Total
47 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0524 | 1 Publify Project | 1 Publify | 2022-02-11 | 5.0 MEDIUM | 7.5 HIGH |
| Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. | |||||
| CVE-2021-4171 | 1 Calibre-web Project | 1 Calibre-web | 2022-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| calibre-web is vulnerable to Business Logic Errors | |||||
| CVE-2021-4146 | 1 Pimcore | 1 Pimcore | 2022-01-24 | 4.0 MEDIUM | 4.3 MEDIUM |
| Business Logic Errors in GitHub repository pimcore/pimcore prior to 10.2.6. | |||||
| CVE-2020-8228 | 2 Nextcloud, Opensuse | 3 Preferred Providers, Backports Sle, Leap | 2020-10-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times. | |||||
| CVE-2019-3789 | 1 Cloudfoundry | 1 Routing Release | 2020-10-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| Cloud Foundry Routing Release, all versions prior to 0.188.0, contains a vulnerability that can hijack the traffic to route services hosted outside the platform. A user with space developer permissions can create a private domain that shadows the external domain of the route service, and map that route to an app. When the gorouter receives traffic destined for the external route service, this traffic will instead be directed to the internal app using the shadow route. | |||||
| CVE-2019-15608 | 1 Yarnpkg | 1 Yarn | 2020-03-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The package integrity validation in yarn < 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It's not computed again when reading from the cache. This may lead to a cache pollution attack. | |||||
| CVE-2019-3787 | 1 Pivotal Software | 1 Cloud Foundry Uaa-release | 2020-02-10 | 4.3 MEDIUM | 8.8 HIGH |
| Cloud Foundry UAA, versions prior to 73.0.0, falls back to appending “unknown.org” to a user's email address when one is not provided and the user name does not contain an @ character. This domain is held by a private company, which leads to attack vectors including password recovery emails sent to a potentially fraudulent address. This would allow the attacker to gain complete control of the user's account. | |||||