| CVE Number |
Description |
Base Score |
Reference |
| CVE-2020-2944 |
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2944 |
| CVE-2020-25252 |
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. CSRF can be used to log in a user, and then perform actions, because there are default credentials (the wstinol password for the manager or hsi account). |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25252 |
| CVE-2020-6556 |
Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-6556 |
| CVE-2020-4280 |
IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function. By sending a malicious serialized Java object, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 176140. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-4280 |
| CVE-2020-13557 |
A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13557 |
| CVE-2020-13560 |
A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13560 |
| CVE-2020-13570 |
A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13570 |
| CVE-2020-13547 |
A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13547 |
| CVE-2021-1257 |
A vulnerability in the web-based management interface of Cisco DNA Center Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to manipulate an authenticated user into executing malicious actions without their awareness or consent. The vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a web-based management user to follow a specially crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the device with the privileges of the authenticated user. These actions include modifying the device configuration, disconnecting the user's session, and executing Command Runner commands. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-1257 |
| CVE-2020-13551 |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13551 |
| CVE-2020-13552 |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13552 |
| CVE-2020-13553 |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13553 |
| CVE-2020-13555 |
An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13555 |
| CVE-2021-32625 |
Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB). |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32625 |
| CVE-2021-1675 |
Windows Print Spooler Elevation of Privilege Vulnerability |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-1675 |
| CVE-2021-34527 |
Windows Print Spooler Remote Code Execution Vulnerability |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-34527 |
| CVE-2021-31894 |
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.X (All versions), SIMATIC PDM (All versions), SIMATIC STEP 7 V5.X (All versions < V5.7), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 SP2 HF1). A directory containing metafiles relevant to devices' configurations has write permissions. An attacker could leverage this vulnerability by changing the content of certain metafiles and subsequently manipulate parameters or behavior of devices that would be later configured by the affected software. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-31894 |
| CVE-2021-32756 |
ManageIQ is an open-source management platform. In versions prior to jansa-4, kasparov-2, and lasker-1, there is a flaw in the MiqExpression module of ManageIQ where a low privilege user could enter a crafted Ruby string which would be evaluated. Successful exploitation will allow an attacker to execute arbitrary code with root privileges on the host system. There are patches for this issue in releases named jansa-4, kasparov-2, and lasker-1. If possible, restrict users, via RBAC, to only the part of the application that they need access to. While MiqExpression is widely used throughout the product, restricting users can limit the surface of the attack. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32756 |
| CVE-2021-36741 |
An improper input validation vulnerability in Trend Micro Apex One, Apex One as a Service, OfficeScan XG, and Worry-Free Business Security 10.0 SP1 allows a remote attached to upload arbitrary files on affected installations. Please note: an attacker must first obtain the ability to logon to the product's management console in order to exploit this vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-36741 |
| CVE-2021-38346 |
The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-38346 |
| CVE-2022-27223 |
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27223 |
| CVE-2022-26493 |
Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26493 |
| CVE-2018-25042 |
A vulnerability classified as critical has been found in uTorrent. This affects an unknown part. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2018-25042 |
| CVE-2018-25043 |
A vulnerability classified as critical was found in uTorrent. This vulnerability affects unknown code of the component PRNG. The manipulation leads to weak authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2018-25043 |
| CVE-2018-25044 |
A vulnerability, which was classified as critical, has been found in uTorrent. This issue affects some unknown processing of the component Guest Account. The manipulation leads to privilege escalation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2018-25044 |
| CVE-2022-2112 |
Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-2112 |
| CVE-2022-1665 |
A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1665 |
| CVE-2022-1833 |
A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1833 |
| CVE-2022-23171 |
AtlasVPN - Privilege Escalation Lack of proper security controls on named pipe messages can allow an attacker with low privileges to send a malicious payload and gain SYSTEM permissions on a windows computer where the AtlasVPN client is installed. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23171 |
| CVE-2022-23079 |
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23079 |
| CVE-2017-20090 |
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20090 |
| CVE-2022-2175 |
Buffer Over-read in GitHub repository vim/vim prior to 8.2. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-2175 |
| CVE-2022-22967 |
An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22967 |
| CVE-2022-31395 |
Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31395 |
| CVE-2022-32536 |
The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32536 |
| CVE-2022-32552 |
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32552 |
| CVE-2022-32553 |
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32553 |
| CVE-2022-34203 |
A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34203 |
| CVE-2022-34300 |
In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34300 |
| CVE-2022-32391 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/view_action.php:4 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32391 |
| CVE-2022-32392 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:4 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32392 |
| CVE-2022-32393 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32393 |
| CVE-2022-32394 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/view_inmate.php:3 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32394 |
| CVE-2022-32395 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32395 |
| CVE-2022-32396 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/manage_visit.php:4 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32396 |
| CVE-2022-32397 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/view_visit.php:4 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32397 |
| CVE-2022-32398 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/manage_cell.php:4 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32398 |
| CVE-2022-32399 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/view_crime.php:4 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32399 |
| CVE-2022-32401 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_privilege.php:4 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32401 |
| CVE-2022-32402 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/manage_prison.php:4 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32402 |
| CVE-2022-32403 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_record.php:4 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32403 |
| CVE-2022-32404 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_inmate.php:3 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32404 |
| CVE-2022-32405 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4 |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32405 |
| CVE-2022-32137 |
In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32137 |
| CVE-2022-32138 |
In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32138 |
| CVE-2022-32143 |
In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32143 |
| CVE-2021-41635 |
When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-41635 |
| CVE-2021-32820 |
Express-handlebars is a Handlebars view engine for Express. Express-handlebars mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extentions (i.e. file.extension) can be included, files that lack an extension will have .handlebars appended to them. For complete details refer to the referenced GHSL-2021-018 report. Notes in documentation have been added to help users avoid this potential information exposure vulnerability. |
8.6 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32820 |
| CVE-2022-25762 |
If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed. The error handling triggered in this case could cause the a pooled object to be placed in the pool twice. This could result in subsequent connections using the same object concurrently which could result in data being returned to the wrong use and/or other errors. |
8.6 |
https://nvd.nist.gov/vuln/detail/CVE-2022-25762 |
| CVE-2020-2803 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). |
8.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2803 |
| CVE-2020-2805 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). |
8.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2805 |
| CVE-2020-14583 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). |
8.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14583 |
| CVE-2022-30192 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-33638, CVE-2022-33639. |
8.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30192 |
| CVE-2022-33638 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639. |
8.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33638 |
| CVE-2022-21796 |
A memory corruption vulnerability exists in the netserver parse_command_list functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to an out-of-bounds write. An attacker can send an HTTP request to trigger this vulnerability. |
8.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21796 |
| CVE-2022-28200 |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. |
8.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28200 |
| CVE-2022-31599 |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components. |
8.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31599 |
| CVE-2016-4472 |
The overflow protection in Expat is removed by compilers with certain optimization settings, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted XML data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1283 and CVE-2015-2716. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2016-4472 |
| CVE-2020-2882 |
Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2882 |
| CVE-2020-2956 |
Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Hierarchy Diagrammers). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2956 |
| CVE-2020-14626 |
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14626 |
| CVE-2021-32803 |
The npm package "tar" (aka node-tar) before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink protection. `node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directories are created. This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the `node-tar` directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where `node-tar` checks for symlinks occur. By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass `node-tar` symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite. This issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32803 |
| CVE-2021-41987 |
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-41987 |
| CVE-2022-24801 |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24801 |
| CVE-2022-30150 |
Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30150 |
| CVE-2022-34299 |
There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34299 |
| CVE-2022-1965 |
Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1965 |
| CVE-2022-32142 |
Multiple CODESYS Products are prone to a out-of-bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32142 |
| CVE-2022-33121 |
A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33121 |
| CVE-2020-1712 |
A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted dbus messages. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-1712 |
| CVE-2020-2851 |
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2851 |
| CVE-2020-4270 |
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain escalated privileges due to weak file permissions. IBM X-ForceID: 175846. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-4270 |
| CVE-2020-15523 |
In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-15523 |
| CVE-2020-16303 |
A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16303 |
| CVE-2021-31997 |
a UNIX Symbolic Link (Symlink) Following vulnerability in python-postorius of openSUSE Leap 15.2, Factory allows local attackers to escalate from users postorius or postorius-admin to root. This issue affects: openSUSE Leap 15.2 python-postorius version 1.3.2-lp152.1.2 and prior versions. openSUSE Factory python-postorius version 1.3.4-2.1 and prior versions. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-31997 |
| CVE-2021-33004 |
The affected product is vulnerable to memory corruption condition due to lack of proper validation of user supplied files, which may allow an attacker to execute arbitrary code. User interaction is required on the WebAccess HMI Designer (versions 2.1.9.95 and prior). |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-33004 |
| CVE-2021-27033 |
A Double Free vulnerability allows remote attackers to execute arbitrary code on PDF files within affected installations of Autodesk Design Review 2018, 2017, 2013, 2012, 2011. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27033 |
| CVE-2021-28602 |
Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28602 |
| CVE-2021-28605 |
Adobe After Effects version 18.2 (and earlier) is affected by a memory corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28605 |
| CVE-2021-28607 |
Adobe After Effects version 18.2 (and earlier) is affected by a heap corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28607 |
| CVE-2021-32995 |
Cscape (All Versions prior to 9.90 SP5) lacks proper validation of user-supplied data when parsing project files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute code in the context of the current process. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32995 |
| CVE-2021-4136 |
vim is vulnerable to Heap-based Buffer Overflow |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-4136 |
| CVE-2021-21910 |
A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21910 |
| CVE-2022-0261 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0261 |
| CVE-2022-23033 |
arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23033 |
| CVE-2022-0351 |
Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0351 |
| CVE-2021-40167 |
A malicious crafted dwf file when consumed through DesignReview.exe application could lead to memory corruption vulnerability by read access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-40167 |
| CVE-2022-0413 |
Use After Free in GitHub repository vim/vim prior to 8.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0413 |
| CVE-2022-0443 |
Use After Free in GitHub repository vim/vim prior to 8.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0443 |
| CVE-2022-23946 |
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23946 |
| CVE-2022-23947 |
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23947 |
| CVE-2022-24958 |
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24958 |
| CVE-2022-23803 |
A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23803 |
| CVE-2021-3578 |
A flaw was found in mbsync before v1.3.6 and v1.4.2, where an unchecked pointer cast allows a malicious or compromised server to write an arbitrary integer value past the end of a heap-allocated structure by issuing an unexpected APPENDUID response. This could be plausibly exploited for remote code execution on the client. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3578 |
| CVE-2022-24048 |
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24048 |
| CVE-2022-24050 |
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24050 |
| CVE-2022-24051 |
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24051 |
| CVE-2022-24052 |
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24052 |
| CVE-2022-0545 |
An integer overflow in the processing of loaded 2D images leads to a write-what-where vulnerability and an out-of-bounds read vulnerability, allowing an attacker to leak sensitive information or achieve code execution in the context of the Blender process when a specially crafted image file is loaded. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0545 |
| CVE-2022-0546 |
A missing bounds check in the image loader used in Blender 3.x and 2.93.8 leads to out-of-bounds heap access, allowing an attacker to cause denial of service, memory corruption or potentially code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0546 |
| CVE-2022-26490 |
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26490 |
| CVE-2022-1011 |
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1011 |
| CVE-2022-27666 |
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27666 |
| CVE-2021-4197 |
An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-4197 |
| CVE-2022-28388 |
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28388 |
| CVE-2022-28389 |
mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28389 |
| CVE-2022-28390 |
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28390 |
| CVE-2022-30594 |
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30594 |
| CVE-2022-1679 |
A use-after-free flaw was found in the Linux kernel’s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1679 |
| CVE-2022-1116 |
Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1116 |
| CVE-2022-29581 |
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29581 |
| CVE-2022-1419 |
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1419 |
| CVE-2022-1652 |
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1652 |
| CVE-2022-32250 |
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32250 |
| CVE-2022-31214 |
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31214 |
