Total
347 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25227 | 1 Cybelesoft | 1 Thinfinity Vnc | 2024-11-21 | 8.8 High |
| Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE. | ||||
| CVE-2022-25146 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 5.3 Medium |
| The Remote App module in Liferay Portal Liferay Portal v7.4.3.4 through v7.4.3.8 and Liferay DXP 7.4 before update 5 does not check if the origin of event messages it receives matches the origin of the Remote App, allowing attackers to exfiltrate the CSRF token via a crafted event message. | ||||
| CVE-2022-24762 | 2 Jcubic, Sysend.js Project | 2 Sysend, Sysend.js | 2024-11-21 | 6.5 Medium |
| sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages. | ||||
| CVE-2022-23764 | 2 Microsoft, Teruten | 2 Windows, Webcube | 2024-11-21 | 8.8 High |
| The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution. | ||||
| CVE-2022-23763 | 2 Douzone, Microsoft | 2 Neors, Windows | 2024-11-21 | 7.8 High |
| Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections. | ||||
| CVE-2022-23032 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2024-11-21 | 5.3 Medium |
| In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-22757 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.5 Medium |
| Remote Agent, used in WebDriver, did not validate the Host or Origin headers. This could have allowed websites to connect back locally to the user's browser to control it. <br>*This bug only affected Firefox when WebDriver was enabled, which is not the default configuration.*. This vulnerability affects Firefox < 97. | ||||
| CVE-2022-22594 | 2 Apple, Redhat | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 6.5 Medium |
| A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information. | ||||
| CVE-2022-1747 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2024-11-21 | 4.6 Medium |
| The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization. | ||||
| CVE-2022-1497 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Input in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to spoof the contents of cross-origin websites via a crafted HTML page. | ||||
| CVE-2022-0120 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website. | ||||
| CVE-2022-0113 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2022-0111 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page. | ||||
| CVE-2022-0108 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-11-21 | 6.5 Medium |
| Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | ||||
| CVE-2021-4024 | 3 Fedoraproject, Podman Project, Redhat | 3 Fedora, Podman, Enterprise Linux | 2024-11-21 | 6.5 Medium |
| A flaw was found in podman. The `podman machine` function (used to create and manage Podman virtual machine containing a Podman process) spawns a `gvproxy` process on the host system. The `gvproxy` API is accessible on port 7777 on all IP addresses on the host. If that port is open on the host's firewall, an attacker can potentially use the `gvproxy` API to forward ports on the host to ports in the VM, making private services on the VM accessible to the network. This issue could be also used to interrupt the host's services by forwarding all ports to the VM. | ||||
| CVE-2021-46701 | 1 Premid | 1 Premid | 2024-11-21 | 7.2 High |
| PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events from a socket and emit events to a socket, potentially interfering with a victim's "now playing" status on Discord. | ||||
| CVE-2021-46147 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 8.8 High |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. MassEditRegex allows CSRF. | ||||
| CVE-2021-45441 | 2 Microsoft, Trendmicro | 4 Windows, Apex One, Worry-free Business Security and 1 more | 2024-11-21 | 7.8 High |
| A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2021-44935 | 1 Glfusion | 1 Glfusion | 2024-11-21 | 9.1 Critical |
| glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction. | ||||
| CVE-2021-44458 | 2 Linux, Mirantis | 2 Linux Kernel, Lens | 2024-11-21 | 8.3 High |
| Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website. The malicious website could make websocket connections from the victim's browser to Lens and so operate the local terminal feature. This would allow the attacker to execute arbitrary commands as the Lens user. | ||||