| CVE Number | Description | Base Score | Reference |
|---|
| CVE-2010-0129 | Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 allow remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .dir (aka Director) file that triggers an array index error. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2010-0129 |
| CVE-2017-2828 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2828 |
| CVE-2017-2841 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2841 |
| CVE-2017-2842 | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2842 |
| CVE-2017-2843 | In the web management interface in Foscam C1 Indoor HD Camera running application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2843 |
| CVE-2017-2844 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary data in the "msmtprc" configuration file resulting in command execution. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2844 |
| CVE-2017-2845 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SMTP configuration tests resulting in command execution | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2845 |
| CVE-2017-2846 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2846 |
| CVE-2017-2847 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2847 |
| CVE-2017-2848 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during manual network configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2848 |
| CVE-2017-2849 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary shell characters during NTP server configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2849 |
| CVE-2017-2850 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can allow for a user to inject arbitrary characters in the pureftpd.passwd file during a username change, which in turn allows for bypassing chroot restrictions in the FTP server. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2850 |
| CVE-2017-2887 | An exploitable buffer overflow vulnerability exists in the XCF property handling functionality of SDL_image 2.0.1. A specially crafted xcf file can cause a stack-based buffer overflow resulting in potential code execution. An attacker can provide a specially crafted XCF file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2887 |
| CVE-2017-2888 | An exploitable integer overflow vulnerability exists when creating a new RGB Surface in SDL 2.0.5. A specially crafted file can cause an integer overflow resulting in too little memory being allocated which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2888 |
| CVE-2017-2866 | An exploitable vulnerability exists in the /api/CONFIG/backup functionality of Circle with Disney. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2866 |
| CVE-2017-2881 | An exploitable vulnerability exists in the torlist update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2881 |
| CVE-2017-2890 | An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2890 |
| CVE-2017-2871 | Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. An attacker who is in the same subnetwork of the camera or has remote administrator access can fully compromise the device by performing a firmware recovery using a custom image. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2871 |
| CVE-2018-6974 | VMware ESXi (6.7 before ESXi670-201810101-SG, 6.5 before ESXi650-201808401-BG, and 6.0 before ESXi600-201808401-BG), Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds read vulnerability in SVGA device. This issue may allow a guest to execute code on the host. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-6974 |
| CVE-2018-4016 | An exploitable code execution vulnerability exists in the URL-parsing functionality of the Roav A1 Dashcam running version RoavA1SWV1.9. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4016 |
| CVE-2018-4017 | An exploitable vulnerability exists in the Wi-Fi Access Point feature of the Roav A1 Dashcam running version RoavA1SWV1.9. A set of default credentials can potentially be used to connect to the device. An attacker can connect to the AP to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4017 |
| CVE-2019-5031 | An exploitable memory corruption vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.4.1.16828. A specially crafted PDF document can trigger an out-of-memory condition which isn't handled properly, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5031 |
| CVE-2019-5527 | ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5527 |
| CVE-2019-5030 | A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5030 |
| CVE-2019-18610 | An issue was discovered in manager.c in Sangoma Asterisk through 13.x, 16.x, 17.x and Certified Asterisk 13.21 through 13.21-cert4. A remote authenticated Asterisk Manager Interface (AMI) user without system authorization could use a specially crafted Originate AMI request to execute arbitrary system commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-18610 |
| CVE-2020-6063 | An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6063 |
| CVE-2020-6064 | An exploitable out-of-bounds write vulnerability exists in the uncompress_scan_line function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted PCX file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6064 |
| CVE-2020-6065 | An exploitable out-of-bounds write vulnerability exists in the bmp_parsing function of the igcore19d.dll library of Accusoft ImageGear, version 19.5.0. A specially crafted BMP file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6065 |
| CVE-2020-3897 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A remote attacker may be able to cause arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3897 |
| CVE-2020-3901 | A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, watchOS 6.2, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3901 |
| CVE-2020-6081 | An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6081 |
| CVE-2020-6074 | An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6074 |
| CVE-2020-8605 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-8605 |
| CVE-2018-11764 | Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alpha4, 3.0.0-beta1, and 3.0.0. Authenticated users may impersonate any user even if no proxy user is configured. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-11764 |
| CVE-2020-13531 | A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13531 |
| CVE-2020-13525 | The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13525 |
| CVE-2020-9947 | A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0. Processing maliciously crafted web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-9947 |
| CVE-2020-13526 | SQL injection vulnerability exists in the handling of sort parameters in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. The reportTables_Ajax and clientSetupAjax pages are vulnerable to SQL injection in the sort parameter.An attacker can make an authenticated HTTP request to trigger these vulnerabilities. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13526 |
| CVE-2021-21974 | OpenSLP as used in ESXi (7.0 before ESXi70U1c-17325551, 6.7 before ESXi670-202102401-SG, 6.5 before ESXi650-202102101-SG) has a heap-overflow vulnerability. A malicious actor residing within the same network segment as ESXi who has access to port 427 may be able to trigger the heap-overflow issue in OpenSLP service resulting in remote code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21974 |
| CVE-2021-25144 | A remote buffer overflow vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.16 and below; Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.6 and below; Aruba Instant 8.6.x: 8.6.0.2 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-25144 |
| CVE-2021-25150 | A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-25150 |
| CVE-2021-26919 | Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2 | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26919 |
| CVE-2021-29472 | Composer is a dependency manager for PHP. URLs for Mercurial repositories in the root composer.json and package source download URLs are not sanitized correctly. Specifically crafted URL values allow code to be executed in the HgDriver if hg/Mercurial is installed on the system. The impact to Composer users directly is limited as the composer.json file is typically under their own control and source download URLs can only be supplied by third party Composer repositories they explicitly trust to download and execute source code from, e.g. Composer plugins. The main impact is to services passing user input to Composer, including Packagist.org and Private Packagist. This allowed users to trigger remote code execution. The vulnerability has been patched on Packagist.org and Private Packagist within 12h of receiving the initial vulnerability report and based on a review of logs, to the best of our knowledge, was not abused by anyone. Other services/tools using VcsRepository/VcsDriver or derivatives may also be vulnerable and should upgrade their composer/composer dependency immediately. Versions 1.10.22 and 2.0.13 include patches for this issue. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-29472 |
| CVE-2021-29477 | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer could be exploited using the `STRALGO LCS` command to corrupt the heap and potentially result with remote code execution. The problem is fixed in version 6.2.3 and 6.0.13. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the `STRALGO LCS` command. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-29477 |
| CVE-2021-29478 | Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis 6.2 before 6.2.3 could be exploited to corrupt the heap and potentially result with remote code execution. Redis 6.0 and earlier are not directly affected by this issue. The problem is fixed in version 6.2.3. An additional workaround to mitigate the problem without patching the `redis-server` executable is to prevent users from modifying the `set-max-intset-entries` configuration parameter. This can be done using ACL to restrict unprivileged users from using the `CONFIG SET` command. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-29478 |
| CVE-2021-21897 | A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21897 |
| CVE-2021-21408 | Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21408 |
| CVE-2021-29454 | Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-29454 |
| CVE-2022-0435 | A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0435 |
| CVE-2022-28062 | Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28062 |
| CVE-2021-38886 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-38886 |
| CVE-2022-26889 | In Splunk Enterprise versions before 8.1.2, the uri path to load a relative resource within a web page is vulnerable to path traversal. It allows an attacker to potentially inject arbitrary content into the web page (e.g., HTML Injection, XSS) or bypass SPL safeguards for risky commands. The attack is browser-based. An attacker cannot exploit the attack at will and requires the attacker to initiate a request within the victim's browser (e.g., phishing). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26889 |
| CVE-2022-1631 | Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1631 |
| CVE-2022-23332 | Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary code via the field. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23332 |
| CVE-2022-27632 | Cross-site request forgery (CSRF) vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker to hijack the authentication of an administrator and conduct arbitrary operations by having a user to view a specially crafted page. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27632 |
| CVE-2022-30018 | Mobotix Control Center (MxCC) through 2.5.4.5 has Insufficiently Protected Credentials, Storing Passwords in a Recoverable Format via the MxCC.ini config file. The credential storage method in this software enables an attacker/user of the machine to gain admin access to the software and gain access to recordings/recording locations. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30018 |
| CVE-2022-1423 | Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1423 |
| CVE-2022-30617 | An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for other admin panel users that have a relationship (e.g., created by, updated by) with content accessible to the authenticated user. For example, a low-privileged “author” role account can view these details in the JSON response for an “editor” or “super admin” that has updated one of the author’s blog posts. There are also many other scenarios where such details from other users can leak in the JSON response, either through a direct or indirect relationship. Access to this information enables a user to compromise other users’ accounts by successfully invoking the password reset workflow. In a worst-case scenario, a low-privileged user could get access to a “super admin” account with full control over the Strapi instance, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30617 |
| CVE-2022-25227 | Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and achieve RCE. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25227 |
| CVE-2022-31245 | mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31245 |
| CVE-2022-29184 | GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capability on the GoCD server via configuring a malicious branch name which abuses Mercurial hooks/aliases to exploit a command injection weakness. An attacker would require access to an account with existing GoCD administration permissions to either create/edit (`hg`-based) configuration repositories; create/edit pipelines and their (`hg`-based) materials; or, where "pipelines-as-code" configuration repositories are used, to commit malicious configuration to such an external repository which will be automatically parsed into a pipeline configuration and (`hg`) material definition by the GoCD server. This issue is fixed in GoCD 22.1.0. As a workaround, users who do not use/rely upon Mercurial materials can uninstall/remove the `hg`/Mercurial binary from the underlying GoCD Server operating system or Docker image. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29184 |
| CVE-2022-28944 | Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. ¶¶ Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28944 |
| CVE-2022-28999 | Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28999 |
| CVE-2022-29002 | A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29002 |
| CVE-2022-29376 | Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29376 |
| CVE-2022-1839 | A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1839 |
| CVE-2021-42655 | SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42655 |
| CVE-2022-29221 | Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29221 |
| CVE-2021-4229 | A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4229 |
| CVE-2022-22495 | IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22495 |
| CVE-2022-1883 | SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1883 |
| CVE-2021-34360 | A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-34360 |
| CVE-2022-26857 | Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26857 |
| CVE-2022-26748 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26748 |
| CVE-2021-25220 | BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown - back to 9.1.0, including Supported Preview Editions - are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-25220 |
| CVE-2022-29170 | Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability present starting with version 7.4.0-beta1 and prior to versions 7.5.16 and 8.5.3 allows someone to bypass these security configurations if a malicious datasource (running on an allowed host) returns an HTTP redirect to a forbidden host. The vulnerability only impacts Grafana Enterprise when the Request security allow list is used and there is a possibility to add a custom datasource to Grafana which returns HTTP redirects. In this scenario, Grafana would blindly follow the redirects and potentially give secure information to the clients. Grafana Cloud is not impacted by this vulnerability. Versions 7.5.16 and 8.5.3 contain a patch for this issue. There are currently no known workarounds. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29170 |
| CVE-2022-30127 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128. | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30127 |
| CVE-2022-30128 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127. | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30128 |
| CVE-2017-2895 | An exploitable arbitrary memory read vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. A specially crafted MQTT SUBSCRIBE packet can cause an arbitrary out-of-bounds memory read potentially resulting in information disclosure and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2017-2895 |
| CVE-2020-6059 | An exploitable out of bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out of bounds memory read which can result in sensitive information disclosure and Denial Of Service. In order to trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-6059 |