| CVE-2021-46816 |
Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46816 |
| CVE-2021-46817 |
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46817 |
| CVE-2021-46818 |
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46818 |
| CVE-2022-30168 |
Microsoft Photos App Remote Code Execution Vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30168 |
| CVE-2022-32545 |
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32545 |
| CVE-2022-32546 |
A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed. This leads to a negative impact to application availability or other problems related to undefined behavior. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32546 |
| CVE-2022-32547 |
In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c. Whenever crafted or untrusted input is processed by ImageMagick, this causes a negative impact to application availability or other problems related to undefined behavior. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32547 |
| CVE-2020-36547 |
A vulnerability was found in GE Voluson S8. It has been rated as critical. This issue affects the Service Browser which introduces hard-coded credentials. Attacking locally is a requirement. It is recommended to change the configuration settings. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36547 |
| CVE-2020-36548 |
A vulnerability classified as problematic has been found in GE Voluson S8. Affected is the file /uscgi-bin/users.cgi of the Service Browser. The manipulation leads to improper authentication and elevated access possibilities. It is possible to launch the attack on the local host. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36548 |
| CVE-2020-36549 |
A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to succeed. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36549 |
| CVE-2022-2124 |
Buffer Over-read in GitHub repository vim/vim prior to 8.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-2124 |
| CVE-2022-2125 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-2125 |
| CVE-2022-2126 |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-2126 |
| CVE-2022-2129 |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-2129 |
| CVE-2022-34006 |
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\\SYSTEM, aka NX-I674 (sub-issue 2). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34006 |
| CVE-2022-1720 |
Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1720 |
| CVE-2022-27867 |
A maliciously crafted JT file in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27867 |
| CVE-2022-27868 |
A maliciously crafted CAT file in Autodesk AutoCAD 2023 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27868 |
| CVE-2022-27869 |
A maliciously crafted TIFF file in Autodesk AutoCAD 2023 can be forced to read and write beyond allocated boundaries when parsing the TIFF file. This vulnerability can be exploited to execute arbitrary code. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27869 |
| CVE-2022-27870 |
A maliciously crafted TGA file in Autodesk AutoCAD 2023 may be used to write beyond the allocated buffer while parsing TGA file. This vulnerability may be exploited to execute arbitrary code. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27870 |
| CVE-2022-27871 |
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27871 |
| CVE-2022-27872 |
A maliciously crafted PDF file may be used to dereference a pointer for read or write operation while parsing PDF files in Autodesk Navisworks 2022. The vulnerability exists because the application fails to handle a crafted PDF file, which causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27872 |
| CVE-2017-20083 |
A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20083 |
| CVE-2017-20084 |
A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Address. The manipulation leads to backdoor. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20084 |
| CVE-2022-33025 |
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33025 |
| CVE-2022-33026 |
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33026 |
| CVE-2022-33027 |
LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33027 |
| CVE-2022-33028 |
LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33028 |
| CVE-2022-33032 |
LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33032 |
| CVE-2022-33033 |
LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33033 |
| CVE-2022-33034 |
LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33034 |
| CVE-2022-26862 |
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26862 |
| CVE-2022-26863 |
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26863 |
| CVE-2022-26864 |
Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26864 |
| CVE-2022-2182 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-2182 |
| CVE-2022-2183 |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-2183 |
| CVE-2022-2147 |
Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-2147 |
| CVE-2020-21046 |
A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privilege and conduct code execution as a SYSTEM privilege. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-21046 |
| CVE-2020-13550 |
A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. |
7.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13550 |
| CVE-2022-33639 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638. |
7.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33639 |
| CVE-2022-1739 |
The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media. |
7.6 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1739 |
| CVE-2016-3471 |
Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2016-3471 |
| CVE-2020-2816 |
Vulnerability in the Java SE product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 11.0.6 and 14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2816 |
| CVE-2020-4269 |
IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-ForceID: 175845. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-4269 |
| CVE-2020-25248 |
An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Directory traversal exists for reading files, as demonstrated by the FileName parameter. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25248 |
| CVE-2020-25250 |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25250 |
| CVE-2020-25255 |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25255 |
| CVE-2020-14864 |
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14864 |
| CVE-2020-4584 |
IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-4584 |
| CVE-2020-28033 |
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-28033 |
| CVE-2020-26732 |
SKYWORTH GN542VF Boa version 0.94.13 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-26732 |
| CVE-2020-13574 |
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13574 |
| CVE-2020-13575 |
A denial-of-service vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13575 |
| CVE-2020-13577 |
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13577 |
| CVE-2020-13578 |
A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13578 |
| CVE-2021-21267 |
Schema-Inspector is an open-source tool to sanitize and validate JS objects (npm package schema-inspector). In before version 2.0.0, email address validation is vulnerable to a denial-of-service attack where some input (for example `a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.`) will freeze the program or web browser page executing the code. This affects any current schema-inspector users using any version to validate email addresses. Users who do not do email validation, and instead do other types of validation (like string min or max length, etc), are not affected. Users should upgrade to version 2.0.0, which uses a regex expression that isn't vulnerable to ReDoS. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21267 |
| CVE-2021-32518 |
A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32518 |
| CVE-2021-36773 |
uBlock Origin before 1.36.2 and nMatrix before 4.4.9 support an arbitrary depth of parameter nesting for strict blocking, which allows crafted web sites to cause a denial of service (unbounded recursion that can trigger memory consumption and a loss of all blocking functionality). |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-36773 |
| CVE-2021-32761 |
Redis is an in-memory database that persists on disk. A vulnerability involving out-of-bounds read and integer overflow to buffer overflow exists starting with version 2.2 and prior to versions 5.0.13, 6.0.15, and 6.2.5. On 32-bit systems, Redis `*BIT*` command are vulnerable to integer overflow that can potentially be exploited to corrupt the heap, leak arbitrary heap contents or trigger remote code execution. The vulnerability involves changing the default `proto-max-bulk-len` configuration parameter to a very large value and constructing specially crafted commands bit commands. This problem only affects Redis on 32-bit platforms, or compiled as a 32-bit binary. Redis versions 5.0.`3m 6.0.15, and 6.2.5 contain patches for this issue. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `proto-max-bulk-len` configuration parameter. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32761 |
| CVE-2021-32794 |
ArchiSteamFarm is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code `POST /Api/ASF` ASF API endpoint responsible for updating global ASF config incorrectly removed `IPCPassword` from the resulting config when the caller did not specify it explicitly. Due to the above, it was possible for the user to accidentally remove `IPCPassword` security measure from his IPC interface when updating global ASF config, which exists as part of global config update functionality in ASF-ui. Removal of `IPCPassword` possesses a security risk, as unauthorized users may in result access the IPC interface after such modification. The issue is patched in ASF V5.1.2.4 and future versions. We recommend to manually verify that `IPCPassword` is specified after update, and if not, set it accordingly. In default settings, ASF is configured to allow IPC access from `localhost` only and should not affect majority of users. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32794 |
| CVE-2021-37172 |
A vulnerability has been identified in SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (V4.5.0). Affected devices fail to authenticate against configured passwords when provisioned using TIA Portal V13. This could allow an attacker using TIA Portal V13 or later versions to bypass authentication and download arbitrary programs to the PLC. The vulnerability does not occur when TIA Portal V13 SP1 or any later version was used to provision the device. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-37172 |
| CVE-2021-32781 |
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions after Envoy sends a locally generated response it must stop further processing of request or response data. However when local response is generated due the internal buffer overflow while request or response is processed by the filter chain the operation may not be stopped completely and result in accessing a freed memory block. A specifically constructed request delivered by an untrusted downstream or upstream peer in the presence of extensions that modify and increase the size of request or response bodies resulting in a Denial of Service when using extensions that modify and increase the size of request or response bodies, such as decompressor filter. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to address incomplete termination of request processing after locally generated response. As a workaround disable Envoy's decompressor, json-transcoder or grpc-web extensions or proprietary extensions that modify and increase the size of request or response bodies, if feasible. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32781 |
| CVE-2021-32628 |
Redis is an open source, in-memory database that persists on disk. An integer overflow bug in the ziplist data structure used by all versions of Redis can be exploited to corrupt the heap and potentially result with remote code execution. The vulnerability involves modifying the default ziplist configuration parameters (hash-max-ziplist-entries, hash-max-ziplist-value, zset-max-ziplist-entries or zset-max-ziplist-value) to a very large value, and then constructing specially crafted commands to create very large ziplists. The problem is fixed in Redis versions 6.2.6, 6.0.16, 5.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from modifying the above configuration parameters. This can be done using ACL to restrict unprivileged users from using the CONFIG SET command. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32628 |
| CVE-2021-24893 |
The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-24893 |
| CVE-2021-45034 |
A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-45034 |
| CVE-2022-21134 |
A firmware update vulnerability exists in the "update" firmware checks functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21134 |
| CVE-2022-21236 |
An information disclosure vulnerability exists due to a web server misconfiguration in the Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21236 |
| CVE-2022-21801 |
A denial of service vulnerability exists in the netserver recv_command functionality of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted network request can lead to a reboot. An attacker can send a malicious packet to trigger this vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21801 |
| CVE-2022-21712 |
twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21712 |
| CVE-2022-21698 |
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21698 |
| CVE-2022-21716 |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach is a simple as `nc -rv localhost 22 < /dev/zero`. A patch is available in version 22.2.0. There are currently no known workarounds. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21716 |
| CVE-2021-3737 |
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3737 |
| CVE-2022-27191 |
The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27191 |
| CVE-2022-28356 |
In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28356 |
| CVE-2022-25584 |
Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-25584 |
| CVE-2022-27383 |
MariaDB Server v10.6 and below was discovered to contain an use-after-free in the component my_strcasecmp_8bit, which is exploited via specially crafted SQL statements. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27383 |
| CVE-2022-27384 |
An issue in the component Item_subselect::init_expr_cache_tracker of MariaDB Server v10.6 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27384 |
| CVE-2022-27451 |
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/field_conv.cc. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27451 |
| CVE-2022-27455 |
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27455 |
| CVE-2022-27457 |
MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_mb_wc_latin1 at /strings/ctype-latin1.c. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27457 |
| CVE-2022-24675 |
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24675 |
| CVE-2022-28327 |
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28327 |
| CVE-2022-20770 |
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-20770 |
| CVE-2022-20771 |
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-20771 |
| CVE-2022-20785 |
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-20785 |
| CVE-2022-29885 |
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network. This was not correct. While the EncryptInterceptor does provide confidentiality and integrity protection, it does not protect against all risks associated with running over any untrusted network, particularly DoS risks. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29885 |
| CVE-2022-29218 |
RubyGems is a package registry used to supply software for the Ruby language ecosystem. An ordering mistake in the code that accepts gem uploads allowed some gems (with platforms ending in numbers, like `arm64-darwin-21`) to be temporarily replaced in the CDN cache by a malicious package. The bug has been patched, and is believed to have never been exploited, based on an extensive review of logs and existing gems by rubygems. The easiest way to ensure that an application has not been exploited by this vulnerability is to verify all downloaded .gems checksums match the checksum recorded in the RubyGems.org database. RubyGems.org has been patched and is no longer vulnerable to this issue. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29218 |
| CVE-2022-26377 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26377 |
| CVE-2022-29404 |
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29404 |
| CVE-2022-30522 |
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30522 |
| CVE-2022-30556 |
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30556 |
| CVE-2022-31069 |
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to control when Authorization headers should should be forwarded for specific backend services configured by the application developer. This could have resulted in sensitive information such as OAuth bearer access tokens being inadvertently exposed to such services that should not see them. A new feature has been introduced in the patched version of nestjs-proxy that allows application developers to opt out of forwarding the Authorization headers on a per service basis using the `forwardToken` config setting. Developers are advised to review the README for this library on Github or NPM for further details on how this configuration can be applied. This issue has been fixed in version 0.7.0 of `@finastra/nestjs-proxy`. Users of `@ffdc/nestjs-proxy` are advised that this package has been deprecated and is no longer being maintained or receiving updates. Such users should update their package.json file to use `@finastra/nestjs-proxy` instead. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31069 |
| CVE-2022-31070 |
NestJS Proxy is a NestJS module to decorate and proxy calls. Prior to version 0.7.0, the nestjs-proxy library did not have a way to block sensitive cookies (e.g. session cookies) from being forwarded to backend services configured by the application developer. This could have led to sensitive cookies being inadvertently exposed to such services that should not see them. The patched version now blocks cookies from being forwarded by default. However developers can configure an allow-list of cookie names by using the `allowedCookies` config setting. This issue has been fixed in version 0.7.0 of `@finastra/nestjs-proxy`. Users of `@ffdc/nestjs-proxy` are advised that this package has been deprecated and is no longer being maintained or receiving updates. Such users should update their package.json file to use `@finastra/nestjs-proxy` instead. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31070 |
| CVE-2022-24946 |
Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC-Q Series Q03UDECPU all versions, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P) the first 5 digits of serial number "24051" and prior and Mitsubishi Electric MELSEC-L series L26CPU-(P)BT the first 5 digits of serial number "24051" and prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition in Ethernet communications by sending specially crafted packets. A system reset of the products is required for recovery. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24946 |
| CVE-2022-1642 |
A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch. This vulnerability is caused by the interaction between a deserialization mechanism offered by the Swift standard library, the Codable protocol; and the JSONDecoder class offered by swift-corelibs-foundation, which can deserialize types that adopt the Codable protocol based on the content of a provided JSON document. When a type that adopts Codable requests the initialization of a field with an integer value, the JSONDecoder class uses a type-erased container with different accessor methods to attempt and coerce a corresponding JSON value and produce an integer. In the case the JSON value was a numeric literal with a floating-point portion, JSONDecoder used different type-eraser methods during validation than it did during the final casting of the value. The checked casting produces a deterministic crash due to this mismatch. The JSONDecoder class is often wrapped by popular Swift-based web frameworks to parse the body of HTTP requests and perform basic type validation. This makes the attack low-effort: sending a specifically crafted JSON document during a request to these endpoints will cause them to crash. The attack does not have any confidentiality or integrity risks in and of itself; the crash is produced deterministically by an abort function that ensures that execution does not continue in the face of this violation of assumptions. However, unexpected crashes can lead to violations of invariants in services, so it's possible that this attack can be used to trigger error conditions that escalate the risk. Producing a denial of service may also be the goal of an attacker in itself. This issue is solved in Swift 5.6.2 for Linux and Windows. This issue was solved by ensuring that the same methods are invoked both when validating and during casting, so that no type mismatch occurs. Swift for Linux and Windows versions are not ABI-interchangeable. To upgrade a service, its owner must update to this version of the Swift toolchain, then recompile and redeploy their software. The new version of Swift includes an updated swift-corelibs-foundation package. Versions of Swift running on Darwin-based operating systems are not affected. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1642 |
| CVE-2022-31083 |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Versions 4.0.11 and 5.2.2 prevent this by introducing a new `rootCertificateUrl` property to the Parse Server Apple Game Center auth adapter which takes the URL to the root certificate of Apple's Game Center authentication certificate. If no value is set, the `rootCertificateUrl` property defaults to the URL of the current root certificate as of May 27, 2022. Keep in mind that the root certificate can change at any time and that it is the developer's responsibility to keep the root certificate URL up-to-date when using the Parse Server Apple Game Center auth adapter. There are no known workarounds for this issue. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31083 |
| CVE-2022-21952 |
An Uncontrolled Resource Consumption vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21952 |
| CVE-2017-20086 |
A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20086 |
| CVE-2021-40956 |
LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-40956 |
| CVE-2022-33024 |
There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33024 |
| CVE-2022-33092 |
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33092 |
| CVE-2022-33093 |
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33093 |
| CVE-2022-33094 |
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33094 |
| CVE-2022-33095 |
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33095 |
| CVE-2022-33096 |
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33096 |
| CVE-2022-33097 |
74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33097 |
| CVE-2022-33105 |
Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33105 |
| CVE-2022-34174 |
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34174 |
| CVE-2022-34175 |
Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34175 |
| CVE-2022-34177 |
Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34177 |
| CVE-2022-34179 |
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34179 |
| CVE-2022-34180 |
Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34180 |
| CVE-2022-31804 |
The CODESYS Gateway Server V2 does not verify that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31804 |
| CVE-2021-41638 |
The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-41638 |
| CVE-2021-40892 |
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-40892 |
| CVE-2022-1667 |
Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1667 |
| CVE-2022-31600 |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31600 |
| CVE-2020-14593 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N). |
7.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14593 |
| CVE-2021-20247 |
A flaw was found in mbsync before v1.3.5 and v1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do not occur allowing a malicious or compromised server to use specially crafted mailbox names containing '..' path components to access data outside the designated mailbox on the opposite end of the synchronization channel. The highest threat from this vulnerability is to data confidentiality and integrity. |
7.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20247 |
| CVE-2020-2543 |
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). |
7.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2543 |
| CVE-2021-32646 |
Roomer is a discord bot cog (extension) which provides automatic voice channel generation as well as private voice and text channels. A vulnerability has been discovered allowing discord users to get the ``manage channel`` permissions in a private VC they have joined. This allowed them to make changes to or delete the voice channel they have taken over. The exploit does not allow access or control to any other channels in the server. Upgrade to version 1.0.1 for a patched version of the cog. As a workaround you may disable private VCs in your guild(server) or unload the roomer cog to render the exploit unusable. |
7.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32646 |
| CVE-2020-14663 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14663 |
| CVE-2020-14678 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14678 |
| CVE-2020-14697 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14697 |
| CVE-2020-6318 |
A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products to terminate. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-6318 |
| CVE-2020-14828 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14828 |
| CVE-2020-14883 |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14883 |
| CVE-2020-26808 |
SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-26808 |
| CVE-2021-2144 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2021-2144 |
| CVE-2021-29350 |
SQL injection in the getip function in conn/function.php in ??100-???????? 1.1 allows remote attackers to inject arbitrary SQL commands via the X-Forwarded-For header to admin/product_add.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29350 |
| CVE-2021-24390 |
A proid GET parameter of the WordPress支付�Alipay|财付通Tenpay|��PayPal集��件 WordPress plugin through 3.7.2 is not sanitised, properly escaped or validated before inserting to a SQL statement not delimited by quotes, leading to SQL injection. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2021-24390 |
| CVE-2022-0863 |
The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0863 |
| CVE-2022-1472 |
The Better Find and Replace WordPress plugin before 1.3.6 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1472 |
| CVE-2021-40955 |
SQL injection exists in LaiKetui v3.5.0 the background administrator list. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2021-40955 |
| CVE-2022-33114 |
Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33114 |
| CVE-2022-32400 |
Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/user/manage_user.php:4. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32400 |
| CVE-2018-2562 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.5.58 and prior, 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2018-2562 |
| CVE-2020-14807 |
Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Suite8 accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N). |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14807 |
| CVE-2021-32000 |
A UNIX Symbolic Link (Symlink) Following vulnerability in the clone-master-clean-up.sh script of clone-master-clean-up in SUSE Linux Enterprise Server 12 SP3, SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allows local attackers to delete arbitrary files. This issue affects: SUSE Linux Enterprise Server 12 SP3 clone-master-clean-up version 1.6-4.6.1 and prior versions. SUSE Linux Enterprise Server 15 SP1 clone-master-clean-up version 1.6-3.9.1 and prior versions. openSUSE Factory clone-master-clean-up version 1.6-1.4 and prior versions. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32000 |
| CVE-2022-1353 |
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1353 |
| CVE-2021-3675 |
Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3675 |
| CVE-2021-41637 |
Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-41637 |
| CVE-2016-6664 |
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2016-6664 |
| CVE-2020-7460 |
In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a malicious userspace program to modify control message headers after they were validation. |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7460 |
| CVE-2022-23036 |
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23036 |
| CVE-2022-23037 |
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23037 |
| CVE-2022-23038 |
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23038 |
| CVE-2022-23039 |
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23039 |
| CVE-2022-23040 |
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23040 |
| CVE-2022-23041 |
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23041 |
| CVE-2022-23042 |
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn't check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23042 |
| CVE-2022-26357 |
race in VT-d domain ID cleanup Xen domain IDs are up to 15 bits wide. VT-d hardware may allow for only less than 15 bits to hold a domain ID associating a physical device with a particular domain. Therefore internally Xen domain IDs are mapped to the smaller value range. The cleaning up of the housekeeping structures has a race, allowing for VT-d domain IDs to be leaked and flushes to be bypassed. |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26357 |
| CVE-2022-1048 |
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1048 |
| CVE-2022-1734 |
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1734 |
| CVE-2022-33915 |
Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046; it provides a temporary mitigation to CVE-2021-44228 by hotpatching the local Java virtual machines. To do so, it iterates through all running Java processes, performs several checks, and executes the Java virtual machine with the same permissions and capabilities as the running process to load the hotpatch. A local user could cause the hotpatch script to execute a binary with elevated privileges by running a custom java process that performs exec() of an SUID binary after the hotpatch has observed the process path and before it has observed its effective user ID. |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33915 |
| CVE-2020-11039 |
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-11039 |
| CVE-2021-32817 |
express-hbs is an Express handlebars template engine. express-hbs mixes pure template data with engine configuration options through the Express render API. More specifically, the layout parameter may trigger file disclosure vulnerabilities in downstream applications. This potential vulnerability is somewhat restricted in that only files with existing extensions (i.e. file.extension) can be included, files that lack an extension will have .hbs appended to them. For complete details refer to the referenced GHSL-2021-019 report. Notes in documentation have been added to help users of express-hbs avoid this potential information exposure vulnerability. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32817 |
| CVE-2018-1000117 |
Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1000117 |
| CVE-2022-31601 |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31601 |
| CVE-2021-44832 |
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. |
6.6 |
https://nvd.nist.gov/vuln/detail/CVE-2021-44832 |
| CVE-2022-30330 |
In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes. |
6.6 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30330 |
| CVE-2017-4974 |
An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v258; UAA release 2.x versions prior to v2.7.4.15, 3.6.x versions prior to v3.6.9, 3.9.x versions prior to v3.9.11, and other versions prior to v3.16.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.13, 24.x versions prior to v24.8, and other versions prior to v30.1. An authorized user can use a blind SQL injection attack to query the contents of the UAA database, aka "Blind SQL Injection with privileged UAA endpoints." |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-4974 |
| CVE-2018-2612 |
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2018-2612 |
| CVE-2020-2541 |
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2541 |
| CVE-2020-2542 |
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L). |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2542 |
| CVE-2020-14539 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14539 |
| CVE-2020-14619 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14619 |
| CVE-2020-14680 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14680 |
| CVE-2020-7305 |
Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows a low privileged remote attacker to create new rule sets via incorrect validation of user credentials. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7305 |
| CVE-2020-6311 |
Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version ? 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-6311 |
| CVE-2020-14827 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14827 |
| CVE-2020-14846 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14846 |
| CVE-2020-13496 |
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13496 |
| CVE-2021-32954 |
Advantech WebAccess/SCADA Versions 9.0.1 and prior is vulnerable to a directory traversal, which may allow an attacker to remotely read arbitrary files on the file system. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32954 |
| CVE-2021-32738 |
js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The `Utils.readChallengeTx` function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the `serverAccountID` has signed the transaction. In js-stellar-sdk before version 8.2.3, the function does not verify that the server has signed the transaction. Applications that also used `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction. Applications calling `Utils.readChallengeTx` should update to version 8.2.3, the first version with a patch for this vulnerability, to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32738 |
| CVE-2021-32507 |
Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32507 |
| CVE-2021-32689 |
Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and 11.3.0. As a workaround, don't allow users to choose usernames themselves. This is the default behaviour of Nextcloud, but some user providers may allow doing so. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32689 |
| CVE-2021-38345 |
The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-38345 |
| CVE-2021-24894 |
The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated user submit such rating and the reviews are set to be displayed on the post/page |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-24894 |
| CVE-2021-45346 |
A Memory Leak vulnerability exists in SQLite Project SQLite3 3.35.1 and 3.37.0 via maliciously crafted SQL Queries (made via editing the Database File), it is possible to query a record, and leak subsequent bytes of memory that extend beyond the record, which could let a malicious user obtain sensitive information.. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-45346 |
| CVE-2021-3596 |
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which leads to a crash and segmentation fault. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3596 |
| CVE-2022-22662 |
A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22662 |
| CVE-2022-23823 |
A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23823 |
| CVE-2022-21742 |
Realtek USB driver has a buffer overflow vulnerability due to insufficient parameter length verification in the API function. An unauthenticated LAN attacker can exploit this vulnerability to disrupt services. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21742 |
| CVE-2021-25121 |
The Rating by BestWebSoft WordPress plugin before 1.6 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service on the post/page when a user submit such rating |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25121 |
| CVE-2022-1596 |
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640 PCL2, REX640 PCL3 allows an authenticated attacker to launch an attack against the user database file and try to take control of an affected system node. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1596 |
| CVE-2022-31095 |
discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily affecting direct message channels. There are no known workarounds for this issue, and users are advised to update the plugin. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31095 |
| CVE-2017-20091 |
A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20091 |
| CVE-2022-31009 |
wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The root cause was an unnecessary assert statement when converting an integer value into the corresponding enum value, causing an exception instead of a fallback to a default value. This issue is fixed in [wire-ios](https://github.com/wireapp/wire-ios/commit/caa0e27dbe51f9edfda8c7a9f017d93b8cfddefb) and in Wire for iOS 3.100. There is no workaround available, but users may use other Wire clients (such as the [web app](https://app.wire.com)) to continue using Wire, or upgrade their client. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31009 |
