)

notebook PYPI version =4.2.3, =0.0.0, =1.0.0, =1.0.0, =0.1.1, =1.0.1, =1.0.1, =0.0.2a0, =1.0.0, =0.3.4, =0.1.0rc1, =0.0.1, =0.1.3, =0.2.4 and more Source cves: CVE-2022-24758 Source advisory: OSV:PYSEC-2022-180...

ai.aitia:arrowhead-application-library-java-spring (>=4.4.0.2 <=4.6.0.0), ai.ylyue:yue-library-auth-client (=j11.2.6.0) +2343 more potentially affected by CVE-2022-22965 via org.springframework.boot:spring-boot-starter-web (>=2.6.0 <=2.6.5)

org.springframework.boot:spring-boot-starter-web MAVEN version =2.6.0, =4.4.0.2, =j11.2.6.0, =1.2.5.RELEASE, =0.1.2, =5.7.7, =5.7.7, =5.7.7, =1.0.0, =1.0.2, =1.0.0, =3.1.305, =3.1.305, =3.1.313 and more Source cves: CVE-2022-22965 Source advisory: OSV:GHSA-36P3-WJMG-H94X...

elita (>=0.60.0 <=0.64.1), slskit (>=2020.1.1 <=2020.9.0) potentially affected by CVE-2022-22934 via salt (>=2014.1.10 <=3001.8.0)

salt PYPI version =2014.1.10, =0.60.0, =2020.1.1, =2020.9.0 Source cves: CVE-2022-22934 Source advisory: OSV:GHSA-2Q4G-WFM6-5FPM...

CVE-2022-27888

Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information session tokens. This issue was fixed in 2.249.1...