| CVE-2022-29178 | Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000 can access the API of Cilium via Unix domain socket available on the host where Cilium is running. This could allow malicious users to compromise integrity as well as system availability on that host. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. A potential workaround is to modify Cilium's DaemonSet to run with a certain command, which can be found in the GitHub Security Advisory for this vulnerability. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-29178 |
| CVE-2022-29179 | Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed, the attacker can escalate privileges to cluster admin by using Cilium's Kubernetes service account. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. There are no known workarounds available. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-29179 |
| CVE-2022-29181 | Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-29181 |
| CVE-2017-2882 | An exploitable vulnerability exists in the servers update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to overwrite sensitive files, resulting in code execution. An attacker needs to impersonate a remote server in order to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2882 |
| CVE-2017-2883 | An exploitable vulnerability exists in the database update functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause the device to execute arbitrary code. An attacker needs to impersonate a remote server in order to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2883 |
| CVE-2017-2835 | An exploitable code execution vulnerability exists in the RDP receive functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2835 |
| CVE-2017-2854 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2854 |
| CVE-2017-2856 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2856 |
| CVE-2017-2857 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2857 |
| CVE-2017-2855 | An exploitable buffer overflow vulnerability exists in the DDNS client used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. On devices with DDNS enabled, an attacker who is able to intercept HTTP connections will be able to fully compromise the device by creating a rogue HTTP server. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-2855 |
| CVE-2018-4015 | An exploitable vulnerability exists in the HTTP client functionality of the Webroot BrightCloud SDK. The configuration of the HTTP client does not enforce a secure connection by default, resulting in a failure to validate TLS certificates. An attacker could impersonate a remote BrightCloud server to exploit this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-4015 |
| CVE-2021-20190 | A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-20190 |
| CVE-2021-38161 | Improper Authentication vulnerability in TLS origin verification of Apache Traffic Server allows for man in the middle attacks. This issue affects Apache Traffic Server 8.0.0 to 8.0.8. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-38161 |
| CVE-2021-44759 | Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an attacker to create a man in the middle attack. This issue affects Apache Traffic Server 8.0.0 to 8.1.0. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-44759 |
| CVE-2022-25155 | Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-T2 all versions, Mitsubishi Electric MELSEC iQ-R series RJ71GN11-EIP all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by replaying an eavesdropped password hash. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25155 |
| CVE-2022-25156 | Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03UDECPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions, Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions, Mitsubishi Electric MELSEC Q series QJ72BR15 all versions, Mitsubishi Electric MELSEC Q series QJ72LP25(-25/G/GE) all versions, Mitsubishi Electric MELSEC L series L02/06/26CPU(-P) all versions, Mitsubishi Electric MELSEC L series L26CPU-(P)BT all versions, Mitsubishi Electric MELSEC L series LJ71C24(-R2) all versions, Mitsubishi Electric MELSEC L series LJ71E71-100 all versions and Mitsubishi Electric MELSEC L series LJ72GF15-T2 all versions allows a remote unauthenticated attacker to login to the product by using a password reversed from a previously eavesdropped password hash. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25156 |
| CVE-2022-25159 | Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to login to the product by replay attack. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25159 |
| CVE-2022-24903 | Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-24903 |
| CVE-2022-29878 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices use a limited range for challenges that are sent during the unencrypted challenge-response communication. An unauthenticated attacker could capture a valid challenge-response pair generated by a legitimate user, and request the webpage repeatedly to wait for the same challenge to reappear for which the correct response is known. This could allow the attacker to access the management interface of the device. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29878 |
| CVE-2022-28998 | Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28998 |
| CVE-2022-1850 | Path Traversal in GitHub repository filegator/filegator prior to 7.8.0. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-1850 |
| CVE-2022-29248 | Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with ['cookies' => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29248 |
| CVE-2022-1907 | Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-1907 |
| CVE-2022-1908 | Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-1908 |
| CVE-2020-2196 | Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection for its HTTP endpoints, allowing attackers to perform all administrative actions provided by the plugin. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2020-2196 |
| CVE-2021-4157 | An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4157 |
| CVE-2017-6429 | Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 Beta 1 allows remote attackers to have unspecified impact via a pcap file with an over-size packet. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-6429 |
| CVE-2017-2863 | An out-of-bounds write vulnerability exists in the PDF parsing functionality of Infix 7.1.5. A specially crafted PDF file can cause a vulnerability resulting in potential memory corruption. An attacker can send the victim a specific PDF file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2863 |
| CVE-2017-2862 | An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2862 |
| CVE-2017-2870 | An exploitable integer overflow vulnerability exists in the tiff_image_parse functionality of Gdk-Pixbuf 2.36.6 when compiled with Clang. A specially crafted tiff file can cause a heap-overflow resulting in remote code execution. An attacker can send a file or a URL to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2870 |
| CVE-2017-14266 | tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-14266 |
| CVE-2017-2880 | An memory corruption vulnerability exists in the .GIF parsing functionality of Computerinsel Photoline 20.02. A specially crafted .GIF file can cause a vulnerability resulting in potential code execution. An attacker can send specific .GIF file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2880 |
| CVE-2017-2896 | An exploitable out-of-bounds write vulnerability exists in the xls_mergedCells function of libxls 1.4. . A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2896 |
| CVE-2017-2886 | A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2886 |
| CVE-2017-2840 | A buffer overflow vulnerability exists in the ISO parsing functionality of EZB Systems UltraISO 9.6.6.3300. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can provide a specific .ISO file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-2840 |
| CVE-2018-4022 | A use-after-free vulnerability exists in the way MKVToolNix MKVINFO v25.0.0 handles the MKV (matroska) file format. A specially crafted MKV file can cause arbitrary code execution in the context of the current user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4022 |
| CVE-2018-4038 | An exploitable arbitrary write vulnerability exists in the open document format parser of the Atlantis Word Processor, version 3.2.7.2, while trying to null-terminate a string. A specially crafted document can allow an attacker to pass an untrusted value as a length to a constructor. This constructor will miscalculate a length and then use it to calculate the position to write a null byte. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4038 |
| CVE-2018-4039 | An exploitable out-of-bounds write vulnerability exists in the PNG implementation of Atlantis Word Processor, version 3.2.7.2. This can allow an attacker to corrupt memory, which can result in code execution under the context of the application. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4039 |
| CVE-2018-4040 | An exploitable uninitialized pointer vulnerability exists in the rich text format parser of Atlantis Word Processor, version 3.2.7.2. A specially crafted document can cause certain RTF tokens to dereference a pointer that has been uninitialized and then write to it. An attacker must convince a victim to open a specially crafted document in order to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4040 |
| CVE-2018-4054 | A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine to successfully exploit this flaw. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4054 |
| CVE-2018-4050 | An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally adjust folder permissions leading to execution of arbitrary code with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4050 |
| CVE-2018-4049 | An exploitable local privilege elevation vulnerability exists in the file system permissions of GOG Galaxy's “Games” directory, version 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of installed games to exploit this vulnerability and execute arbitrary code with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4049 |
| CVE-2018-4048 | An exploitable local privilege elevation vulnerability exists in the file system permissions of the `Temp` directory in GOG Galaxy 1.2.48.36 (Windows 64-bit Installer). An attacker can overwrite executables of the Desktop Galaxy Updater to exploit this vulnerability and execute arbitrary code with SYSTEM privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-4048 |
| CVE-2019-5012 | An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the startProcess command. The command takes a user-supplied script argument and executes it under root context. A user with local access can use this vulnerability to raise their privileges to root. An attacker would need local access to the machine for a successful exploit. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5012 |
| CVE-2019-5013 | An exploitable privilege escalation vulnerability exists in the Wacom, driver version 6.3.32-3, update helper service in the start/stopLaunchDProcess command. The command takes a user-supplied string argument and executes launchctl under root context. A user with local access can use this vulnerability to raise load arbitrary launchD agents. An attacker would need local access to the machine for a successful exploit. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5013 |
| CVE-2019-2201 | In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-120551338 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-2201 |
| CVE-2019-18276 | An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not equal to its real UID, it will drop privileges by setting its effective UID to its real UID. However, it does so incorrectly. On Linux and other systems that support "saved UID" functionality, the saved UID is not dropped. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. However, binaries running with an effective UID of 0 are unaffected. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-18276 |
| CVE-2020-3878 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may lead to arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-3878 |
| CVE-2020-9817 | A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Catalina 10.15.5. A malicious application may be able to gain root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-9817 |
| CVE-2020-7279 | DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-7279 |
| CVE-2020-6070 | An exploitable code execution vulnerability exists in the file system checking functionality of fsck.f2fs 1.12.0. A specially crafted f2fs file can cause a logic flaw and out-of-bounds heap operations, resulting in code execution. An attacker can provide a malicious file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-6070 |
| CVE-2020-7314 | Privilege Escalation Vulnerability in the installer in McAfee Data Exchange Layer (DXL) Client for Mac shipped with McAfee Agent (MA) for Mac prior to MA 5.6.6 allows local users to run commands as root via incorrectly applied permissions on temporary files. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-7314 |
| CVE-2020-9889 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-9889 |
| CVE-2020-13536 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary. By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13536 |
| CVE-2020-13537 | An exploitable local privilege elevation vulnerability exists in the file system permissions of Moxa MXView series 3.1.8 installation. Depending on the vector chosen, an attacker can either add code to a script or replace a binary.By default MXViewService, which starts as a NT SYSTEM authority user executes a series of Node.Js scripts to start additional application functionality and among them the mosquitto executable is also run. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13537 |
| CVE-2020-25989 | Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20. Successful exploitation of the issue may allow an attacker to execute code on the effected system with root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-25989 |
| CVE-2020-13542 | A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13542 |
| CVE-2020-13520 | An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13520 |
| CVE-2020-13544 | An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the loop’s index being used to write outside the bounds of a heap buffer during the reading of file data. An attacker can entice the victim to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13544 |
| CVE-2020-13545 | An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13545 |
| CVE-2020-13579 | An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13579 |
| CVE-2020-13580 | An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13580 |
| CVE-2020-13546 | In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-13546 |
| CVE-2021-26720 | avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26720 |
| CVE-2021-20226 | A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-20226 |
| CVE-2020-9967 | Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-9967 |
| CVE-2021-1737 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1737 |
| CVE-2021-1738 | An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1738 |
| CVE-2021-1772 | A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1772 |
| CVE-2021-25678 | A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2020 (All versions < SE2020MP14), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12529) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-25678 |
| CVE-2021-32457 | Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected devices. An attacker must first obtain the ability to execute low-privileged code on the target device in order to exploit this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32457 |
| CVE-2021-25698 | The OpenSSL component of the Teradici PCoIP Standard Agent prior to version 21.07.0 was compiled without the no-autoload-config option, which allowed an attacker to elevate to the privileges of the running process via placing a specially crafted dll in a build configuration directory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-25698 |
| CVE-2021-40444 | Microsoft MSHTML Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40444 |
| CVE-2021-41073 | loop_rw_iter in fs/io_uring.c in the Linux kernel 5.10 through 5.14.6 allows local users to gain privileges by using IORING_OP_PROVIDE_BUFFERS to trigger a free of a kernel buffer, as demonstrated by using /proc/<pid>/maps for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41073 |
| CVE-2021-42725 | Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42725 |
| CVE-2021-40161 | A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40161 |
| CVE-2022-23222 | kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23222 |
| CVE-2021-46363 | An issue in the Export function of Magnolia v6.2.3 and below allows attackers to perform Formula Injection attacks via crafted CSV/XLS files. These formulas may result in arbitrary code execution on a victim's computer when opening the exported files with Microsoft Excel. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46363 |
| CVE-2022-25365 | Docker Desktop before 4.5.1 on Windows allows attackers to move arbitrary files. NOTE: this issue exists because of an incomplete fix for CVE-2022-23774. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25365 |