| CVE-2022-34012 |
Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34012 |
| CVE-2022-34199 |
Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34199 |
| CVE-2022-34200 |
A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34200 |
| CVE-2022-34201 |
A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34201 |
| CVE-2022-34202 |
Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34202 |
| CVE-2022-34205 |
A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34205 |
| CVE-2022-34207 |
A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34207 |
| CVE-2022-34209 |
A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34209 |
| CVE-2022-34210 |
A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34210 |
| CVE-2022-34211 |
A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34211 |
| CVE-2022-34213 |
Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34213 |
| CVE-2022-32136 |
In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32136 |
| CVE-2022-32139 |
In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32139 |
| CVE-2022-32140 |
Multiple CODESYS products are affected to a buffer overflow. A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32140 |
| CVE-2022-32141 |
Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32141 |
| CVE-2021-41636 |
MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-41636 |
| CVE-2022-1666 |
The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1666 |
| CVE-2022-2121 |
OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-2121 |
| CVE-2021-29768 |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29768 |
| CVE-2022-31602 |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure. |
6.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31602 |
| CVE-2022-31603 |
NVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure. |
6.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31603 |
| CVE-2020-4294 |
IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request Forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-ForceID: 176404. |
6.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-4294 |
| CVE-2020-7281 |
Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. |
6.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7281 |
| CVE-2020-7282 |
Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine. |
6.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7282 |
| CVE-2020-7300 |
Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.5.3 allows authenticated remote attackers to change the configuration when logged in with view only privileges via carefully constructed HTTP post messages. |
6.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7300 |
| CVE-2020-6324 |
SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim's browser leading to Reflected Cross Site Scripting. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-6324 |
| CVE-2020-27982 |
IceWarp 11.4.5.0 allows XSS via the language parameter. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27982 |
| CVE-2020-28034 |
WordPress before 5.5.2 allows XSS associated with global variables. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-28034 |
| CVE-2020-28038 |
WordPress before 5.5.2 allows stored XSS via post slugs. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-28038 |
| CVE-2020-13562 |
A cross-site scripting vulnerability exists in the template functionality of phpGACL 3.3.7. A specially crafted HTTP request can lead to arbitrary JavaScript execution. An attacker can provide a crafted URL to trigger this vulnerability in the phpGACL template action parameter. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13562 |
| CVE-2021-20733 |
Improper authorization in handler for custom URL scheme vulnerability in ????????? (asken diet) for Android versions from v.3.0.0 to v.4.2.x allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20733 |
| CVE-2021-24410 |
The తెల�గ� బైబిల� వచనమ�ల� WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-24410 |
| CVE-2021-22822 |
A CWE-79 Improper Neutralization of Input During Web Page Generation (?Cross-site Scripting?) vulnerability exists that could allow an attacker to impersonate the user who manages the charging station or carry out actions on their behalf when crafted malicious parameters are submitted to the charging station web server. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 (All versions prior to R8 V3.4.0.2 ), EVlink Parking EVW2 / EVF2 / EVP2PE (All versions prior to R8 V3.4.0.2), and EVlink Smart Wallbox EVB1A (All versions prior to R8 V3.4.0.2) |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22822 |
| CVE-2022-21813 |
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21813 |
| CVE-2021-32478 |
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32478 |
| CVE-2022-29172 |
Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fields� feature [is configured](https://github.com/auth0/lock#additional-sign-up-fields), a malicious actor can inject invalidated HTML code into these additional fields, which is then stored in the service `user_metdata` payload (using the `name` property). Verification emails, when applicable, are generated using this metadata. It is therefor possible for an actor to craft a malicious link by injecting HTML, which is then rendered as the recipient's name within the delivered email template. You are impacted by this vulnerability if you are using `auth0-lock` version `11.32.2` or lower and are using the “additional signup fields� feature in your application. Upgrade to version `11.33.0`. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29172 |
| CVE-2021-25104 |
The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25104 |
| CVE-2022-31373 |
SolarView Compact v6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Solar_AiConf.php. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31373 |
| CVE-2022-33119 |
NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via login.php. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33119 |
| CVE-2022-23077 |
In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23077 |
| CVE-2022-23078 |
In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23078 |
| CVE-2017-20087 |
A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20087 |
| CVE-2017-20089 |
A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20089 |
| CVE-2022-34305 |
In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34305 |
| CVE-2021-29055 |
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29055 |
| CVE-2022-32124 |
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32124 |
| CVE-2022-32125 |
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32125 |
| CVE-2022-32126 |
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32126 |
| CVE-2022-32127 |
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32127 |
| CVE-2022-32128 |
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32128 |
| CVE-2022-32129 |
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32129 |
| CVE-2022-32130 |
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32130 |
| CVE-2022-32131 |
74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32131 |
| CVE-2022-34170 |
In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34170 |
| CVE-2022-34171 |
In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34171 |
| CVE-2022-34172 |
In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34172 |
| CVE-2022-34173 |
In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34173 |
| CVE-2022-34178 |
Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34178 |
| CVE-2022-34182 |
Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34182 |
| CVE-2022-34328 |
PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34328 |
| CVE-2017-20092 |
A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20092 |
| CVE-2017-20096 |
A vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20096 |
| CVE-2017-20097 |
A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20097 |
| CVE-2022-30118 |
Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30118 |
| CVE-2022-30119 |
XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30119 |
| CVE-2022-30120 |
XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30120 |
| CVE-2021-39408 |
Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-39408 |
| CVE-2021-2119 |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). |
6 |
https://nvd.nist.gov/vuln/detail/CVE-2021-2119 |
| CVE-2018-10237 |
Unbounded memory allocation in Google Guava 11.0 through 24.x before 24.1.1 allows remote attackers to conduct denial of service attacks against servers that depend on this library and deserialize attacker-provided data, because the AtomicDoubleArray class (when serialized with Java serialization) and the CompoundOrdering class (when serialized with GWT serialization) perform eager allocation without appropriate checks on what a client has sent and whether the data size is reasonable. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2018-10237 |
| CVE-2018-1108 |
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1108 |
| CVE-2020-11042 |
In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-11042 |
| CVE-2021-32686 |
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32686 |
| CVE-2022-21199 |
An information disclosure vulnerability exists due to the hardcoded TLS key of reolink RLC-410W v3.0.0.136_20121102. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21199 |
| CVE-2022-21184 |
An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7. A plaintext HTTP request can lead to a disclosure of login credentials. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21184 |
| CVE-2022-1524 |
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1524 |
| CVE-2022-30028 |
Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30028 |
| CVE-2020-7297 |
Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface. |
5.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7297 |
| CVE-2021-32750 |
MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL with an HTML image tag and the MuWire client would try to fetch that image via clearnet, thus exposing the IP address of the user. The problem is fixed in MuWire 0.8.8. As a workaround, users can disable messaging functionality to prevent other users from sending them malicious messages. |
5.7 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32750 |
| CVE-2022-34212 |
A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. |
5.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34212 |
| CVE-2022-23960 |
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. |
5.6 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23960 |
| CVE-2020-7262 |
Improper Access Control vulnerability in McAfee Advanced Threat Defense (ATD) prior to 4.10.0 allows local users to view sensitive files via a carefully crafted HTTP request parameter. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7262 |
| CVE-2020-14643 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14643 |
| CVE-2020-14651 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14651 |
| CVE-2020-16302 |
A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16302 |
| CVE-2020-16304 |
A buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted eps file. This is fixed in v9.51. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16304 |
| CVE-2020-16305 |
A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16305 |
| CVE-2020-16306 |
A null pointer dereference vulnerability in devices/gdevtsep.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16306 |
| CVE-2020-16307 |
A null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted postscript file. This is fixed in v9.51. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16307 |
| CVE-2020-16308 |
A buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16308 |
| CVE-2020-16309 |
A buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted eps file. This is fixed in v9.51. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16309 |
| CVE-2020-16310 |
A division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16310 |
| CVE-2020-17538 |
A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-17538 |
| CVE-2021-1258 |
A vulnerability in the upgrade component of Cisco AnyConnect Secure Mobility Client could allow an authenticated, local attacker with low privileges to read arbitrary files on the underlying operating system (OS) of an affected device. The vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the local CLI to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying OS of the affected device. The attacker would need to have valid user credentials to exploit this vulnerability. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-1258 |
| CVE-2021-27506 |
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27506 |
| CVE-2021-32003 |
Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32003 |
| CVE-2021-20606 |
Out-of-bounds Read vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20606 |
| CVE-2021-20607 |
Integer Underflow vulnerability in Mitsubishi Electric GX Works2 versions 1.606G and prior, Mitsubishi Electric MELSOFT Navigator versions 2.84N and prior and Mitsubishi Electric EZSocket all versions allows an attacker to cause a DoS condition in the software by getting a user to open malicious project file specially crafted by an attacker. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20607 |
| CVE-2021-44917 |
A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-44917 |
| CVE-2022-23034 |
A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23034 |
| CVE-2021-46659 |
MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46659 |
| CVE-2021-46661 |
MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46661 |
| CVE-2021-46663 |
MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46663 |
| CVE-2021-46664 |
MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46664 |
| CVE-2022-0544 |
An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0544 |
| CVE-2021-44269 |
An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-44269 |
| CVE-2022-26966 |
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26966 |
| CVE-2021-4149 |
A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-4149 |
| CVE-2022-0854 |
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0854 |
| CVE-2022-28049 |
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28049 |
| CVE-2022-21425 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21425 |
| CVE-2022-21440 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21440 |
| CVE-2022-1507 |
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1507 |
| CVE-2022-1195 |
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1195 |
| CVE-2022-20796 |
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-20796 |
| CVE-2022-1516 |
A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1516 |
| CVE-2022-21123 |
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21123 |
| CVE-2022-21125 |
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21125 |
| CVE-2022-21166 |
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21166 |
| CVE-2022-21180 |
Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21180 |
| CVE-2022-31306 |
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_convert_to_slow_array at src/njs_array.c. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31306 |
| CVE-2022-31307 |
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_string_offset at src/njs_string.c. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31307 |
| CVE-2022-32414 |
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_vmcode_interpreter at src/njs_vmcode.c. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32414 |
| CVE-2017-20082 |
A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20082 |
| CVE-2022-20651 |
A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-20651 |
| CVE-2022-33067 |
Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33067 |
| CVE-2022-33068 |
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33068 |
| CVE-2022-33069 |
Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment() at SMTEncoder.cpp. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33069 |
| CVE-2022-33070 |
Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33070 |
| CVE-2021-41639 |
MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-41639 |
| CVE-2022-32990 |
An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32990 |
| CVE-2017-2601 |
Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2601 |
| CVE-2018-15917 |
Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2018-15917 |
| CVE-2018-15918 |
An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the application via the startdate or enddate parameter to leaves/validate. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2018-15918 |
| CVE-2020-4274 |
IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to access data and perform unauthorized actions due to inadequate permission checks. IBM X-ForceID: 175980. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-4274 |
| CVE-2020-14810 |
Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect). Supported versions that are affected are 8.10.2 and 8.11-8.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Suite8. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Suite8 accessible data as well as unauthorized read access to a subset of Oracle Hospitality Suite8 accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N). |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14810 |
| CVE-2021-32729 |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user with Script rights and does not require Programming rights. An attacher with script rights who is able to reset the authentication failure record might perform a brute force attack, since they would be able to virtually deactivate the mechanism introduced to mitigate those attacks. The problem has been patched in version 12.6.8, 12.10.4 and 13.0. There are no workarounds aside from upgrading. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32729 |
| CVE-2021-38344 |
The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-38344 |
| CVE-2022-31303 |
maccms10 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31303 |
| CVE-2022-30874 |
There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30874 |
| CVE-2022-23056 |
In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23056 |
| CVE-2022-23057 |
In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. A low privileged attacker could inject arbitrary code into input fields when editing his profile. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23057 |
| CVE-2022-23058 |
ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to full account takeover. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23058 |
| CVE-2022-23055 |
In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups that they do not belong to, and of other users. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23055 |
| CVE-2017-20085 |
A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20085 |
| CVE-2021-41432 |
