CVE-2022-0174
published 2022-01-10CVE-2022-0174: Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.85%
53.6th percentile
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dolibarr | dolibarr | >= 0 < 15.0.0 | 15.0.0 |
| dolibarr | dolibarr_dolibarr | >= unspecified < develop | develop |
| dolibarr | dolibarr_erp_crm | < 15.0.0 | 15.0.0 |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
osv4.3MEDIUM
cisa8.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Logic error in dolibarr
ghsa·2022-01-12
CVE-2022-0174 [MEDIUM] CWE-1284 Logic error in dolibarr
Logic error in dolibarr
The application does not check the input of price number lead to Business Logic error through negative price amount.
OSV
Logic error in dolibarr
osv·2022-01-12
CVE-2022-0174 [MEDIUM] Logic error in dolibarr
Logic error in dolibarr
The application does not check the input of price number lead to Business Logic error through negative price amount.
OSV
CVE-2022-0174: Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr
osv·2022-01-10·CVSS 4.3
CVE-2022-0174 [MEDIUM] CVE-2022-0174: Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
CISA
Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability
cisa·2022-03-03·CVSS 8.6
CVE-2018-0174 [HIGH] CWE-20 Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability
Vulnerability: Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability
Affected: Cisco IOS XE Software
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2018-0174
Remediation Due Date: 2022-03-17
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-01-10
Published