| CVE-2022-0492 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0492 |
| CVE-2022-26490 | st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26490 |
| CVE-2022-0943 | Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0943 |
| CVE-2022-26526 | Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26526 |
| CVE-2021-4197 | An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4197 |
| CVE-2022-1055 | A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1055 |
| CVE-2021-39767 | In miniadb, there is a possible way to get read/write access to recovery system properties due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201308542 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39767 |
| CVE-2022-1160 | heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1160 |
| CVE-2022-28388 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28388 |
| CVE-2022-29156 | drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29156 |
| CVE-2022-27239 | In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27239 |
| CVE-2022-30594 | The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30594 |
| CVE-2021-26369 | A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26369 |
| CVE-2021-26317 | Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26317 |
| CVE-2021-26386 | A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26386 |
| CVE-2022-1116 | Integer Overflow or Wraparound vulnerability in io_uring of Linux Kernel allows local attacker to cause memory corruption and escalate privileges to root. This issue affects: Linux Kernel versions prior to 5.4.189; version 5.4.24 and later versions. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1116 |
| CVE-2022-29581 | Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29581 |
| CVE-2022-1356 | cnMaestro is vulnerable to a local privilege escalation. By default, a user does not have root privileges. However, a user can run scripts as sudo, which could allow an attacker to gain root privileges when running user scripts outside allowed commands. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1356 |
| CVE-2022-29162 | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29162 |
| CVE-2022-30065 | A use-after-free in Busybox 1.35-x's awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30065 |
| CVE-2021-42704 | Inkscape version 0.91 is vulnerable to an out-of-bounds write, which may allow an attacker to arbitrary execute code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42704 |
| CVE-2022-0883 | SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0883 |
| CVE-2020-4107 | HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-4107 |
| CVE-2022-24287 | A vulnerability has been identified in SIMATIC PCS 7 V9.0 and earlier (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). An authenticated attacker could escape the WinCC Kiosk Mode by opening the printer dialog in the affected application in case no printer is installed. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24287 |
| CVE-2022-26634 | HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26634 |
| CVE-2022-27653 | A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15594) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27653 |
| CVE-2022-29216 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29216 |
| CVE-2022-1809 | Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1809 |
| CVE-2022-26531 | Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26531 |
| CVE-2022-26532 | A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26532 |
| CVE-2021-32965 | Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32965 |
| CVE-2021-32969 | Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32969 |
| CVE-2021-42612 | A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42612 |
| CVE-2021-42613 | A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42613 |
| CVE-2021-42614 | A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42614 |
| CVE-2022-29333 | A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29333 |
| CVE-2022-1851 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1851 |
| CVE-2022-1886 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1886 |
| CVE-2022-1882 | A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1882 |
| CVE-2022-26720 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26720 |
| CVE-2022-26721 | A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26721 |
| CVE-2022-26722 | A memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26722 |
| CVE-2022-26736 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26736 |
| CVE-2022-26737 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26737 |
| CVE-2022-26738 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26738 |
| CVE-2022-26739 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26739 |
| CVE-2022-26740 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26740 |
| CVE-2022-26741 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26741 |
| CVE-2022-26742 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26742 |
| CVE-2022-26744 | A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26744 |
| CVE-2022-26747 | This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26747 |
| CVE-2022-26749 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26749 |
| CVE-2022-26750 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26750 |
| CVE-2022-26751 | A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26751 |
| CVE-2022-26752 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26752 |
| CVE-2022-26753 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26753 |
| CVE-2022-26754 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26754 |
| CVE-2022-26771 | A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26771 |
| CVE-2022-26772 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26772 |
| CVE-2022-26774 | A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26774 |
| CVE-2022-1898 | Use After Free in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1898 |
| CVE-2022-30190 | Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30190 |
| CVE-2018-4058 | An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-4058 |
| CVE-2016-4074 | The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-4074 |
| CVE-2017-4972 | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v257; UAA release 2.x versions prior to v2.7.4.14, 3.6.x versions prior to v3.6.8, 3.9.x versions prior to v3.9.10, and other versions prior to v3.15.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.12, 24.x versions prior to v24.7, and other versions prior to v30. An attacker can use a blind SQL injection attack to query the contents of the UAA database. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-4972 |
| CVE-2017-2830 | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2830 |
| CVE-2017-2831 | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2831 |
| CVE-2017-2865 | An exploitable vulnerability exists in the firmware update functionality of Circle with Disney. Specially crafted network packets can cause the product to run an attacker-supplied shell script. An attacker can intercept and alter network traffic to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2865 |
| CVE-2017-2884 | An exploitable vulnerability exists in the user photo update functionality of Circle with Disney running firmware 2.0.1. A repeated set of specially crafted API calls can cause the device to corrupt essential memory, resulting in a bricked device. An attacker needs network connectivity to the device to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2884 |
| CVE-2017-2889 | An exploitable Denial of Service vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A large amount of simultaneous TCP connections causes the APID daemon to repeatedly fork, causing the daemon to run out of memory and trigger a device reboot. An attacker needs network connectivity to the device to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2889 |
| CVE-2017-2893 | An exploitable NULL pointer dereference vulnerability exists in the MQTT packet parsing functionality of Cesanta Mongoose 6.8. An MQTT SUBSCRIBE packet can cause a NULL pointer dereference leading to server crash and denial of service. An attacker needs to send a specially crafted MQTT packet over the network to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2893 |
| CVE-2017-2861 | An exploitable Denial of Service vulnerability exists in the use of a return value in the NewProducerStream command in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out of bounds read resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2861 |
| CVE-2017-2833 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters resulting in command injection during the boot process. To trigger this vulnerability, an attacker needs to send an HTTP request and reboot the device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2833 |
| CVE-2017-2852 | An exploitable denial-of-service vulnerability exists in the unserialization of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2852 |
| CVE-2017-2858 | An exploitable denial-of-service vulnerability exists in the traversal of lists functionality of Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2858 |
| CVE-2017-2860 | An exploitable denial-of-service vulnerability exists in the lookup entry functionality of KeyTrees in Natus Xltek NeuroWorks 8. A specially crafted network packet can cause an out-of-bounds read, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2860 |
| CVE-2018-5387 | Wizkunde SAMLBase may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature, allowing the attack to potentially bypass authentication to SAML service providers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-5387 |
| CVE-2017-2874 | An information disclosure vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 can allow for a user to retrieve sensitive information without authentication. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2874 |
| CVE-2017-2878 | An exploitable buffer overflow vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can cause a buffer overflow resulting in overwriting arbitrary data. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2878 |
| CVE-2017-2876 | An exploitable buffer overflow vulnerability exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10000 can cause a buffer overflow resulting in overwriting arbitrary data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2876 |
| CVE-2018-20102 | An out-of-bounds read in dns_validate_dns_response in dns.c was discovered in HAProxy through 1.8.14. Due to a missing check when validating DNS responses, remote attackers might be able read the 16 bytes corresponding to an AAAA record from the non-initialized part of the buffer, possibly accessing anything that was left on the stack, or even past the end of the 8193-byte buffer, depending on the value of accepted_payload_size. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-20102 |
| CVE-2018-20103 | An issue was discovered in dns.c in HAProxy through 1.8.14. In the case of a compressed pointer, a crafted packet can trigger infinite recursion by making the pointer point to itself, or create a long chain of valid pointers resulting in stack exhaustion. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-20103 |
| CVE-2018-4030 | An exploitable vulnerability exists the safe browsing function of the CUJO Smart Firewall, version 7003. The bug lies in the way the safe browsing function parses HTTP requests. The "Host" header is incorrectly extracted from captured HTTP requests, which would allow an attacker to visit any malicious websites and bypass the firewall. An attacker could send an HTTP request to exploit this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4030 |
| CVE-2018-4024 | An exploitable denial-of-service vulnerability exists in the thumbnail display functionality of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a null pointer dereference, resulting in a device reboot. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4024 |
| CVE-2018-4025 | An exploitable denial-of-service vulnerability exists in the XML_GetRawEncJpg Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an invalid memory dereference, resulting in a device reboot. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4025 |
| CVE-2018-4026 | An exploitable denial-of-service vulnerability exists in the XML_GetScreen Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted set of packets can cause an invalid memory dereference, resulting in a device reboot. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4026 |
| CVE-2018-4027 | An exploitable denial-of-service vulnerability exists in the XML_UploadFile Wi-Fi command of the NT9665X Chipset firmware, running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause a semaphore deadlock, which prevents the device from receiving any physical or network inputs. An attacker can send a specially crafted packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4027 |
| CVE-2018-4028 | An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. The HTTP server could allow an attacker to overwrite the root directory of the server, resulting in a denial of service. An attacker can send an HTTP POST request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4028 |
| CVE-2019-5040 | An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet can cause an integer overflow to occur, resulting in PacketBuffer data reuse. An attacker can send a packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5040 |
| CVE-2019-18277 | A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request smuggling attack against a vulnerable component employing a lenient parser that would ignore the content-length header as soon as it saw a transfer-encoding one (even if not entirely valid according to the specification). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-18277 |
| CVE-2019-5010 | An exploitable denial-of-service vulnerability exists in the X509 certificate parser of Python.org Python 2.7.11 / 3.6.6. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. An attacker can initiate or accept TLS connections using crafted certificates to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5010 |
| CVE-2019-18976 | An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives a re-invite initiating T.38 faxing and has a port of 0 and no c line in the SDP, a NULL pointer dereference and crash will occur. This is different from CVE-2019-18940. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-18976 |
| CVE-2019-12399 | When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config providers, and a connector is created/updated on that Connect cluster to use an externalized secret variable in a substring of a connector configuration property value, then any client can issue a request to the same Connect cluster to obtain the connector's task configuration and the response will contain the plaintext secret rather than the externalized secrets variables. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-12399 |
| CVE-2019-20388 | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-20388 |
| CVE-2020-6060 | A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple connections to the server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6060 |
| CVE-2020-6062 | An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6062 |
| CVE-2020-6071 | An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6071 |
| CVE-2020-6073 | An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6073 |
| CVE-2020-6077 | An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-6077 |
| CVE-2020-9844 | A double free issue was addressed with improved memory management. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-9844 |
| CVE-2020-4031 | In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-4031 |
| CVE-2020-8620 | In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-8620 |
| CVE-2019-20916 | The pip package before 19.2 for Python allows Directory Traversal when a URL is given in an install command, because a Content-Disposition header can have ../ in a filename, as demonstrated by overwriting the /root/.ssh/authorized_keys file. This occurs in _download_http_url in _internal/download.py. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-20916 |
| CVE-2020-13530 | A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13530 |
| CVE-2020-28852 | In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-28852 |
| CVE-2020-13573 | A denial-of-service vulnerability exists in the Ethernet/IP server functionality of Rockwell Automation RSLinx Classic 2.57.00.14 CPR 9 SR 3. A specially crafted network request can lead to a denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13573 |
| CVE-2020-13559 | A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13559 |
| CVE-2020-13582 | A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13582 |
| CVE-2021-27218 | An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-27218 |
| CVE-2021-27219 | An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The function g_bytes_new has an integer overflow on 64-bit platforms due to an implicit cast from 64 bits to 32 bits. The overflow could potentially lead to memory corruption. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-27219 |