A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-41432 |
| CVE-2021-46824 |
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46824 |
| CVE-2022-33113 |
Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33113 |
| CVE-2022-34176 |
Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34176 |
| CVE-2022-34183 |
Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34183 |
| CVE-2022-34184 |
Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34184 |
| CVE-2022-34185 |
Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34185 |
| CVE-2022-34186 |
Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34186 |
| CVE-2022-34187 |
Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34187 |
| CVE-2022-34188 |
Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34188 |
| CVE-2022-34189 |
Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34189 |
| CVE-2022-34190 |
Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34190 |
| CVE-2022-34191 |
Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34191 |
| CVE-2022-34192 |
Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34192 |
| CVE-2022-34193 |
Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34193 |
| CVE-2022-34194 |
Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34194 |
| CVE-2022-34195 |
Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34195 |
| CVE-2022-34196 |
Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34196 |
| CVE-2022-34197 |
Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34197 |
| CVE-2022-34198 |
Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34198 |
| CVE-2017-20094 |
A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20094 |
| CVE-2022-27238 |
BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to the victim or when notification about the attacker leaving room is displayed. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27238 |
| CVE-2021-20543 |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20543 |
| CVE-2021-29865 |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 206091. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-29865 |
| CVE-2021-38871 |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-38871 |
| CVE-2020-27509 |
Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27509 |
| CVE-2020-2545 |
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2545 |
| CVE-2020-2781 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2781 |
| CVE-2020-2830 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2830 |
| CVE-2020-14550 |
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14550 |
| CVE-2020-14621 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14621 |
| CVE-2020-25249 |
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-25249 |
| CVE-2021-32712 |
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 are vulnerable to system information leakage in error handling. Users are recommend to update to version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32712 |
| CVE-2021-32822 |
The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulnerability. hbs mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options a file disclosure vulnerability may be triggered in downstream applications. For an example PoC see the referenced GHSL-2021-020. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32822 |
| CVE-2022-0424 |
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0424 |
| CVE-2022-30689 |
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30689 |
| CVE-2022-28987 |
Zoho ManageEngine ADSelfService Plus before 6202 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28987 |
| CVE-2022-28614 |
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28614 |
| CVE-2022-23342 |
The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login request to the /mobilebroker/ServiceToBroker.svc/Json/Connect endpoint. This can lead to user enumeration against the underlying Active Directory integrated systems. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23342 |
| CVE-2022-31248 |
A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31248 |
| CVE-2022-32549 |
Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32549 |
| CVE-2022-29526 |
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29526 |
| CVE-2022-31803 |
In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31803 |
| CVE-2021-41634 |
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-41634 |
| CVE-2021-20355 |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20355 |
| CVE-2021-38879 |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-38879 |
| CVE-2020-7306 |
Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the ADRMS username and password via unprotected log files containing plain text |
5.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7306 |
| CVE-2020-5299 |
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, any users with the ability to modify any data that could eventually be exported as a CSV file from the `ImportExportController` could potentially introduce a CSV injection into the data to cause the generated CSV export file to be malicious. This requires attackers to achieve the following before a successful attack can be completed: 1. Have found a vulnerability in the victims spreadsheet software of choice. 2. Control data that would potentially be exported through the `ImportExportController` by a theoretical victim. 3. Convince the victim to export above data as a CSV and run it in vulnerable spreadsheet software while also bypassing any sanity checks by said software. Issue has been patched in Build 466 (v1.0.466). |
5.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-5299 |
| CVE-2022-21418 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). |
5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21418 |
| CVE-2022-23080 |
In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans. |
5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23080 |
| CVE-2020-2812 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2812 |
| CVE-2020-2814 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2814 |
| CVE-2020-5295 |
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-5295 |
| CVE-2020-5296 |
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-5296 |
| CVE-2020-14540 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14540 |
| CVE-2020-14547 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14547 |
| CVE-2020-14567 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14567 |
| CVE-2020-14568 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14568 |
| CVE-2020-14575 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14575 |
| CVE-2020-14597 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14597 |
| CVE-2020-14614 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14614 |
| CVE-2020-14620 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14620 |
| CVE-2020-14623 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14623 |
| CVE-2020-14624 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14624 |
| CVE-2020-14631 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14631 |
| CVE-2020-14632 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14632 |
| CVE-2020-14654 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14654 |
| CVE-2020-14656 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14656 |
| CVE-2020-14702 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14702 |
| CVE-2020-14804 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14804 |
| CVE-2020-14809 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14809 |
| CVE-2020-14821 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14821 |
| CVE-2020-14829 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14829 |
| CVE-2020-14837 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14837 |
| CVE-2020-14839 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14839 |
| CVE-2020-14844 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14844 |
| CVE-2020-14845 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14845 |
| CVE-2020-14848 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14848 |
| CVE-2020-14852 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Charsets). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14852 |
| CVE-2020-14861 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14861 |
| CVE-2020-14866 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14866 |
| CVE-2020-14868 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14868 |
| CVE-2020-14869 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth). Supported versions that are affected are 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14869 |
| CVE-2022-21412 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21412 |
| CVE-2022-21413 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21413 |
| CVE-2022-21414 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21414 |
| CVE-2022-21415 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21415 |
| CVE-2022-21417 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21417 |
| CVE-2022-21435 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21435 |
| CVE-2022-21436 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21436 |
| CVE-2022-21437 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21437 |
| CVE-2022-21438 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21438 |
| CVE-2022-29330 |
Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors. |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29330 |
| CVE-2019-11291 |
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-11291 |
| CVE-2020-2547 |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N). |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2547 |
| CVE-2020-2548 |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). The supported version that is affected is 10.3.6.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N). |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2548 |
| CVE-2020-5298 |
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, a user with the ability to use the import functionality of the `ImportExportController` behavior can be socially engineered by an attacker to upload a maliciously crafted CSV file which could result in a reflected XSS attack on the user in question Issue has been patched in Build 466 (v1.0.466). |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-5298 |
| CVE-2020-14556 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14556 |
| CVE-2021-24485 |
The Special Text Boxes WordPress plugin before 5.9.110 does not sanitise or escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-24485 |
| CVE-2022-0376 |
The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0376 |
| CVE-2021-25088 |
The XML Sitemaps WordPress plugin before 4.1.3 does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25088 |
| CVE-2022-0663 |
The Print, PDF, Email by PrintFriendly WordPress plugin before 5.2.3 does not sanitise and escape the Custom Button Text settings, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0663 |
| CVE-2022-1266 |
The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1266 |
| CVE-2022-32987 |
Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name fields. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32987 |
| CVE-2022-33122 |
A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33122 |
| CVE-2020-2875 |
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.14 and prior and 5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data as well as unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N). |
4.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2875 |
| CVE-2021-28964 |
A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. |
4.7 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28964 |
| CVE-2022-1747 |
The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization. |
4.6 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1747 |
| CVE-2022-33953 |
IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198. |
4.6 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33953 |
| CVE-2020-14867 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14867 |
| CVE-2021-32638 |
Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token as a command-line parameter to the process instead of reading it from a file, standard input, or an environment variable. This approach made the token visible to other processes on the same machine, for example in the output of the `ps` command. If the CI system publicly exposes the output of `ps`, for example by logging the output, then the GitHub access token can be exposed beyond the scope intended. Users of the CodeQL runner on 3rd-party systems, who are passing a GitHub token via the `--github-auth` flag, are affected. This applies to both GitHub.com and GitHub Enterprise users. Users of the CodeQL Action on GitHub Actions are not affected. The `--github-auth` flag is now considered insecure and deprecated. The undocumented `--external-repository-token` flag has been removed. To securely provide a GitHub access token to the CodeQL runner, users should **do one of the following instead**: Use the `--github-auth-stdin` flag and pass the token on the command line via standard input OR set the `GITHUB_TOKEN` environment variable to contain the token, then call the command without passing in the token. The old flag remains present for backwards compatibility with existing workflows. If the user tries to specify an access token using the `--github-auth` flag, there is a deprecation warning printed to the terminal that directs the user to one of the above options. All CodeQL runner releases codeql-bundle-20210304 onwards contain the patches. We recommend updating to a recent version of the CodeQL runner, storing a token in your CI system's secret storage mechanism, and passing the token to the CodeQL runner using `--github-auth-stdin` or the `GITHUB_TOKEN` environment variable. If still using the old flag, ensure that process output, such as from `ps`, is not persisted in CI logs. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32638 |
| CVE-2022-0494 |
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0494 |
| CVE-2020-2544 |
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2544 |
| CVE-2020-14553 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14553 |
| CVE-2020-14559 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14559 |
| CVE-2020-14838 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14838 |
| CVE-2020-28040 |
WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-28040 |
| CVE-2021-32477 |
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32477 |
| CVE-2022-1603 |
The Mail Subscribe List WordPress plugin before 2.1.4 does not have CSRF check in place when deleting subscribed users, which could allow attackers to make a logged in admin perform such action and delete arbitrary users from the subscribed list |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1603 |
| CVE-2017-20088 |
A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20088 |
| CVE-2022-34011 |
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34011 |
| CVE-2022-34013 |
OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34013 |
| CVE-2022-34204 |
A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34204 |
| CVE-2022-34206 |
A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34206 |
| CVE-2022-34208 |
A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-34208 |
| CVE-2017-20093 |
A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20093 |
| CVE-2021-20421 |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20421 |
| CVE-2021-20544 |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20544 |
| CVE-2020-2978 |
Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N). |
4.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2978 |
| CVE-2020-7299 |
Cleartext Storage of Sensitive Information in Memory vulnerability in Microsoft Windows client in McAfee True Key (TK) prior to 6.2.109.2 allows a local user logged in with administrative privileges to access to another user’s passwords on the same machine via triggering a process dump in specific situations. |
4.1 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7299 |
| CVE-2020-2754 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
3.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2754 |
| CVE-2020-2755 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Scripting). Supported versions that are affected are Java SE: 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
3.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2755 |
| CVE-2020-2773 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Security). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
3.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2773 |
| CVE-2020-14577 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). |
3.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14577 |
| CVE-2020-14578 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
3.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14578 |
| CVE-2020-14579 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u261 and 8u251; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). |
3.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14579 |
| CVE-2020-14581 |
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). Supported versions that are affected are Java SE: 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). |
3.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14581 |
| CVE-2020-7068 |
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile could be tricked into accessing freed memory, which could lead to a crash or information disclosure. |
3.6 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7068 |
| CVE-2020-11045 |
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2020-11045 |
| CVE-2021-32002 |
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32002 |
| CVE-2022-32296 |
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32296 |
| CVE-2022-33981 |
drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-33981 |
| CVE-2021-20551 |
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20551 |
| CVE-2020-11041 |
In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0. |
2.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-11041 |
| CVE-2020-11040 |
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. |
2.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-11040 |
| CVE-2020-11043 |
In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0. |
2.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-11043 |
| CVE-2020-5297 |
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). |
2.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-5297 |
| CVE-2020-14564 |
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Environment Mgmt Console). Supported versions that are affected are 8.56, 8.57 and 8.58. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). |
2.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14564 |
| CVE-2020-14633 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). |
2.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14633 |