| CVE-2021-26119 | Smarty before 3.1.39 allows a Sandbox Escape because $smarty.template_object can be accessed in sandbox mode. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26119 |
| CVE-2021-20230 | A flaw was found in stunnel before 5.57, where it improperly validates client certificates when it is configured to use both redirect and verifyChain options. This flaw allows an attacker with a certificate signed by a Certificate Authority, which is not the one accepted by the stunnel server, to access the tunneled service instead of being redirected to the address specified in the redirect option. The highest threat from this vulnerability is to confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20230 |
| CVE-2021-30638 | Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to Apache Tapestry 5.6.3; Apache Tapestry 5.7.0 version and Apache Tapestry 5.7.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30638 |
| CVE-2021-33038 | An issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example, sensitive information might be available on the web for an hour during a large migration from Mailman 2 to Mailman 3. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33038 |
| CVE-2021-33194 | golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33194 |
| CVE-2021-33506 | jitsi-meet-prosody in Jitsi Meet before 2.0.5963-1 does not ensure that restrict_room_creation is set by default. This can allow an attacker to circumvent conference moderation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33506 |
| CVE-2021-22116 | RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0 client connection endpoint. A malicious user can exploit the vulnerability by sending malicious AMQP messages to the target RabbitMQ instance having the AMQP 1.0 plugin enabled. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-22116 |
| CVE-2021-21995 | OpenSLP as used in ESXi has a denial-of-service vulnerability due a heap out-of-bounds read issue. A malicious actor with network access to port 427 on ESXi may be able to trigger a heap out-of-bounds read in OpenSLP service resulting in a denial-of-service condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21995 |
| CVE-2021-38593 | Qt 5.x before 5.15.6 and 6.x through 6.1.2 has an out-of-bounds write in QOutlineMapper::convertPath (called from QRasterPaintEngine::fill and QPaintEngineEx::stroke). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-38593 |
| CVE-2021-39371 | An XML external entity (XXE) injection in PyWPS before 4.4.5 allows an attacker to view files on the application server filesystem by assigning a path to the entity. OWSLib 0.24.1 may also be affected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-39371 |
| CVE-2021-42697 | Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42697 |
| CVE-2021-37147 | Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37147 |
| CVE-2021-37148 | Improper input validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.0.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37148 |
| CVE-2021-37149 | Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to smuggle requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.2 and 9.0.0 to 9.1.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37149 |
| CVE-2021-40359 | A vulnerability has been identified in OpenPCS 7 V8.2 (All versions), OpenPCS 7 V9.0 (All versions < V9.0 Upd4), OpenPCS 7 V9.1 (All versions), SIMATIC BATCH V8.2 (All versions), SIMATIC BATCH V9.0 (All versions), SIMATIC BATCH V9.1 (All versions), SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions), SIMATIC NET PC Software V17 (All versions < V17 SP1), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC04), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC Route Control V8.2 (All versions), SIMATIC Route Control V9.0 (All versions), SIMATIC Route Control V9.1 (All versions), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 5). When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40359 |
| CVE-2021-20609 | Uncontrolled Resource Consumption vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, MELSEC iQ-R Series R16/32/64MTCPU Operating system software version "23" and prior, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU The first 5 digits of serial No. "23121" and prior, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. "23121" and prior, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. "24031" and prior, MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. "24031" and prior, MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. "24031" and prior, MELSEC Q Series MR-MQ100 Operating system software version "F" and prior, MELSEC Q Series Q172/173DCPU-S1 Operating system software version "W" and prior, MELSEC Q Series Q172/173DSCPU All versions, MELSEC Q Series Q170MCPU Operating system software version "W" and prior, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. "23121" and prior, MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. "23121" and prior and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20609 |
| CVE-2021-20610 | Improper Handling of Length Parameter Inconsistency vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, MELSEC iQ-R Series R16/32/64MTCPU Operating system software version "23" and prior, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU The first 5 digits of serial No. "23121" and prior, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. "23121" and prior, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. "24031" and prior, MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. "24031" and prior, MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. "24031" and prior, MELSEC Q Series MR-MQ100 Operating system software version "F" and prior, MELSEC Q Series Q172/173DCPU-S1 Operating system software version "W" and prior, MELSEC Q Series Q172/173DSCPU All versions, MELSEC Q Series Q170MCPU Operating system software version "W" and prior, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. "23121" and prior, MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. "23121" and prior and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20610 |
| CVE-2021-20611 | Improper Input Validation vulnerability in MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, MELSEC iQ-R Series R08/16/32/120SFCPU All versions, MELSEC iQ-R Series R08/16/32/120PCPU Firmware versions "29" and prior, MELSEC iQ-R Series R08/16/32/120PSFCPU Firmware versions "08" and prior, MELSEC iQ-R Series R16/32/64MTCPU Operating system software version "23" and prior, MELSEC iQ-R Series R12CCPU-V All versions, MELSEC Q Series Q03UDECPU The first 5 digits of serial No. "23121" and prior, MELSEC Q Series Q04/06/10/13/20/26/50/100UDEHCPU The first 5 digits of serial No. "23121" and prior, MELSEC Q Series Q03/04/06/13/26UDVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q04/06/13/26UDPVCPU The first 5 digits of serial No. "23071" and prior, MELSEC Q Series Q12DCCPU-V The first 5 digits of serial No. "24031" and prior, MELSEC Q Series Q24DHCCPU-V(G) The first 5 digits of serial No. "24031" and prior, MELSEC Q Series Q24/26DHCCPU-LS The first 5 digits of serial No. "24031" and prior, MELSEC Q Series MR-MQ100 Operating system software version "F" and prior, MELSEC Q Series Q172/173DCPU-S1 Operating system software version "W" and prior, MELSEC Q Series Q172/173DSCPU All versions, MELSEC Q Series Q170MCPU Operating system software version "W" and prior, MELSEC Q Series Q170MSCPU(-S1) All versions, MELSEC L Series L02/06/26CPU(-P) The first 5 digits of serial No. "23121" and prior, MELSEC L Series L26CPU-(P)BT The first 5 digits of serial No. "23121" and prior and MELIPC Series MI5122-VW All versions allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by sending specially crafted packets. System reset is required for recovery. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20611 |
| CVE-2021-42717 | ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worker processes for minutes and consume almost all of the available CPU on the machine. Modsecurity 2 is similarly vulnerable: the affected versions include 2.8.0 through 2.9.4. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42717 |
| CVE-2021-41141 | PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-41141 |
| CVE-2021-38694 | SoftVibe SARABAN for INFOMA 1.1 allows SQL Injection. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-38694 |
| CVE-2021-38696 | SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to access signature files on the application without any authentication. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-38696 |
| CVE-2021-22570 | Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-22570 |
| CVE-2021-46669 | MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46669 |
| CVE-2022-21698 | client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21698 |
| CVE-2021-25636 | LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occurred since the last signing and that the signature is valid. An Improper Certificate Validation vulnerability in LibreOffice allowed an attacker to create a digitally signed ODF document, by manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag, which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.5. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-25636 |
| CVE-2022-23308 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23308 |
| CVE-2021-42016 | A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42016 |
| CVE-2021-42020 | A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42020 |
| CVE-2022-24713 | regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it's considered part of the crate's API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it's possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24713 |
| CVE-2022-0778 | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0778 |
| CVE-2022-26353 | A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26353 |
| CVE-2022-0667 | When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0667 |
| CVE-2022-0635 | Versions affected: BIND 9.18.0 When a vulnerable version of named receives a series of specific queries, the named process will eventually terminate due to a failed assertion check. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0635 |
| CVE-2021-44040 | Improper Input Validation vulnerability in request line parsing of Apache Traffic Server allows an attacker to send invalid requests. This issue affects Apache Traffic Server 8.0.0 to 8.1.3 and 9.0.0 to 9.1.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44040 |
| CVE-2022-24763 | PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24763 |
| CVE-2022-24793 | PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that uses PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. A patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. A workaround is to disable DNS resolution in PJSIP config (by setting `nameserver_count` to zero) or use an external resolver instead. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24793 |
| CVE-2022-27385 | An issue in the component Used_tables_and_const_cache::used_tables_and_const_cache_join of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27385 |
| CVE-2022-27449 | MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/item_func.cc:148. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27449 |
| CVE-2022-29153 | HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29153 |
| CVE-2022-24675 | encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24675 |
| CVE-2022-28327 | The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28327 |
| CVE-2022-24792 | PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24792 |
| CVE-2022-1473 | The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1473 |
| CVE-2022-20770 | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20770 |
| CVE-2022-20771 | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20771 |
| CVE-2022-20785 | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20785 |
| CVE-2022-30293 | In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30293 |
| CVE-2022-29298 | SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29298 |
| CVE-2022-1723 | Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.6. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1723 |
| CVE-2022-1711 | Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.5. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1711 |
| CVE-2022-1358 | The affected On-Premise is vulnerable to data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate and dump all data held in the cnMaestro database. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1358 |
| CVE-2022-1359 | The affected On-Premise cnMaestro is vulnerable to an arbitrary file-write through improper limitation of a pathname to a restricted directory inside a specific route. If an attacker supplied path traversal charters (../) as part of a filename, the server will save the file where the attacker chooses. This could allow an attacker to write any data to any file in the server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1359 |
| CVE-2022-1361 | The affected On-Premise cnMaestro is vulnerable to a pre-auth data exfiltration through improper neutralization of special elements used in an SQL command. This could allow an attacker to exfiltrate data about other user’s accounts and devices. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1361 |
| CVE-2022-30990 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30990 |
| CVE-2022-30993 | Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30993 |
| CVE-2022-30994 | Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30994 |
| CVE-2022-1670 | When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1670 |
| CVE-2022-1183 | On vulnerable configurations, the named daemon may, in some circumstances, terminate with an assertion failure. Vulnerable configurations are those that include a reference to http within the listen-on statements in their named.conf. TLS is used by both DNS over TLS (DoT) and DNS over HTTPS (DoH), but configurations using DoT alone are unaffected. Affects BIND 9.18.0 -> 9.18.2 and version 9.19.0 of the BIND 9.19 development branch. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1183 |
| CVE-2021-26631 | Improper input validation vulnerability in Mangboard commerce package could lead to occur for abnormal request. A remote attacker can exploit this vulnerability to manipulate the total order amount into a negative number and then pay for the order. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26631 |
| CVE-2021-32934 | The affected ThroughTek P2P products (SDKs using versions before 3.1.5, any versions with nossl tag, device firmware not using AuthKey for IOTC conneciton, firmware using AVAPI module without enabling DTLS mechanism, and firmware using P2PTunnel or RDT module) do not sufficiently protect data transferred between the local device and ThroughTek servers. This can allow an attacker to access sensitive information, such as camera feeds. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32934 |
| CVE-2022-1413 | Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 causes potentially sensitive integration properties to be disclosed in the web interface | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1413 |
| CVE-2022-30618 | An authenticated user with access to the Strapi admin panel can view private and sensitive data, such as email and password reset tokens, for API users if content types accessible to the authenticated user contain relationships to API users (from:users-permissions). There are many scenarios in which such details from API users can leak in the JSON response within the admin panel, either through a direct or indirect relationship. Access to this information enables a user to compromise these users’ accounts if the password reset API endpoints have been enabled. In a worst-case scenario, a low-privileged user could get access to a high-privileged API account, and could read and modify any data as well as block access to both the admin panel and API by revoking privileges for all other users. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30618 |
| CVE-2022-28948 | An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28948 |
| CVE-2022-30551 | OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30551 |
| CVE-2022-1784 | Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1784 |
| CVE-2022-24044 | A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24044 |
| CVE-2022-21195 | All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21195 |
| CVE-2022-24434 | This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24434 |
| CVE-2022-29190 | Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29190 |
| CVE-2022-29215 | RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29215 |
| CVE-2022-31264 | Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31264 |
| CVE-2022-31268 | A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31268 |
| CVE-2022-28874 | Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28874 |
| CVE-2022-28997 | CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28997 |
| CVE-2022-29309 | mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29309 |