| CVE-2020-14860 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). |
2.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-14860 |
| CVE-2022-21423 |
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). |
2.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21423 |
| CVE-2020-2933 |
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 5.1.48 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.0 Base Score 2.2 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L). |
2.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-2933 |
| CVE-2020-11044 |
In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0. |
2.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-11044 |
| CVE-2020-11048 |
In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. |
2.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-11048 |
| CVE-2020-11049 |
In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0. |
2.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-11049 |
| CVE-2004-0542 |
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2004-0542 |
| CVE-2008-1721 |
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2008-1721 |
| CVE-2008-3142 |
Multiple buffer overflows in Python 2.5.2 and earlier on 32bit platforms allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a long string that leads to incorrect memory allocation during Unicode string processing, related to the unicode_resize function and the PyMem_RESIZE macro. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2008-3142 |
| CVE-2008-4864 |
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2008-4864 |
| CVE-2008-5983 |
Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2008-5983 |
| CVE-2012-1703 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2012-1703 |
| CVE-2012-1735 |
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2012-1735 |
| CVE-2012-3158 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2012-3158 |
| CVE-2012-3177 |
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2012-3177 |
| CVE-2012-5060 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2012-5060 |
| CVE-2013-0384 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2013-0384 |
| CVE-2013-0386 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2013-0386 |
| CVE-2013-0389 |
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2013-0389 |
| CVE-2013-0340 |
expat 2.1.0 and earlier does not properly handle entities expansion unless an application developer uses the XML_SetEntityDeclHandler function, which allows remote attackers to cause a denial of service (resource consumption), send HTTP requests to intranet servers, or read arbitrary files via a crafted XML document, aka an XML External Entity (XXE) issue. NOTE: it could be argued that because expat already provides the ability to disable external entity expansion, the responsibility for resolving this issue lies with application developers; according to this argument, this entry should be REJECTed, and each affected application would need its own CVE. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2013-0340 |
| CVE-2014-0195 |
The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-0195 |
| CVE-2014-1359 |
Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-1359 |
| CVE-2014-6469 |
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-6469 |
| CVE-2014-6491 |
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-6491 |
| CVE-2014-6500 |
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-6500 |
| CVE-2015-0411 |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2015-0411 |
| CVE-2015-0235 |
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST." |
– |
https://nvd.nist.gov/vuln/detail/CVE-2015-0235 |
| CVE-2015-1283 |
Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2015-1283 |
| CVE-2015-4819 |
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2015-4819 |
| CVE-2022-2206 |
Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2206 |
| CVE-2022-2207 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2207 |
| CVE-2022-2208 |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2208 |
| CVE-2022-2210 |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2210 |
| CVE-2022-31064 |
BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31064 |
| CVE-2022-31108 |
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to "load" a background image that will let an attacker know what's the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc. This issue has been resolved in version 9.1.3. Users are advised to upgrade. Users unable to upgrade should ensure that user input is adequately escaped before embedding it in CSS blocks. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31108 |
| CVE-2022-31229 |
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31229 |
| CVE-2022-31230 |
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31230 |
| CVE-2021-3430 |
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-3430 |
| CVE-2021-3431 |
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-3431 |
| CVE-2021-3432 |
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-3432 |
| CVE-2021-3433 |
Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-3433 |
| CVE-2021-3434 |
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-3434 |
| CVE-2021-3435 |
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-3435 |
| CVE-2022-2231 |
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2231 |
| CVE-2022-31883 |
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31883 |
| CVE-2022-31885 |
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31885 |
| CVE-2022-31886 |
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31886 |
| CVE-2020-19896 |
File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitrary PHP code via post-edit.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-19896 |
| CVE-2020-19897 |
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-19897 |
| CVE-2021-41559 |
Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41559 |
| CVE-2022-24444 |
Silverstripe silverstripe/framework through 4.10 allows Session Fixation. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-24444 |
| CVE-2022-25238 |
Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25238 |
| CVE-2022-29858 |
Silverstripe silverstripe/assets through 1.10 allows XSS. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29858 |
| CVE-2022-31884 |
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31884 |
| CVE-2022-31887 |
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31887 |
| CVE-2022-32532 |
Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32532 |
| CVE-2022-28803 |
In SilverStripe Framework through 2022-04-07, Stored XSS can occur in javascript link tags added via XMLHttpRequest (XHR). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28803 |
| CVE-2022-29269 |
In Nagios XI through 5.8.5, in the schedule report function, an authenticated attacker is able to inject HTML tags that lead to the reformatting/editing of emails from an official email address. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29269 |
| CVE-2022-29270 |
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29270 |
| CVE-2022-29271 |
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is able to schedule downtime for any host/services. This allows an attacker to permanently disable all monitoring checks. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29271 |
| CVE-2022-29272 |
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29272 |
| CVE-2022-31266 |
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page) allows remote attackers to take over accounts. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31266 |
| CVE-2022-31897 |
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31897 |
| CVE-2017-20108 |
A vulnerability classified as problematic has been found in Easy Table Plugin 1.6. This affects an unknown part of the file /wordpress/wp-admin/options-general.php. The manipulation with the input ">--redacted-- leads to basic cross site scripting. It is possible to initiate the attack remotely |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20108 |
| CVE-2017-20109 |
A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure (Credentials). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20109 |
| CVE-2017-20110 |
A vulnerability, which was classified as problematic, has been found in Teleopti WFM up to 7.1.0. Affected by this issue is some unknown functionality of the component Administration. The manipulation as part of JSON leads to information disclosure (Credentials). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20110 |
| CVE-2017-20111 |
A vulnerability, which was classified as critical, was found in Teleopti WFM 7.1.0. This affects an unknown part of the component Administration. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20111 |
| CVE-2017-20112 |
A vulnerability has been found in IVPN Client 2.6.6120.33863 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument --up cmd leads to improper privilege management. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 2.6.2 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20112 |
| CVE-2021-40642 |
Textpattern CMS v4.8.7 and older vulnerability exists through Sensitive Cookie in HTTPS Session Without 'Secure' Attribute via textpattern/lib/txplib_misc.php. The secure flag is not set for txp_login session cookie in the application. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40642 |
| CVE-2022-33021 |
CVA6 commit 909d85a accesses invalid memory when reading the value of MHPMCOUNTER30. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33021 |
| CVE-2022-33023 |
CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33023 |
| CVE-2022-33107 |
ThinkPHP v6.0.12 was discovered to contain a deserialization vulnerability via the component vendor\\league\\flysystem-cached-adapter\\src\\Storage\\AbstractCache.php. This vulnerability allows attackers to execute arbitrary code via a crafted payload. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33107 |
| CVE-2022-33035 |
XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33035 |
| CVE-2022-33036 |
A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33036 |
| CVE-2022-33037 |
A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33037 |
| CVE-2022-34043 |
Incorrect permissions for the folder C:\\ProgramData\\NoMachine\\var\\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34043 |
| CVE-2020-26877 |
ApiFest OAuth 2.0 Server 0.3.1 does not validate the redirect URI in accordance with RFC 6749 and is susceptible to an open redirector attack. Specifically, it directly sends an authorization code to the redirect URI submitted with the authorization request, without checking whether the redirect URI is registered by the client who initiated the request. This allows an attacker to craft a request with a manipulated redirect URI (redirect_uri parameter), which is under the attacker's control, and consequently obtain the leaked authorization code when the server redirects the client to the manipulated redirect URI with an authorization code. NOTE: this is similar to CVE-2019-3778. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-26877 |
| CVE-2022-32969 |
MetaMask before 10.11.3 might allow an attacker to access a user's secret recovery phrase because an input field is used for a BIP39 mnemonic, and Firefox and Chromium save such fields to disk in order to support the Restore Session feature, aka the Demonic issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32969 |
| CVE-2021-39074 |
IBM Security Guardium 11.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-39074 |
| CVE-2022-2252 |
Open Redirect in GitHub repository microweber/microweber prior to 1.2.19. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2252 |
| CVE-2017-20113 |
A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20113 |
| CVE-2017-20114 |
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20114 |
| CVE-2017-20115 |
A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20115 |
| CVE-2017-20116 |
A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20116 |
| CVE-2017-20117 |
A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20117 |
| CVE-2017-20118 |
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20118 |
| CVE-2017-20119 |
A vulnerability classified as problematic has been found in TrueConf Server 4.3.7. This affects an unknown part of the file /admin/general/change-lang. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20119 |
| CVE-2017-20120 |
A vulnerability classified as problematic was found in TrueConf Server 4.3.7. This vulnerability affects unknown code of the file /admin/service/stop/. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20120 |
| CVE-2022-33042 |
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/inquiries/view_details.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33042 |
| CVE-2022-31032 |
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31032 |
| CVE-2022-31058 |
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31058 |
| CVE-2022-31063 |
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious user with the capability to create a document could force victim to execute uncontrolled code. Users are advised to upgrade. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31063 |
| CVE-2022-31110 |
RSSHub is an open source, extensible RSS feed generator. In commits prior to 5c4177441417 passing some special values to the `filter` and `filterout` parameters can cause an abnormally high CPU. This results in an impact on the performance of the servers and RSSHub services which may lead to a denial of service. This issue has been fixed in commit 5c4177441417 and all users are advised to upgrade. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31110 |
| CVE-2022-2073 |
Code Injection in GitHub repository getgrav/grav prior to 1.7.34. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2073 |
| CVE-2022-33057 |
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_reservation. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33057 |
| CVE-2022-33058 |
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_message. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33058 |
| CVE-2022-33059 |
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_train. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33059 |
| CVE-2022-33060 |
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33060 |
| CVE-2022-33061 |
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33061 |
| CVE-2021-40597 |
The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40597 |
| CVE-2022-30467 |
Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote attackers to jam the key fob request via RF. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30467 |
| CVE-2022-34835 |
In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34835 |
| CVE-2017-20121 |
A vulnerability was found in Teradici Management Console 2.2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Database Management. The manipulation leads to improper privilege management. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20121 |
| CVE-2017-20122 |
A vulnerability classified as problematic was found in Bitrix Site Manager 12.06.2015. Affected by this vulnerability is an unknown functionality of the component Contact Form. The manipulation of the argument text with the input <img src="http://1"; on onerror="$(’p').text(’Hacked’)" /> leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20122 |
| CVE-2017-20123 |
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.8 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20123 |
| CVE-2017-20124 |
A vulnerability classified as critical has been found in Online Hotel Booking System Pro Plugin 1.0. Affected is an unknown function of the file /front/roomtype-details.php. The manipulation of the argument tid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20124 |
| CVE-2017-20125 |
A vulnerability classified as critical was found in Online Hotel Booking System Pro 1.2. Affected by this vulnerability is an unknown functionality of the file /roomtype-details.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20125 |
| CVE-2022-26135 |
A vulnerability in Mobile Plugin for Jira Data Center and Server allows a remote, authenticated user (including a user who joined via the sign-up feature) to perform a full read server-side request forgery via a batch endpoint. This affects Atlassian Jira Server and Data Center from version 8.0.0 before version 8.13.22, from version 8.14.0 before 8.20.10, from version 8.21.0 before 8.22.4. This also affects Jira Management Server and Data Center versions from version 4.0.0 before 4.13.22, from version 4.14.0 before 4.20.10 and from version 4.21.0 before 4.22.4. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-26135 |
| CVE-2021-40643 |
EyesOfNetwork before 07-07-2021 has a Remote Code Execution vulnerability on the mail options configuration page. In the location of the "sendmail" application in the "cacti" configuration page (by default/usr/sbin/sendmail) it is possible to execute any command, which will be executed when we make a test of the configuration ("send test mail"). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40643 |
| CVE-2021-40663 |
deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40663 |
| CVE-2013-4170 |
In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2013-4170 |
| CVE-2021-41506 |
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, HI3518_50H10L_S39 V4.02.R11.7601.Nat.Onvif.20170420, V4.02.R11.Nat.Onvif.20160422, V4.02.R11.7601.Nat.Onvif.20170424, V4.02.R11.Nat.Onvif.20170327, V4.02.R11.Nat.Onvif.20161205, V4.02.R11.Nat.20170301, V4.02.R12.Nat.OnvifS.20170727 is affected by a backdoor in the macGuarder and dvrHelper binaries of DVR/NVR/IP camera firmware due to static root account credentials in the system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41506 |
| CVE-2022-1852 |
A NULL pointer dereference flaw was found in the Linux kernel’s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1852 |
| CVE-2022-2078 |
A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2078 |
| CVE-2022-33043 |
A cross-site scripting (XSS) vulnerability in the batch add function of Urtracker Premium v4.0.1.1477 allows attackers to execute arbitrary web scripts or HTML via a crafted excel file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33043 |
| CVE-2021-37770 |
Nucleus CMS v3.71 is affected by a file upload vulnerability. In this vulnerability, we can use upload to change the upload path to the path without the Htaccess file. Upload an Htaccess file and write it to AddType application / x-httpd-php.jpg. In this way, an attacker can upload a picture with shell, treat it as PHP, execute commands, so as to take down website resources. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-37770 |
| CVE-2021-37778 |
There is a buffer overflow in gps-sdr-sim v1.0 when parsing long command line parameters, which can lead to DoS or code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-37778 |