| CVE-2021-42248 | GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42248 |
| CVE-2022-29217 | PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29217 |
| CVE-2022-29219 | Lodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted `AttesterSlashing` or `ProposerSlashing` being included on-chain. Because the developers represent `uint64` values as native javascript `number`s, there is an issue when those variables with large (greater than 2^53) `uint64` values are included on chain. In those cases, Lodestar may view valid_`AttesterSlashing` or `ProposerSlashing` as invalid, due to rounding errors in large `number` values. This causes a consensus split, where Lodestar nodes are forked away from the main network. Similarly, Lodestar may consider invalid `ProposerSlashing` as valid, thus including in proposed blocks that will be considered invalid by the network. Version 0.36.0 contains a fix for this issue. As a workaround, use `BigInt` to represent `Slot` and `Epoch` values in `AttesterSlashing` and `ProposerSlashing` objects. `BigInt` is too slow to be used in all `Slot` and `Epoch` cases, so one may carefully use `BigInt` just where necessary for consensus. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29219 |
| CVE-2022-29242 | GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1 contains a patch for this issue. Disabling ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is a possible workaround. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29242 |
| CVE-2022-29567 | The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29567 |
| CVE-2021-4230 | A vulnerability has been found in Airfield Online and classified as problematic. This vulnerability affects the path /backups/ of the MySQL backup handler. An attacker is able to get access to sensitive data without proper authentication. It is recommended to the change the configuration settings. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-4230 |
| CVE-2022-29249 | JavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29249 |
| CVE-2022-22497 | IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22497 |
| CVE-2022-1815 | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1815 |
| CVE-2022-1678 | An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1678 |
| CVE-2022-26026 | A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26026 |
| CVE-2022-26043 | An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26043 |
| CVE-2022-26067 | An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26067 |
| CVE-2022-26077 | A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26077 |
| CVE-2022-26303 | An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26303 |
| CVE-2022-27169 | An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27169 |
| CVE-2022-31651 | In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31651 |
| CVE-2022-29720 | 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \\index\\controller\\Download.php. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29720 |
| CVE-2022-30473 | Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30473 |
| CVE-2022-30475 | Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30475 |
| CVE-2022-22673 | This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22673 |
| CVE-2018-15801 | Spring Security versions 5.1.x prior to 5.1.2 contain an authorization bypass vulnerability during JWT issuer validation. In order to be impacted, the same private key for an honest issuer and a malicious user must be used when signing JWTs. In that case, a malicious user could fashion signed JWTs with the malicious issuer URL that may be granted for the honest issuer. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-15801 |
| CVE-2021-22212 | ntpkeygen can generate keys that ntpd fails to parse. NTPsec 1.2.0 allows ntpkeygen to generate keys with '#' characters. ntpd then either pads, shortens the key, or fails to load these keys entirely, depending on the key type and the placement of the '#'. This results in the administrator not being able to use the keys as expected or the keys are shorter than expected and easier to brute-force, possibly resulting in MITM attacks between ntp clients and ntp servers. For short AES128 keys, ntpd generates a warning that it is padding them. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-22212 |
| CVE-2022-26505 | A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-26505 |
| CVE-2021-3412 | It was found that all versions of 3Scale developer portal lacked brute force protections. An attacker could use this gap to bypass login controls, and access privileged information, or possibly conduct further attacks. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-3412 |
| CVE-2022-1362 | The affected On-Premise cnMaestro is vulnerable inside a specific route where a user can upload a crafted package to the system. An attacker could abuse this user-controlled data to execute arbitrary commands on the server. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-1362 |
| CVE-2022-31467 | A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-31467 |
| CVE-2017-4991 | An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v260; UAA release 2.x versions prior to v2.7.4.16, 3.6.x versions prior to v3.6.10, 3.9.x versions prior to v3.9.12, and other versions prior to v3.17.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.14, 24.x versions prior to v24.9, 30.x versions prior to 30.2, and other versions prior to v36. Privileged users in one zone are allowed to perform a password reset for users in a different zone. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2017-4991 |
| CVE-2017-2851 | In the web management interface in Foscam C1 Indoor HD cameras with application firmware 2.52.2.37, a specially crafted HTTP request can cause a buffer overflow. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2017-2851 |
| CVE-2017-2832 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during a password change resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2017-2832 |
| CVE-2017-2872 | Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A HTTP request can allow for a user to perform a firmware upgrade using a crafted image. Before any firmware upgrades in this image are flashed to the device, binaries as well as arguments to shell commands contained in the image are executed with elevated privileges. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2017-2872 |
| CVE-2017-2873 | An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during the SoftAP configuration resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2017-2873 |
| CVE-2018-4019 | An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_normal_mode` parameter. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-4019 |
| CVE-2018-4020 | An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_ac_mode` POST parameter parameter. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-4020 |
| CVE-2018-4021 | An exploitable command injection vulnerability exists in the way Netgate pfSense CE 2.4.4-RELEASE processes the parameters of a specific POST request. The attacker can exploit this and gain the ability to execute arbitrary commands on the system. An attacker needs to be able to send authenticated POST requests to the administration web interface. Command injection is possible in the `powerd_battery_mode` POST parameter. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-4021 |
| CVE-2020-8816 | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-8816 |
| CVE-2020-8218 | A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-8218 |
| CVE-2021-25146 | A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-25146 |
| CVE-2022-24734 | MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type `php` with PHP code, executed on on _Change Settings_ pages. This results in a Remote Code Execution (RCE) vulnerability. The vulnerable module requires Admin CP access with the `Can manage settings?` permission. MyBB's Settings module, which allows administrators to add, edit, and delete non-default settings, stores setting data in an options code string ($options_code; mybb_settings.optionscode database column) that identifies the setting type and its options, separated by a new line character (\\n). In MyBB 1.2.0, support for setting type php was added, for which the remaining part of the options code is PHP code executed on Change Settings pages (reserved for plugins and internal use). MyBB 1.8.30 resolves this issue. There are no known workarounds. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-24734 |
| CVE-2022-26639 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26639 |
| CVE-2022-26640 | TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-26640 |
| CVE-2022-29229 | CaSS is a Competency and Skills System. CaSS Library, (npm:cassproject) has a missing cryptographic step when storing cryptographic keys that can allow a server administrator access to an account’s cryptographic keys. This affects CaSS servers using standalone username/password authentication, which uses a method that expects e2e cryptographic security of authorization credentials. The issue has been patched in 1.5.8, however, the vulnerable accounts are only resecured when the user next logs in using standalone authentication, as the data required to resecure the account is not available to the server. The issue may be mitigated by using SSO or client side certificates to log in. Please note that SSO and client side certificate authentication does not have this expectation of no-knowledge credential access, and cryptographic keys are available to the server administrator. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-29229 |
| CVE-2021-30028 | SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials (the admin password for the admin account) to access the TELNET service, allowing attackers to erase/read/write the firmware remotely. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-30028 |
| CVE-2022-29447 | Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-29447 |
| CVE-2022-1837 | A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-1837 |
| CVE-2022-1838 | A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-1838 |
| CVE-2022-29651 | An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-29651 |
| CVE-2022-22127 | Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-22127 |
| CVE-2019-14822 | A flaw was discovered in ibus in versions before 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-14822 |
| CVE-2020-9842 | An entitlement parsing issue was addressed with improved parsing. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application could interact with system processes to access private information and perform privileged actions. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-9842 |
| CVE-2020-13522 | An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-13522 |
| CVE-2021-3743 | An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-3743 |
| CVE-2021-3739 | A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel, where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-3739 |
| CVE-2021-26366 | An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-26366 |
| CVE-2022-28964 | An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28964 |
| CVE-2022-29208 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values for `loc`. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29208 |
| CVE-2022-26773 | A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-26773 |
| CVE-2017-2834 | An exploitable code execution vulnerability exists in the authentication functionality of FreeRDP 2.0.0-beta1+android11. A specially crafted server response can cause an out-of-bounds write resulting in an exploitable condition. An attacker can compromise the server or use a man in the middle attack to trigger this vulnerability. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2017-2834 |
| CVE-2020-9839 | A race condition was addressed with improved state handling. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. An application may be able to gain elevated privileges. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2020-9839 |
| CVE-2020-7311 | Privilege Escalation vulnerability in the installer in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to assume SYSTEM rights during the installation of MA via manipulation of log files. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2020-7311 |
| CVE-2021-44733 | A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2021-44733 |
| CVE-2021-4202 | A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2021-4202 |
| CVE-2022-29518 | Screen Creator Advance2, HMI GC-A2 series, and Real time remote monitoring and control tool Screen Creator Advance2 versions prior to Ver.0.1.1.3 Build01, HMI GC-A2 series(GC-A22W-CW, GC-A24W-C(W), GC-A26W-C(W), GC-A24, GC-A24-M, GC-A25, GC-A26, and GC-A26-J2), and Real time remote monitoring and control tool(Remote GC) allows a local attacker to bypass authentication due to the improper check for the Remote control setting's account names. This may allow attacker who can access the HMI from Real time remote monitoring and control tool may perform arbitrary operations on the HMI. As a result, the information stored in the HMI may be disclosed, deleted or altered, and/or the equipment may be illegally operated via the HMI. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-29518 |
| CVE-2022-1734 | A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-1734 |
| CVE-2022-31466 | Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-31466 |
| CVE-2022-26743 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.4. An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-26743 |
| CVE-2020-7310 | Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file. | 6.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-7310 |
| CVE-2022-1803 | Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. | 6.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-1803 |
| CVE-2020-7459 | In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-7459 |
| CVE-2022-29402 | TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29402 |
| CVE-2022-26865 | Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26865 |
| CVE-2022-30784 | A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30784 |
| CVE-2020-7263 | Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-7263 |
| CVE-2020-7315 | DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-7315 |
| CVE-2020-7327 | Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-7327 |
| CVE-2020-8738 | Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-8738 |
| CVE-2021-20077 | Nessus versions 8.13.2 and earlier were found to contain a privilege escalation vulnerability which could allow a Nessus administrator user to upload a specially crafted file that could lead to gaining administrator privileges on the Nessus host. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-20077 |
| CVE-2021-28972 | In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-28972 |
| CVE-2021-3543 | A flaw null pointer dereference in the Nitro Enclaves kernel driver was found in the way that Enclaves VMs forces closures on the enclave file descriptor. A local user of a host machine could use this flaw to crash the system or escalate their privileges on the system. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-3543 |
| CVE-2022-20064 | In ccci, there is a possible leak of kernel pointer due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108617; Issue ID: ALPS06108617. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20064 |
| CVE-2022-31258 | In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-31258 |
| CVE-2022-29256 | sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the `PKG_CONFIG_PATH` environment variable in a build environment then they might be able to use this to inject an arbitrary command at `npm install` time. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their build environment. This problem is fixed in version 0.30.5. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-29256 |
| CVE-2022-24417 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-24417 |
| CVE-2022-24418 | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-24418 |
| CVE-2022-30783 | An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-30783 |
| CVE-2016-4055 | The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)." | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-4055 |
| CVE-2017-2829 | An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but a failure to adequately filter characters results in allowing an attacker to specify a file outside of a directory. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-2829 |
| CVE-2018-6972 | VMware ESXi (6.7 before ESXi670-201806401-BG, 6.5 before ESXi650-201806401-BG, 6.0 before ESXi600-201806401-BG and 5.5 before ESXi550-201806401-BG), Workstation (14.x before 14.1.2), and Fusion (10.x before 10.1.2) contain a denial-of-service vulnerability due to NULL pointer dereference issue in RPC handler. Successful exploitation of this issue may allow attackers with normal user privileges to crash their VMs. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-6972 |
| CVE-2019-13453 | Zipios before 0.1.7 does not properly handle certain malformed zip archives and can go into an infinite loop, causing a denial of service. This is related to zipheadio.h:readUint32() and zipfile.cpp:Zipfile::Zipfile(). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-13453 |
| CVE-2019-3740 | RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-3740 |
| CVE-2015-5239 | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2015-5239 |
| CVE-2020-8139 | A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-download shares to be downloadable when appending /download to the URL. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-8139 |
| CVE-2020-4033 | In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-4033 |
| CVE-2020-8193 | Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-8193 |
| CVE-2020-15230 | Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-15230 |
| CVE-2020-11641 | A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11641 |
| CVE-2020-11642 | The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11642 |
| CVE-2020-11644 | The information disclosure vulnerability present in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to generate fake audit log messages. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11644 |
| CVE-2020-11645 | A denial of service vulnerability in B&R GateManager 4260 and 9250 versions <9.0.20262 and GateManager 8250 versions <9.2.620236042 allows authenticated users to limit availability of GateManager instances. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11645 |
| CVE-2020-28242 | An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-28242 |
| CVE-2021-21336 | Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.0 and re-run the buildout, or if you used pip simply do `pip install "Products.PluggableAuthService>=2.6.0"`. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-21336 |
| CVE-2021-25145 | A remote unauthorized disclosure of information vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-25145 |
| CVE-2021-29470 | Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 versions v0.27.3 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. For example, to trigger the bug in the Exiv2 command-line application, you need to add an extra command-line argument such as insert. The bug is fixed in version v0.27.4. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-29470 |
| CVE-2021-33620 | Squid before 4.15 and 5.x before 5.0.6 allows remote servers to cause a denial of service (affecting availability to all clients) via an HTTP response. The issue trigger is a header that can be expected to exist in HTTP traffic without any malicious intent by the server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33620 |
| CVE-2021-43946 | Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers to add administrator groups to filter subscriptions via a Broken Access Control vulnerability in the /secure/EditSubscription.jspa endpoint. The affected versions are before version 8.21.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43946 |
| CVE-2022-24197 | iText v7.1.17 was discovered to contain a stack-based buffer overflow via the component ByteBuffer.append, which allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24197 |
| CVE-2021-3658 | bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the bluetooth stack to physically nearby attackers. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3658 |
| CVE-2021-3667 | An improper locking issue was found in the virStoragePoolLookupByTargetPath API of libvirt. It occurs in the storagePoolLookupByTargetPath function where a locked virStoragePoolObj object is not properly released on ACL permission failure. Clients connecting to the read-write socket with limited ACL permissions could use this flaw to acquire the lock and prevent other users from accessing storage pool/volume APIs, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3667 |
| CVE-2021-3677 | A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include max_worker_processes=0, the known versions of this attack are infeasible. However, undiscovered variants of the attack may be independent of that setting. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3677 |
| CVE-2021-3638 | An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid values for the destination display parameters. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3638 |
| CVE-2021-37209 | A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions), RUGGEDCOM ROS RSG2300 (All versions), RUGGEDCOM ROS RSG2300P (All versions), RUGGEDCOM ROS RSG2488 (All versions), RUGGEDCOM ROS RSG907R (All versions), RUGGEDCOM ROS RSG908C (All versions), RUGGEDCOM ROS RSG909R (All versions), RUGGEDCOM ROS RSG910C (All versions), RUGGEDCOM ROS RSG920P (All versions), RUGGEDCOM ROS RSL910 (All versions), RUGGEDCOM ROS RST2228 (All versions), RUGGEDCOM ROS RST2228P (All versions), RUGGEDCOM ROS RST916C (All versions), RUGGEDCOM ROS RST916P (All versions), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). Unencrypted storage of passwords in the client configuration files and during network transmission could allow an attacker in a privileged position to obtain access passwords. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37209 |
| CVE-2021-3733 | There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3733 |
| CVE-2022-0830 | The FormBuilder WordPress plugin through 1.08 does not have CSRF checks in place when creating/updating and deleting forms, and does not sanitise as well as escape its form field values. As a result, attackers could make logged in admin update and delete arbitrary forms via a CSRF attack, and put Cross-Site Scripting payloads in them. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0830 |
| CVE-2021-20464 | IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20464 |
| CVE-2021-38904 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user's browser via incorrect autocomplete settings. IBM X-Force ID: 209693. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-38904 |
| CVE-2022-29824 | In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don't check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2's buffer functions, for example libxslt through 1.1.35, is affected as well. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29824 |
| CVE-2021-46744 | An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46744 |
| CVE-2021-36613 | Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-36613 |
| CVE-2021-36614 | Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-36614 |
| CVE-2022-31215 | In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31215 |
| CVE-2022-24045 | A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a successful login, sets the session cookie on the browser via client-side JavaScript code, without applying any security attributes (such as “Secure”, “HttpOnly”, or “SameSite”). Any attempts to browse the application via unencrypted HTTP protocol would lead to the transmission of all his/her session cookies in plaintext through the network. An attacker could then be able to sniff the network and capture sensitive information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24045 |
| CVE-2022-27640 | A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial of service condition by performing ARP storming attacks, which can cause the device to reboot. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27640 |
| CVE-2022-29877 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices allow unauthenticated access to the web interface configuration area. This could allow an attacker to extract internal configuration details or to reconfigure network settings. However, the reconfigured settings cannot be activated unless the role of an authenticated administrator user. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29877 |
| CVE-2022-29879 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow authenticated users to access critical device information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29879 |
| CVE-2022-29188 | Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way of a deny list. There was an issue in Smokescreen that made it possible to bypass the deny list feature by surrounding the hostname with square brackets (e.g. `[example.com]`). This only impacted the HTTP proxy functionality of Smokescreen. HTTPS requests were not impacted. Smokescreen version 0.0.4 contains a patch for this issue. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29188 |
| CVE-2021-41834 | JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-41834 |
| CVE-2021-41714 | In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-41714 |
| CVE-2022-0910 | A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0910 |
| CVE-2021-42659 | There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42659 |
| CVE-2022-29405 | In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8 | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29405 |
| CVE-2021-35487 | Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35487 |
| CVE-2022-1348 | A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1348 |
| CVE-2021-27783 | User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-27783 |
| CVE-2022-31620 | In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31620 |
| CVE-2021-42692 | There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42692 |
| CVE-2022-20809 | Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20809 |
| CVE-2022-20821 | A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20821 |
| CVE-2022-24414 | Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24414 |
| CVE-2022-30508 | DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30508 |
| CVE-2022-26726 | This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26726 |
| CVE-2021-21334 | In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21334 |
| CVE-2021-20197 | There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-20197 |
| CVE-2021-3631 | A flaw was found in libvirt while it generates SELinux MCS category pairs for VMs' dynamic labels. This flaw allows one exploited guest to access files labeled for another guest, resulting in the breaking out of sVirt confinement. The highest threat from this vulnerability is to confidentiality and integrity. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-3631 |
| CVE-2022-21820 | NVIDIA DCGM contains a vulnerability in nvhostengine, where a network user can cause detection of error conditions without action, which may lead to limited code execution, some denial of service, escalation of privileges, and limited impacts to both data confidentiality and integrity. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-21820 |
| CVE-2022-26755 | This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26755 |
| CVE-2022-22328 | IBM SterlingPartner Engagement Manager 6.2.0 could allow a malicious user to elevate their privileges and perform unintended operations to another users data. IBM X-Force ID: 218871. | 6.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-22328 |
| CVE-2019-14862 | There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-14862 |
| CVE-2020-3902 | An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. Processing maliciously crafted web content may lead to a cross site scripting attack. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-3902 |
| CVE-2014-10402 | An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2014-10402 |
| CVE-2020-26161 | In Octopus Deploy through 2020.4.2, an attacker could redirect users to an external site via a modified HTTP Host header. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-26161 |
| CVE-2020-24303 | Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-24303 |
| CVE-2021-21990 | VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering of unsanitized input on the user device in response. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-21990 |
| CVE-2021-32542 | The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32542 |
| CVE-2021-38264 | Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter. This issue is caused by an incomplete fix in CVE-2021-35463. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-38264 |
| CVE-2021-46708 | The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-46708 |
| CVE-2022-30991 | HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-30991 |
| CVE-2022-30992 | Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240 | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-30992 |
| CVE-2022-29882 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not handle uploaded files correctly. An unauthenticated attacker could take advantage of this situation to store an XSS attack, which could - when a legitimate user accesses the error logs - perform arbitrary actions in the name of the user. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29882 |
| CVE-2022-29183 | GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an attacker to trick a victim into executing code which would allow the attacker to operate on, or gain control over the same resources as the victim had access to. This issue is fixed in GoCD 21.4.0. As a workaround, block access to `/go/compare/.*` prior to GoCD Server via a reverse proxy, web application firewall or equivalent, which would prevent use of the pipeline comparison function. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29183 |
| CVE-2022-29214 | NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers recommend adding a certain configuration to one's `callbacks` option as a workaround for those unable to upgrade. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29214 |
| CVE-2022-0734 | A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-0734 |
| CVE-2021-32962 | The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to cross-site scripting, which may allow an attacker to remotely execute arbitrary code. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32962 |
| CVE-2022-29349 | kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29349 |
| CVE-2022-29359 | A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29359 |
| CVE-2021-32989 | When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-32989 |
| CVE-2022-29408 | Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29408 |
| CVE-2022-29251 | XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the `FlamingoThemesCode.WebHomeSheet` wiki page related to the "newThemeName" form field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `FlamingoThemesCode.WebHomeSheet` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29251 |
| CVE-2022-29252 | XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the "requestJoin" field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `WikiManager.JoinWiki` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29252 |
| CVE-2021-4232 | A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input --redacted-- leads to cross site scripting. It is possible to launch the attack remotely | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-4232 |
| CVE-2022-22577 | An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-22577 |
| CVE-2022-27777 | A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-27777 |
| CVE-2022-20666 | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-20666 |
| CVE-2022-20667 | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-20667 |
| CVE-2022-20668 | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-20668 |
| CVE-2022-20669 | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-20669 |
| CVE-2022-20670 | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-20670 |
| CVE-2022-20671 | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-20671 |
| CVE-2022-20672 | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-20672 |
| CVE-2022-20673 | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-20673 |
| CVE-2022-20674 | Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-20674 |
| CVE-2017-2836 | An exploitable denial of service vulnerability exists within the reading of proprietary server certificates in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2017-2836 |
| CVE-2017-2837 | An exploitable denial of service vulnerability exists within the handling of security data in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2017-2837 |
| CVE-2017-2838 | An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2017-2838 |
| CVE-2017-2839 | An exploitable denial of service vulnerability exists within the handling of challenge packets in FreeRDP 2.0.0-beta1+android11. A specially crafted challenge packet can cause the program termination leading to a denial of service condition. An attacker can compromise the server or use man in the middle to trigger this vulnerability. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2017-2839 |
| CVE-2019-5023 | An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2019-5023 |
| CVE-2021-42017 | A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). A new variant of the POODLE attack has left a third-party component vulnerable due to the implementation flaws of the CBC encryption mode in TLS 1.0 to 1.2. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-42017 |