| CVE-2021-37791 |
MyAdmin v1.0 is affected by an incorrect access control vulnerability in viewing personal center in /api/user/userData?userCode=admin. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-37791 |
| CVE-2022-1955 |
Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1955 |
| CVE-2022-2056 |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2056 |
| CVE-2022-2057 |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2057 |
| CVE-2022-2058 |
Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2058 |
| CVE-2021-38941 |
IBM CloudPak for Multicloud Monitoring 2.0 and 2.3 has a few containers running in privileged mode which is vulnerable to host information leakage or destruction if unauthorized access to these containers could execute arbitrary commands. IBM X-Force ID: 211048. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-38941 |
| CVE-2021-38954 |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5 and 6.1.0.0 through 6.1.1.0 could disclose sensitive version information that could aid in future attacks against the system. IBM X-Force ID: 211414. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-38954 |
| CVE-2022-22472 |
IBM Spectrum Protect Plus Container Backup and Restore (10.1.5 through 10.1.10.2 for Kubernetes and 10.1.7 through 10.1.10.2 for Red Hat OpenShift) could allow a remote attacker to bypass IBM Spectrum Protect Plus role based access control restrictions, caused by improper disclosure of session information. By retrieving the logs of a container an attacker could exploit this vulnerability to bypass login security of the IBM Spectrum Protect Plus server and gain unauthorized access based on the permissions of the IBM Spectrum Protect Plus user to the vulnerable Spectrum Protect Plus server software. IBM X-Force ID: 225340. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22472 |
| CVE-2022-22474 |
IBM Spectrum Protect 8.1.0.0 through 8.1.14.0 dsmcad, dsmc, and dsmcsvc processes incorrectly handle certain read operations on TCP/IP sockets. This can result in a denial of service for IBM Spectrum Protect client operations. IBM X-Force ID: 225348. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22474 |
| CVE-2022-22478 |
IBM Spectrum Protect Client 8.1.0.0 through 8.1.14.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 225886. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22478 |
| CVE-2022-22487 |
An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to both the IBM Spectrum Protect storage agent and the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 with which it communicates. IBM X-Force ID: 226326. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22487 |
| CVE-2022-22494 |
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14 could allow a remote attacker to gain details of the database, such as type and version, by sending a specially-crafted HTTP request. This information could then be used in future attacks. IBM X-Force ID: 226940. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22494 |
| CVE-2022-22496 |
While a user account for the IBM Spectrum Protect Server 8.1.0.000 through 8.1.14 is being established, it may be configured to use SESSIONSECURITY=TRANSITIONAL. While in this mode, it may be susceptible to an offline dictionary attack. IBM X-Force ID: 226942. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22496 |
| CVE-2022-31112 |
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions parse Server LiveQuery does not remove protected fields in classes, passing them to the client. The LiveQueryController now removes protected fields from the client response. Users are advised to upgrade. Users unable t upgrade should use `Parse.Cloud.afterLiveQueryEvent` to manually remove protected fields. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31112 |
| CVE-2013-4144 |
There is an object injection vulnerability in swfupload plugin for wordpress. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2013-4144 |
| CVE-2022-34777 |
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34777 |
| CVE-2022-34778 |
Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34778 |
| CVE-2022-34779 |
A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34779 |
| CVE-2022-34780 |
A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34780 |
| CVE-2022-34781 |
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34781 |
| CVE-2022-34782 |
An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34782 |
| CVE-2022-34783 |
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34783 |
| CVE-2022-34784 |
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34784 |
| CVE-2022-34785 |
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34785 |
| CVE-2022-34786 |
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34786 |
| CVE-2022-34787 |
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34787 |
| CVE-2022-34788 |
Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34788 |
| CVE-2022-34789 |
A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34789 |
| CVE-2022-34790 |
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34790 |
| CVE-2022-34791 |
Jenkins Validating Email Parameter Plugin 1.10 and earlier does not escape the name and description of its parameter type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34791 |
| CVE-2022-34792 |
A cross-site request forgery (CSRF) vulnerability in Jenkins Recipe Plugin 1.2 and earlier allows attackers to send an HTTP request to an attacker-specified URL and parse the response as XML. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34792 |
| CVE-2022-34793 |
Jenkins Recipe Plugin 1.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34793 |
| CVE-2022-34794 |
Missing permission checks in Jenkins Recipe Plugin 1.2 and earlier allow attackers with Overall/Read permission to send an HTTP request to an attacker-specified URL and parse the response as XML. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34794 |
| CVE-2022-34795 |
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not escape environment names on its Deployment Dashboard view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34795 |
| CVE-2022-34796 |
A missing permission check in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34796 |
| CVE-2022-34797 |
A cross-site request forgery (CSRF) vulnerability in Jenkins Deployment Dashboard Plugin 1.0.10 and earlier allows attackers to connect to an attacker-specified HTTP URL using attacker-specified credentials. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34797 |
| CVE-2022-34798 |
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP URL using attacker-specified credentials. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34798 |
| CVE-2022-34799 |
Jenkins Deployment Dashboard Plugin 1.0.10 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34799 |
| CVE-2022-34800 |
Jenkins Build Notifications Plugin 1.5.0 and earlier stores tokens unencrypted in its global configuration files on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34800 |
| CVE-2022-34801 |
Jenkins Build Notifications Plugin 1.5.0 and earlier transmits tokens in plain text as part of the global Jenkins configuration form, potentially resulting in their exposure. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34801 |
| CVE-2022-34802 |
Jenkins RocketChat Notifier Plugin 1.5.2 and earlier stores the login password and webhook token unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34802 |
| CVE-2022-34803 |
Jenkins OpsGenie Plugin 1.9 and earlier stores API keys unencrypted in its global configuration file and in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission (config.xml), or access to the Jenkins controller file system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34803 |
| CVE-2022-34804 |
Jenkins OpsGenie Plugin 1.9 and earlier transmits API keys in plain text as part of the global Jenkins configuration form and job configuration forms, potentially resulting in their exposure. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34804 |
| CVE-2022-34805 |
Jenkins Skype notifier Plugin 1.1.0 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34805 |
| CVE-2022-34806 |
Jenkins Jigomerge Plugin 0.9 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34806 |
| CVE-2022-34807 |
Jenkins Elasticsearch Query Plugin 1.2 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34807 |
| CVE-2022-34808 |
Jenkins Cisco Spark Plugin 1.1.1 and earlier stores bearer tokens unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34808 |
| CVE-2022-34809 |
Jenkins RQM Plugin 2.8 and earlier stores a password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34809 |
| CVE-2022-34810 |
A missing check in Jenkins RQM Plugin 2.8 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34810 |
| CVE-2022-34811 |
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to access the XPath Configuration Viewer page. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34811 |
| CVE-2022-34812 |
A cross-site request forgery (CSRF) vulnerability in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers to create and delete XPath expressions. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34812 |
| CVE-2022-34813 |
A missing permission check in Jenkins XPath Configuration Viewer Plugin 1.1.1 and earlier allows attackers with Overall/Read permission to create and delete XPath expressions. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34813 |
| CVE-2022-34814 |
Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier does not correctly perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to view an administrative configuration page listing pending requests. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34814 |
| CVE-2022-34815 |
A cross-site request forgery (CSRF) vulnerability in Jenkins Request Rename Or Delete Plugin 1.1.0 and earlier allows attackers to accept pending requests, thereby renaming or deleting jobs. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34815 |
| CVE-2022-34816 |
Jenkins HPE Network Virtualization Plugin 1.0 stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34816 |
| CVE-2022-34817 |
A cross-site request forgery (CSRF) vulnerability in Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier allows attackers to disable jobs. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34817 |
| CVE-2022-34818 |
Jenkins Failed Job Deactivator Plugin 1.2.1 and earlier does not perform permission checks in several views and HTTP endpoints, allowing attackers with Overall/Read permission to disable jobs. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34818 |
| CVE-2013-4561 |
In a openshift node, there is a cron job to update mcollective facts that mishandles a temporary file. This may lead to loss of confidentiality and integrity. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2013-4561 |
| CVE-2022-28127 |
A data removal vulnerability exists in the web_server /action/remove/ API functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary file deletion. An attacker can send a sequence of requests to trigger this vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28127 |
| CVE-2022-2197 |
By using a specific credential string, an attacker with network access to the device’s web interface could circumvent the authentication scheme and perform administrative operations. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2197 |
| CVE-2022-32585 |
A command execution vulnerability exists in the clish art2 functionality of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32585 |
| CVE-2022-33312 |
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_cert_file/` API is affected by command injection vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33312 |
| CVE-2022-33313 |
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_https_cert_file/` API is affected by command injection vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33313 |
| CVE-2022-33314 |
Multiple command injection vulnerabilities exist in the web_server action endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/action/import_sdk_file/` API is affected by command injection vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33314 |
| CVE-2022-33325 |
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/clear_tools_log/` API is affected by command injection vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33325 |
| CVE-2022-33326 |
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/config_rollback/` API is affected by a command injection vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33326 |
| CVE-2022-33327 |
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove_sniffer_raw_log/` API is affected by a command injection vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33327 |
| CVE-2022-33328 |
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove/` API is affected by a command injection vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33328 |
| CVE-2022-33329 |
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/set_sys_time/` API is affected by a command injection vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33329 |
| CVE-2021-41995 |
A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41995 |
| CVE-2022-23717 |
PingID Windows Login prior to 2.8 is vulnerable to a denial of service condition on local machines when combined with using offline security keys as part of authentication. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-23717 |
| CVE-2022-23718 |
PingID Windows Login prior to 2.8 uses known vulnerable components that can lead to remote code execution. An attacker capable of achieving a sophisticated man-in-the-middle position, or to compromise Ping Identity web servers, could deliver malicious code that would be executed as SYSTEM by the PingID Windows Login application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-23718 |
| CVE-2022-23719 |
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service used to capture security key requests. An attacker with the ability to execute code on the target machine maybe able to exploit and spoof the local Java service using multiple attack vectors. A successful attack can lead to code executed as SYSTEM by the PingID Windows Login application, or even a denial of service for offline security key authentication. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-23719 |
| CVE-2022-23720 |
PingID Windows Login prior to 2.8 does not alert or halt operation if it has been provisioned with the full permissions PingID properties file. An IT administrator could mistakenly deploy administrator privileged PingID API credentials, such as those typically used by PingFederate, into PingID Windows Login user endpoints. Using sensitive full permissions properties file outside of a privileged trust boundary leads to an increased risk of exposure or discovery, and an attacker could leverage these credentials to perform administrative actions against PingID APIs or endpoints. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-23720 |
| CVE-2022-23725 |
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-23725 |
| CVE-2014-0068 |
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log/watchman.ouput with world writable permission. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-0068 |
| CVE-2014-0156 |
Awesome spawn contains OS command injection vulnerability, which allows execution of additional commands passed to Awesome spawn as arguments. If untrusted input was included in command arguments, attacker could use this flaw to execute arbitrary command. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-0156 |
| CVE-2022-2257 |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2257 |
| CVE-2022-31115 |
opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby `YAML.load` function was used instead of `YAML.safe_load`. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. An attacker must be in control of an opensearch server and convince the victim to connect to it in order to exploit this vulnerability. The problem has been patched in opensearch-ruby gem version 2.0.1. Users are advised to upgrade. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31115 |
| CVE-2022-33082 |
An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33082 |
| CVE-2022-33085 |
ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \\espcms_public\\espcms_templates\\ESPCMS_Templates. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33085 |
| CVE-2022-33087 |
A stack overflow in the function DM_ In fillobjbystr() of TP-Link Archer C50&A5(US)_V5_200407 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33087 |
| CVE-2021-32428 |
SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-32428 |
| CVE-2022-27904 |
The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27904 |
| CVE-2022-32295 |
On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32295 |
| CVE-2022-32988 |
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp, (2) cgi-bin/Advanced_ACL_Content.asp, (3) cgi-bin/Advanced_ADSL_Content.asp, (4) cgi-bin/Advanced_ASUSDDNS_Content.asp, (5) cgi-bin/Advanced_AiDisk_ftp.asp, (6) cgi-bin/Advanced_AiDisk_samba.asp, (7) cgi-bin/Advanced_DSL_Content.asp, (8) cgi-bin/Advanced_Firewall_Content.asp, (9) cgi-bin/Advanced_FirmwareUpgrade_Content.asp, (10) cgi-bin/Advanced_GWStaticRoute_Content.asp, (11) cgi-bin/Advanced_IPTV_Content.asp, (12) cgi-bin/Advanced_IPv6_Content.asp, (13) cgi-bin/Advanced_KeywordFilter_Content.asp, (14) cgi-bin/Advanced_LAN_Content.asp, (15) cgi-bin/Advanced_Modem_Content.asp, (16) cgi-bin/Advanced_PortTrigger_Content.asp, (17) cgi-bin/Advanced_QOSUserPrio_Content.asp, (18) cgi-bin/Advanced_QOSUserRules_Content.asp, (19) cgi-bin/Advanced_SettingBackup_Content.asp, (20) cgi-bin/Advanced_System_Content.asp, (21) cgi-bin/Advanced_URLFilter_Content.asp, (22) cgi-bin/Advanced_VPN_PPTP.asp, (23) cgi-bin/Advanced_VirtualServer_Content.asp, (24) cgi-bin/Advanced_WANPort_Content.asp, (25) cgi-bin/Advanced_WAdvanced_Content.asp, (26) cgi-bin/Advanced_WMode_Content.asp, (27) cgi-bin/Advanced_WWPS_Content.asp, (28) cgi-bin/Advanced_Wireless_Content.asp, (29) cgi-bin/Bandwidth_Limiter.asp, (30) cgi-bin/Guest_network.asp, (31) cgi-bin/Main_AccessLog_Content.asp, (32) cgi-bin/Main_AdslStatus_Content.asp, (33) cgi-bin/Main_Spectrum_Content.asp, (34) cgi-bin/Main_WebHistory_Content.asp, (35) cgi-bin/ParentalControl.asp, (36) cgi-bin/QIS_wizard.asp, (37) cgi-bin/QoS_EZQoS.asp, (38) cgi-bin/aidisk.asp, (39) cgi-bin/aidisk/Aidisk-1.asp, (40) cgi-bin/aidisk/Aidisk-2.asp, (41) cgi-bin/aidisk/Aidisk-3.asp, (42) cgi-bin/aidisk/Aidisk-4.asp, (43) cgi-bin/blocking.asp, (44) cgi-bin/cloud_main.asp, (45) cgi-bin/cloud_router_sync.asp, (46) cgi-bin/cloud_settings.asp, (47) cgi-bin/cloud_sync.asp, (48) cgi-bin/device-map/DSL_dashboard.asp, (49) cgi-bin/device-map/clients.asp, (50) cgi-bin/device-map/disk.asp, (51) cgi-bin/device-map/internet.asp, (52) cgi-bin/error_page.asp, (53) cgi-bin/index.asp, (54) cgi-bin/index2.asp, (55) cgi-bin/qis/QIS_PTM_manual_setting.asp, (56) cgi-bin/qis/QIS_admin_pass.asp, (57) cgi-bin/qis/QIS_annex_setting.asp, (58) cgi-bin/qis/QIS_bridge_cfg_tmp.asp, (59) cgi-bin/qis/QIS_detect.asp, (60) cgi-bin/qis/QIS_finish.asp, (61) cgi-bin/qis/QIS_ipoa_cfg_tmp.asp, (62) cgi-bin/qis/QIS_manual_setting.asp, (63) cgi-bin/qis/QIS_mer_cfg.asp, (64) cgi-bin/qis/QIS_mer_cfg_tmp.asp, (65) cgi-bin/qis/QIS_ppp_cfg.asp, (66) cgi-bin/qis/QIS_ppp_cfg_tmp.asp, (67) cgi-bin/qis/QIS_wireless.asp, (68) cgi-bin/query_wan_status.asp, (69) cgi-bin/query_wan_status2.asp, and (70) cgi-bin/start_apply.asp. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32988 |