| CVE-2022-25160 | Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric MELSEC iQ-R series R04/08/16/32/120(EN)CPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120SFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PCPU all versions, Mitsubishi Electric MELSEC iQ-R series R08/16/32/120PSFCPU all versions, Mitsubishi Electric MELSEC iQ-R series R16/32/64MTCPU all versions, Mitsubishi Electric MELSEC iQ-R series RJ71C24(-R2/R4) all versions, Mitsubishi Electric MELSEC iQ-R series RJ71EN71 all versions, Mitsubishi Electric MELSEC iQ-R series RJ72GF15-T2 all versions, Mitsubishi Electric MELSEC Q series Q03/04/06/13/26UDVCPU all versions, Mitsubishi Electric MELSEC Q series Q04/06/13/26UDPVCPU all versions, Mitsubishi Electric MELSEC Q series QJ71C24N(-R2/R4) all versions and Mitsubishi Electric MELSEC Q series QJ71E71-100 all versions allows a remote unauthenticated attacker to disclose a file in a legitimate user's product by using previously eavesdropped cleartext information and to counterfeit a legitimate user’s system. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-25160 |
| CVE-2022-1434 | The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-1434 |
| CVE-2013-10001 | A vulnerability was found in HTC One/Sense 4.x. It has been rated as problematic. Affected by this issue is the certification validation of the mail client. An exploit has been disclosed to the public and may be used. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2013-10001 |
| CVE-2022-22365 | IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-22365 |
| CVE-2022-29177 | Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that addresses the problem. As a workaround, setting loglevel to default level (`INFO`) makes the node not vulnerable to this attack. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-29177 |
| CVE-2021-3672 | A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-3672 |
| CVE-2018-4032 | An exploitable privilege escalation vulnerability exists in the way the CleanMyMac X software improperly validates inputs. An attacker with local access could use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4032 |
| CVE-2018-4033 | The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4033 |
| CVE-2018-4034 | The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4034 |
| CVE-2018-4035 | The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4035 |
| CVE-2018-4036 | The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4036 |
| CVE-2018-4037 | The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access can use this vulnerability to modify the file system as root. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4037 |
| CVE-2018-4041 | An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4041 |
| CVE-2018-4042 | An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4042 |
| CVE-2018-4043 | An exploitable privilege escalation vulnerability exists in the Clean My Mac X, version 4.04, helper service due to improper input validation. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4043 |
| CVE-2018-4044 | An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4044 |
| CVE-2018-4045 | An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4045 |
| CVE-2018-4046 | An exploitable denial-of-service vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. A user with local access can use this vulnerability to terminate a privileged helper application. An attacker would need local access to the machine for a successful exploit. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4046 |
| CVE-2018-4047 | An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4047 |
| CVE-2018-4055 | A local privilege escalation vulnerability exists in the install helper tool of the Mac OS X version of Pixar Renderman, version 22.2.0. A user with local access can use this vulnerability to read any root file from the file system. An attacker would need local access to the machine to successfully exploit this flaw. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4055 |
| CVE-2018-4051 | An exploitable local privilege escalation vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can globally create directories and subdirectories on the root file system, as well as change the permissions of existing directories. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4051 |
| CVE-2018-4052 | An exploitable local information leak vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can pass a PID and receive information running on it that would usually only be accessible to the root user. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4052 |
| CVE-2018-4053 | An exploitable local denial-of-service vulnerability exists in the privileged helper tool of GOG Galaxy's Games, version 1.2.47 for macOS. An attacker can send malicious data to the root-listening service, causing the application to terminate and become unavailable. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4053 |
| CVE-2020-7455 | In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-7455 |
| CVE-2020-9976 | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0. A malicious application may be able to leak sensitive user information. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-9976 |
| CVE-2020-13524 | An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13524 |
| CVE-2020-9943 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A malicious application may be able to read restricted memory. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-9943 |
| CVE-2020-9944 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to read restricted memory. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-9944 |
| CVE-2020-27842 | There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-27842 |
| CVE-2021-26931 | An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26931 |
| CVE-2021-20255 | A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-20255 |
| CVE-2021-28971 | In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-28971 |
| CVE-2021-28168 | Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are viewable by all other users locally on the system. As such, if the contents written is security sensitive, it can be disclosed to other local users. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-28168 |
| CVE-2021-31231 | The Alertmanager in Grafana Enterprise Metrics before 1.2.1 and Metrics Enterprise 1.2.1 has a local file disclosure vulnerability when experimental.alertmanager.enable-api is used. The HTTP basic auth password_file can be used as an attack vector to send any file content via a webhook. The alertmanager templates can be used as an attack vector to send any file content because the alertmanager can load any text file specified in the templates list. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-31231 |
| CVE-2020-28588 | An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-28588 |
| CVE-2021-3421 | A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3421 |
| CVE-2021-3468 | A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3468 |
| CVE-2021-26314 | Potential floating point value injection in all supported CPU products, in conjunction with software vulnerabilities relating to speculative execution with incorrect floating point results, may cause the use of incorrect data from FPVI and may result in data leakage. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26314 |
| CVE-2021-42733 | Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42733 |
| CVE-2021-45943 | GDAL 3.3.0 through 3.4.0 has a heap-based buffer overflow in PCIDSK::CPCIDSKFile::ReadFromFile (called from PCIDSK::CPCIDSKSegment::ReadFromFile and PCIDSK::CPCIDSKBinarySegment::CPCIDSKBinarySegment). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-45943 |
| CVE-2022-0563 | A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0563 |
| CVE-2022-24859 | PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `ContentStream._readInlineImage` only terminates when it finds the `EI` token, but never actually checks if the stream has already ended. This issue has been resolved in version `1.27.5`. Users unable to upgrade should validate and PDFs prior to iterating over their content stream. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24859 |
| CVE-2022-20796 | On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20796 |
| CVE-2021-26373 | Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26373 |
| CVE-2021-26375 | Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26375 |
| CVE-2021-26376 | Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26376 |
| CVE-2021-26378 | Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26378 |
| CVE-2021-26388 | Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26388 |
| CVE-2022-21151 | Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21151 |
| CVE-2021-26351 | Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26351 |
| CVE-2021-26361 | A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-26361 |
| CVE-2022-30126 | In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30126 |
| CVE-2022-27242 | A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27242 |
| CVE-2022-29191 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29191 |
| CVE-2022-29192 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29192 |
| CVE-2022-29194 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29194 |
| CVE-2022-29200 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate the ranks of any of the arguments to this API call. This results in `CHECK`-failures when the elements of the tensor are accessed. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29200 |
| CVE-2022-29207 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been impossible to perform these API calls, but migration to TF 2.x eager mode opened up this vulnerability. If the resource handle is empty, then a reference is bound to a null pointer inside TensorFlow codebase (various codepaths). This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29207 |
| CVE-2022-29201 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` for each argument that is empty. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29201 |
| CVE-2022-29202 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all available memory. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29202 |
| CVE-2022-29203 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The result of this integer overflow is used to allocate the output tensor, hence we get a denial of service via a `CHECK`-failure (assertion failure), as in TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29203 |
| CVE-2022-29204 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29204 |
| CVE-2022-29205 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized types, which was added after migration to TensorFlow 2.x. In these scenarios, since the kernel is missing, a `nullptr` value is passed to `ParseDimensionValue` for the `py_value` argument. Then, this is dereferenced, resulting in segfault. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29205 |
| CVE-2022-29206 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `nullptr` during kernel execution. This is undefined behavior. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29206 |
| CVE-2022-29209 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29209 |
| CVE-2022-29210 | TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29210 |
| CVE-2022-29211 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The implementation assumes that all floating point operations are defined and then converts a floating point result to an integer index. If `values` contains `NaN` then the result of the division is still `NaN` and the cast to `int32` would result in a crash. This only occurs on the CPU implementation. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29211 |
| CVE-2022-29212 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that during quantization the scale of values could be greater than 1 but code was always assuming sub-unit scaling. Thus, since code was calling `QuantizeMultiplierSmallerThanOneExp`, the `TFLITE_CHECK_LT` assertion would trigger and abort the process. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29212 |
| CVE-2022-29213 | TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to `CHECK`-failures). Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29213 |
| CVE-2021-32958 | Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32958 |
| CVE-2021-44975 | radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44975 |
| CVE-2022-29358 | epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XML file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29358 |
| CVE-2021-44974 | radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44974 |
| CVE-2022-31650 | In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31650 |
| CVE-2022-26706 | An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26706 |
| CVE-2022-26712 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to modify protected parts of the file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26712 |
| CVE-2022-26724 | An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26724 |
| CVE-2022-26727 | This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26727 |
| CVE-2022-26728 | This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26728 |
| CVE-2022-26745 | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26745 |
| CVE-2022-26746 | This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26746 |
| CVE-2020-27533 | A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-27533 |
| CVE-2021-21087 | Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-21087 |
| CVE-2021-29489 | Highcharts JS is a JavaScript charting library based on SVG. In Highcharts versions 8 and earlier, the chart options structure was not systematically filtered for XSS vectors. The potential impact was that content from untrusted sources could execute code in the end user's browser. The vulnerability is patched in version 9. As a workaround, implementers who are not able to upgrade may apply DOMPurify recursively to the options structure to filter out malicious markup. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-29489 |
| CVE-2021-33570 | Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-33570 |
| CVE-2021-38695 | SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scripting (XSS) that allows users to store scripts in certain fields (e.g. subject, description) of the document form. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-38695 |
| CVE-2022-26874 | lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-26874 |
| CVE-2022-25611 | Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25611 |
| CVE-2022-25612 | Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in Simple Event Planner WordPress plugin <= 1.5.4 allows user with author or higher user rights inject the malicious code via vulnerable parameters: &custom[event_organiser], &custom[organiser_email], &custom[organiser_contact]. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25612 |
| CVE-2022-0825 | The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-0825 |
| CVE-2022-0837 | The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-0837 |
| CVE-2021-38903 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-38903 |
| CVE-2021-38946 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-38946 |
| CVE-2022-30596 | A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30596 |
| CVE-2022-29230 | Hydrogen is a React-based framework for building dynamic, Shopify-powered custom storefronts. There is a potential Cross-Site Scripting (XSS) vulnerability where an arbitrary user is able to execute scripts on pages that are built with Hydrogen. This affects all versions of Hydrogen starting from version 0.10.0 to 0.18.0. This vulnerability is exploitable in applications whose hydrating data is user controlled. All Hydrogen users should upgrade their project to version 0.19.0. There is no current workaround, and users should update as soon as possible. Additionally, the Content Security Policy is not an effective mitigation for this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29230 |
| CVE-2022-1416 | Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows for rendering of attacker controlled HTML tags and CSS styling | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-1416 |
| CVE-2022-29880 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate input in the configuration interface. This could allow an authenticated attacker to place persistent XSS attacks to perform arbitrary actions in the name of a logged user which accesses the affected views. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29880 |
| CVE-2022-29182 | GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run's Stage Details > Graphs tab. It is possible for a malicious script on a attacker-hosted site to execute script that will run within the user's browser context and GoCD session via abuse of a messaging channel used for communication between with the parent page and the stage details graph's iframe. This could allow an attacker to steal a GoCD user's session cookies and/or execute malicious code in the user's context. This issue is fixed in GoCD 22.1.0. There are currently no known workarounds. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29182 |
| CVE-2022-29426 | Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team's Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29426 |
| CVE-2022-29434 | Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29434 |