| CVE-2022-2274 |
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2274 |
| CVE-2022-2279 |
NULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2279 |
| CVE-2022-2280 |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2280 |
| CVE-2022-34894 |
In JetBrains Hub before 2022.2.14799, insufficient access control allowed the hijacking of untrusted services |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34894 |
| CVE-2022-2264 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2264 |
| CVE-2022-33099 |
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33099 |
| CVE-2022-33103 |
Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33103 |
| CVE-2014-3648 |
The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registered with bad deviceTokens, one can generate endless exceptions when those endpoints can't be reached or can slow the server down by purposefully wasting it's time with slow endpoints. Similarly, one can provide whatever HTTP end point they want. This turns the server into a DDOS vector or an anonymizer for the posting of malware and so on. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-3648 |
| CVE-2014-3650 |
Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2014-3650 |
| CVE-2022-2253 |
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 may send OS commands to execute on the host server. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2253 |
| CVE-2022-1983 |
Incorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1983 |
| CVE-2022-2185 |
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2185 |
| CVE-2022-2227 |
Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2227 |
| CVE-2022-2230 |
A Stored Cross-Site Scripting vulnerability in the project settings page in GitLab CE/EE affecting all versions from 14.4 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2230 |
| CVE-2022-2235 |
Insufficient sanitization in GitLab EE's external issue tracker affecting all versions from 14.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to perform cross-site scripting when a victim clicks on a maliciously crafted ZenTao link |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2235 |
| CVE-2022-2243 |
An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2243 |
| CVE-2022-2244 |
An improper authorization vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows project members with reporter role to manage issues in project's error tracking feature. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2244 |
| CVE-2022-2250 |
An open redirect vulnerability in GitLab EE/CE affecting all versions from 11.1 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows an attacker to redirect users to an arbitrary location if they trust the URL. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2250 |
| CVE-2022-2254 |
A user with administrative privileges in Distributed Data Systems WebHMI 4.1.1.7662 can store a script that could impact other logged in users. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2254 |
| CVE-2022-2281 |
An information disclosure vulnerability in GitLab EE affecting all versions from 12.5 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows disclosure of release titles if group milestones are associated with any project releases. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2281 |
| CVE-2022-1963 |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab reveals if a user has enabled two-factor authentication on their account in the HTML source, to unauthenticated users. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1963 |
| CVE-2022-1981 |
An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1981 |
| CVE-2022-1999 |
An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1999 |
| CVE-2022-2228 |
Information exposure in GitLab EE affecting all versions from 12.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker with the appropriate access tokens to obtain CI variables in a group with using IP-based access restrictions even if the GitLab Runner is calling from outside the allowed IP range |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2228 |
| CVE-2022-2229 |
An improper authorization issue in GitLab CE/EE affecting all versions from 13.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to extract the value of an unprotected variable they know the name of in public projects or private projects they're a member of. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2229 |
| CVE-2022-2270 |
An issue has been discovered in GitLab affecting all versions starting from 12.4 before 14.10.5, all versions starting from 15.0 before 15.0.4, all versions starting from 15.1 before 15.1.1. GitLab was leaking Conan packages names due to incorrect permissions verification. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2270 |
| CVE-2022-31113 |
Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens. This permits an attacker who recognised an HTTP-based Canarytoken (a URL) to execute Javascript in the Canarytoken's history page (domain: canarytokens.org) when the history page is later visited by the Canarytoken's creator. This vulnerability could be used to disable or delete the affected Canarytoken, or view its activation history. It might also be used as a stepping stone towards revealing more information about the Canarytoken's creator to the attacker. For example, an attacker could recover the email address tied to the Canarytoken, or place Javascript on the history page that redirect the creator towards an attacker-controlled Canarytoken to show the creator's network location. An attacker could only act on the discovered Canarytoken. This issue did not expose other Canarytokens or other Canarytoken creators. The issue has been patched on Canarytokens.org and in the latest release. No signs of successful exploitation of this vulnerability have been found. Users are advised to upgrade. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31113 |
| CVE-2021-37524 |
Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-37524 |
| CVE-2022-0167 |
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not disabling the Autocomplete attribute of fields related to sensitive information making it possible to be retrieved under certain conditions. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-0167 |
| CVE-2022-1954 |
A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1954 |
| CVE-2022-22366 |
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22366 |
| CVE-2022-22367 |
IBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22367 |
| CVE-2022-22373 |
An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22373 |
| CVE-2022-32030 |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32030 |
| CVE-2022-32031 |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32031 |
| CVE-2022-32032 |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32032 |
| CVE-2022-32033 |
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32033 |
| CVE-2022-32034 |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32034 |
| CVE-2022-32035 |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32035 |
| CVE-2022-32036 |
Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32036 |
| CVE-2022-32037 |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32037 |
| CVE-2022-32039 |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32039 |
| CVE-2022-32040 |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32040 |
| CVE-2022-32041 |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32041 |
| CVE-2022-32043 |
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32043 |
| CVE-2022-32044 |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32044 |
| CVE-2022-32045 |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32045 |
| CVE-2022-32046 |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32046 |
| CVE-2022-32047 |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32047 |
| CVE-2022-32048 |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32048 |
| CVE-2022-32049 |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32049 |
| CVE-2022-32050 |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32050 |
| CVE-2022-32051 |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32051 |
| CVE-2022-32052 |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32052 |
| CVE-2022-32053 |
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32053 |
| CVE-2022-25758 |
All versions of package scss-tokenizer are vulnerable to Regular Expression Denial of Service (ReDoS) via the loadAnnotation() function, due to the usage of insecure regex. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25758 |
| CVE-2022-25876 |
The package link-preview-js before 2.1.16 are vulnerable to Server-side Request Forgery (SSRF) which allows attackers to send arbitrary requests to the local network and read the response. This is due to flawed DNS rebinding protection. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25876 |
| CVE-2022-25896 |
This affects the package passport before 0.6.0. When a user logs in or logs out, the session is regenerated instead of being closed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25896 |
| CVE-2022-25898 |
The package jsrsasign before 10.5.25 are vulnerable to Improper Verification of Cryptographic Signature when JWS or JWT signature with non Base64URL encoding special characters or number escaped characters may be validated as valid by mistake. Workaround: Validate JWS or JWT signature if it has Base64URL and dot safe string before executing JWS.verify() or JWS.verifyJWT() method. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25898 |
| CVE-2022-25900 |
All versions of package git-clone are vulnerable to Command Injection due to insecure usage of the --upload-pack feature of git. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25900 |
| CVE-2022-32081 |
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32081 |
| CVE-2022-32082 |
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32082 |
| CVE-2022-32083 |
MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32083 |
| CVE-2022-32084 |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32084 |
| CVE-2022-32085 |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32085 |
| CVE-2022-32086 |
MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32086 |
| CVE-2022-32087 |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32087 |
| CVE-2022-32088 |
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32088 |
| CVE-2022-32089 |
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32089 |
| CVE-2022-32091 |
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32091 |
| CVE-2022-31943 |
MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31943 |
| CVE-2022-32093 |
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32093 |
| CVE-2022-32094 |
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32094 |
| CVE-2022-32095 |
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32095 |
| CVE-2022-32384 |
Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the security_5g parameter in the function formWifiBasicSet. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32384 |
| CVE-2022-32420 |
College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32420 |
| CVE-2022-32324 |
PDFAlto v0.4 was discovered to contain a heap buffer overflow via the component /pdfalto/src/pdfalto.cc. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32324 |
| CVE-2022-32325 |
JPEGOPTIM v1.4.7 was discovered to contain a segmentation violation which is caused by a READ memory access at jpegoptim.c. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32325 |
| CVE-2022-32411 |
An issue in the languages config file of HongCMS v3.0 allows attackers to getshell. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32411 |
| CVE-2022-32412 |
An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32412 |
| CVE-2022-34903 |
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34903 |
| CVE-2022-32551 |
Zoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32551 |
| CVE-2022-2284 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2284 |
| CVE-2022-2285 |
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2285 |
| CVE-2022-2286 |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2286 |
| CVE-2022-34911 |
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text(). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34911 |
| CVE-2022-34912 |
An issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34912 |
| CVE-2022-2287 |
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2287 |
| CVE-2022-2290 |
Cross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2290 |
| CVE-2022-2288 |
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2288 |
| CVE-2022-2289 |
Use After Free in GitHub repository vim/vim prior to 9.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2289 |
| CVE-2022-32284 |
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32284 |
| CVE-2022-33208 |
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33208 |
| CVE-2022-33948 |
HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33948 |
| CVE-2022-33971 |
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33971 |
| CVE-2022-34151 |
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34151 |
| CVE-2022-26051 |
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-26051 |
| CVE-2022-26054 |
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-26054 |
| CVE-2022-26368 |
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-26368 |
| CVE-2022-27627 |
Cross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27627 |
| CVE-2022-27661 |
Operation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27661 |
| CVE-2022-27803 |
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27803 |
| CVE-2022-27807 |
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27807 |
| CVE-2022-28692 |
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28692 |
| CVE-2022-28713 |
Improper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28713 |
| CVE-2022-28718 |
Operation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28718 |
| CVE-2022-29467 |
Address information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29467 |
| CVE-2022-29471 |
Browse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29471 |
| CVE-2022-29484 |
Operation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29484 |
| CVE-2022-29513 |
Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29513 |
| CVE-2022-29892 |
Improper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29892 |
| CVE-2022-2300 |
Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2300 |
| CVE-2022-2301 |
Buffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2301 |
| CVE-2021-25056 |
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-25056 |
| CVE-2021-25066 |
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-25066 |
| CVE-2022-0250 |
The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-0250 |
| CVE-2022-1301 |
The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1301 |
| CVE-2022-1946 |
The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1946 |
| CVE-2022-1967 |
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1967 |
| CVE-2022-2268 |
The Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2268 |
| CVE-2022-34265 |
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34265 |
| CVE-2022-34829 |
Zoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34829 |
| CVE-2022-34918 |
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34918 |
| CVE-2022-2306 |
Old session tokens can be used to authenticate to the application and send authenticated requests. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2306 |
| CVE-2022-2309 |
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2309 |
| CVE-2022-2097 |
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2097 |
| CVE-2021-43702 |
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-43702 |
| CVE-2022-30289 |
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30289 |
| CVE-2022-26365 |
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-26365 |
| CVE-2022-2304 |
Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2304 |
| CVE-2022-30290 |
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30290 |
| CVE-2022-33740 |
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33740 |
| CVE-2022-33741 |
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33741 |
| CVE-2022-33742 |
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33742 |
| CVE-2022-33743 |
network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33743 |
| CVE-2022-33744 |
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33744 |
| CVE-2021-43116 |
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-43116 |
| CVE-2022-31836 |
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31836 |
| CVE-2022-31770 |
IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31770 |
| CVE-2022-34876 |
SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34876 |
| CVE-2022-34877 |
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34877 |
| CVE-2022-34878 |
SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34878 |
| CVE-2022-34879 |
Reflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34879 |
| CVE-2021-44915 |
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-44915 |
| CVE-2022-31014 |
Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenticated SMTP session and run arbitrary SMTP commands as the email user, such as sending emails to other users, changing the FROM user, and so on. As before, this depends on the configuration of the server itself, but newlines should be sanitized to mitigate such arbitrary SMTP command injection. It is recommended that the Nextcloud Server is upgraded to 22.2.8 , 23.0.5 or 24.0.1. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31014 |
| CVE-2022-31116 |
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31116 |
| CVE-2022-31117 |
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31117 |
| CVE-2022-33075 |
A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33075 |
| CVE-2022-2321 |
Login Bruteforce attacks |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2321 |
| CVE-2022-31856 |
Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31856 |
| CVE-2022-32310 |
An access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32310 |
| CVE-2022-32311 |
Ingredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32311 |
| CVE-2022-32413 |
An arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32413 |
| CVE-2022-34972 |
So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-34972 |