| CVE-2022-1816 | A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input --redacted-- leads to an authenticated cross site scripting. Exploit details have been disclosed to the public | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-1816 |
| CVE-2022-1817 | A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input </td><img src="" onerror="alert(1)"><td>1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-1817 |
| CVE-2022-0900 | A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aciklama" parameter could allow anyone to gain users' session informations. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-0900 |
| CVE-2022-1811 | Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-1811 |
| CVE-2021-42233 | The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-42233 |
| CVE-2021-42656 | SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-42656 |
| CVE-2022-29237 | Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing organizational barriers. Attackers must have full access to Opencast's ingest REST interface, and also know internal links to resources in another organization of the same Opencast cluster. Users who do not run a multi-tenant cluster are not affected by this issue. This issue is fixed in Opencast 10.14 and 11.7. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29237 |
| CVE-2022-1849 | Session Fixation in GitHub repository filegator/filegator prior to 7.8.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-1849 |
| CVE-2022-29362 | A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29362 |
| CVE-2021-4231 | A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-4231 |
| CVE-2022-30494 | In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30494 |
| CVE-2022-1909 | Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-1909 |
| CVE-2017-2879 | An exploitable buffer overflow vulnerability exists in the UPnP implementation used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted UPnP discovery response can cause a buffer overflow resulting in overwriting arbitrary data. An attacker needs to be in the same subnetwork and reply to a discovery message to trigger this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2017-2879 |
| CVE-2019-13161 | An issue was discovered in Asterisk Open Source through 13.27.0, 14.x and 15.x through 15.7.2, and 16.x through 16.4.0, and Certified Asterisk through 13.21-cert3. A pointer dereference in chan_sip while handling SDP negotiation allows an attacker to crash Asterisk when handling an SDP answer to an outgoing T.38 re-invite. To exploit this vulnerability an attacker must cause the chan_sip module to send a T.38 re-invite request to them. Upon receipt, the attacker must send an SDP answer containing both a T.38 UDPTL stream and another media stream containing only a codec (which is not permitted according to the chan_sip configuration). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-13161 |
| CVE-2021-21012 | Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object vulnerability (IDOR) in the checkout module. Successful exploitation could lead to sensitive information disclosure. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21012 |
| CVE-2021-28153 | An issue was discovered in GNOME GLib before 2.66.8. When g_file_replace() is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is attacker-controlled. (If the path is a symlink to a file that already exists, then the contents of that file correctly remain unchanged.) | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-28153 |
| CVE-2021-32062 | MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x before 7.4.5, and 7.5.x and 7.6.x before 7.6.3 does not properly enforce the MS_MAP_NO_PATH and MS_MAP_PATTERN restrictions that are intended to control the locations from which a mapfile may be loaded (with MapServer CGI). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-32062 |
| CVE-2021-32640 | ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the `Sec-Websocket-Protocol` header can be used to significantly slow down a ws server. The vulnerability has been fixed in ws@7.4.6 (https://github.com/websockets/ws/commit/00c425ec77993773d823f018f64a5c44e17023ff). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the [`--max-http-header-size=size`](https://nodejs.org/api/cli.html#cli_max_http_header_size_size) and/or the [`maxHeaderSize`](https://nodejs.org/api/http.html#http_http_createserver_options_requestlistener) options. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-32640 |
| CVE-2021-32541 | The CTS Web transaction system related to authentication and session management is implemented incorrectly, which allows remote unauthenticated attackers can send a large number of valid usernames, and force those logged-in account to log out, causing the user to be unable to access the services | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-32541 |
| CVE-2021-46671 | options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-46671 |
| CVE-2022-0396 | BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-0396 |
| CVE-2022-25245 | Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation's default currency name. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25245 |
| CVE-2022-22968 | In Spring Framework versions 5.3.0 - 5.3.18, 5.2.0 - 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-22968 |
| CVE-2022-29869 | cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29869 |
| CVE-2022-1343 | The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-1343 |
| CVE-2022-22970 | In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-22970 |
| CVE-2021-3956 | A read-only authentication bypass vulnerability was reported in the Third Quarter 2021 release of Lenovo XClarity Controller (XCC) firmware affecting XCC devices configured in LDAP Authentication Only Mode and using an LDAP server that supports “unauthenticated bind”, such as Microsoft Active Directory. An unauthenticated user can gain read-only access to XCC in such a configuration, thereby allowing the XCC device configuration to be viewed but not changed. XCC devices configured to use local authentication, LDAP Authentication + Authorization Mode, or LDAP servers that support only “authenticated bind” and/or “anonymous bind” are not affected. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-3956 |
| CVE-2021-42848 | An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-42848 |
| CVE-2022-30597 | A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30597 |
| CVE-2022-22976 | Spring Security versions 5.5.x prior to 5.5.7, 5.6.x prior to 5.6.4, and earlier unsupported versions contain an integer overflow vulnerability. When using the BCrypt class with the maximum work factor (31), the encoder does not perform any salt rounds, due to an integer overflow error. The default settings are not affected by this CVE. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-22976 |
| CVE-2022-28987 | ManageEngine ADSelfService Plus v6.1 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-28987 |
| CVE-2022-24043 | A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-24043 |
| CVE-2022-29881 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). The web based management interface of affected devices does not employ special access protection for certain internal developer views. This could allow unauthenticated users to extract internal configuration details. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29881 |
| CVE-2022-29883 | A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not restrict unauthenticated access to certain pages of the web interface. This could allow an attacker to delete log files without authentication. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29883 |
| CVE-2022-29189 | Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29189 |
| CVE-2022-31263 | app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-31263 |
| CVE-2022-1848 | Business Logic Errors in GitHub repository erudika/para prior to 1.45.11. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-1848 |
| CVE-2022-22306 | An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-22306 |
| CVE-2021-32964 | The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-32964 |
| CVE-2022-26725 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26725 |
| CVE-2020-7307 | Unprotected Storage of Credentials vulnerability in McAfee Data Loss Prevention (DLP) for Mac prior to 11.5.2 allows local users to gain access to the RiskDB username and password via unprotected log files containing plain text credentials. | 5.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-7307 |
| CVE-2022-1163 | Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1163 |
| CVE-2022-28717 | Cross-site scripting vulnerability in Rebooter(WATCH BOOT nino RPC-M2C [End of Sale] all firmware versions, WATCH BOOT light RPC-M5C [End of Sale] all firmware versions, WATCH BOOT L-zero RPC-M4L [End of Sale] all firmware versions, WATCH BOOT mini RPC-M4H [End of Sale] all firmware versions, WATCH BOOT nino RPC-M2CS firmware version 1.00A to 1.00D, WATCH BOOT light RPC-M5CS firmware version 1.00A to 1.00D, WATCH BOOT L-zero RPC-M4LS firmware version 1.00A to 1.20A, and Signage Rebooter RPC-M4HSi firmware version 1.00A), PoE Rebooter(PoE BOOT nino PoE8M2 firmware version 1.00A to 1.20A), Scheduler(TIME BOOT mini RSC-MT4H [End of Sale] all firmware versions, TIME BOOT RSC-MT8F [End of Sale] all firmware versions, TIME BOOT RSC-MT8FP [End of Sale] all firmware versions, TIME BOOT mini RSC-MT4HS firmware version 1.00A to 1.10A, and TIME BOOT RSC-MT8FS firmware version 1.00A to 1.00E), and Contact Converter(POSE SE10-8A7B1 firmware version 1.00A to 1.20A) allows a remote attacker with the administrative privilege to inject an arbitrary script via unspecified vectors. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28717 |
| CVE-2022-1819 | A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input --redacted-- leads to authenticated cross site scripting. Exploit details have been disclosed to the public | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1819 |
| CVE-2022-1840 | A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input --redacted-- leads to cross site scripting. The attack may be initiated remotely but demands authentication. Exploit details have been disclosed to the public | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1840 |
| CVE-2022-29380 | Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29380 |
| CVE-2021-26363 | A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-26363 |
| CVE-2021-26368 | Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-26368 |
| CVE-2022-29185 | totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password (TOTP). Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless. Starting with patched version 1.1.0, the library uses constant-time comparison. There are currently no known workarounds. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29185 |
| CVE-2020-4032 | In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-4032 |
| CVE-2020-9942 | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, Safari 13.1.2. Visiting a malicious website may lead to address bar spoofing. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-9942 |
| CVE-2020-9945 | A spoofing issue existed in the handling of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, Safari 14.0.1. Visiting a malicious website may lead to address bar spoofing. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-9945 |
| CVE-2021-33586 | InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to access recently deallocated memory, aka the "malformed PONG" issue. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-33586 |
| CVE-2021-21672 | Jenkins Selenium HTML report Plugin 1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-21672 |
| CVE-2021-43952 | Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to restore the default configuration of fields via a Cross-Site Request Forgery (CSRF) vulnerability in the /secure/admin/RestoreDefaults.jspa endpoint. The affected versions are before version 8.21.0. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-43952 |
| CVE-2018-25031 | Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-25031 |
| CVE-2021-29824 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the 'Data Connections' page to which they don't have access. IBM X-Force ID: 204468. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-29824 |
| CVE-2021-38905 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-38905 |
| CVE-2022-30598 | A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30598 |
| CVE-2022-24904 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a directory-type Application may commit a symlink which points to an out-of-bounds file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any JSON-formatted secrets which have been mounted as files on the repo-server. A patch for this vulnerability has been released in Argo CD versions 2.3.4, 2.2.9, and 2.1.15. Users of versions 2.3.0 or above who do not have any Jsonnet/directory-type Applications may disable the Jsonnet/directory config management tool as a workaround. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-24904 |
| CVE-2022-24905 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on (SSO) is enabled. In order to exploit this vulnerability, an attacker would have to trick the victim to visit a specially crafted URL which contains the message to be displayed. As far as the research of the Argo CD team concluded, it is not possible to specify any active content (e.g. Javascript) or other HTML fragments (e.g. clickable links) in the spoofed message. A patch for this vulnerability has been released in Argo CD versions 2.3.4, 2.2.9, and 2.1.15. There are currently no known workarounds. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-24905 |
| CVE-2022-24906 | Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-24906 |
| CVE-2022-29159 | Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app contains a patch for this issue in versions 1.4.8, 1.5.6, and 1.6.1. There are no known currently-known workarounds available. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29159 |
| CVE-2022-29163 | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected. Versions 22.2.6 and 23.0.3 contain a patch for this issue. There are currently no known workarounds. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29163 |
| CVE-2022-26731 | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26731 |
| CVE-2022-26905 | Microsoft Edge (Chromium-based) Spoofing Vulnerability. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-26905 |
| CVE-2021-22138 | In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in the middle style attack against the Logstash monitoring data. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-22138 |
| CVE-2020-13523 | An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-13523 |
| CVE-2020-27560 | ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-27560 |
| CVE-2020-27818 | A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-27818 |
| CVE-2021-44444 | A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. An attacker could leverage this vulnerability to leak information in the context of the current process. (ZDI-CAN-15052) | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-44444 |
| CVE-2021-42700 | Inkscape 0.91 is vulnerable to an out-of-bounds read, which may allow an attacker to have access to unauthorized information. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-42700 |
| CVE-2021-42702 | Inkscape version 0.91 can access an uninitialized pointer, which may allow an attacker to have access to unauthorized information. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-42702 |
| CVE-2022-29160 | Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29160 |
| CVE-2021-20203 | An integer overflow issue was found in the vmxnet3 NIC emulator of the QEMU for versions up to v5.2.0. It may occur if a guest was to supply invalid values for rx/tx queue size or other NIC parameters. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in DoS scenario. | 3.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-20203 |
| CVE-2020-3894 | A race condition was addressed with additional validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. An application may be able to read restricted memory. | 3.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-3894 |
| CVE-2020-7020 | Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. | 3.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-7020 |
| CVE-2022-29253 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with ".." in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-29253 |
| CVE-2021-43566 | All versions of Samba prior to 4.13.16 are vulnerable to a malicious client using an SMB1 or NFS race to allow a directory to be created in an area of the server file system not exported under the share definition. Note that SMB1 has to be enabled, or the share also available via NFS in order for this attack to succeed. | 2.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43566 |
| CVE-2022-0005 | Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access. | 2.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-0005 |
| CVE-2022-26703 | An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be able to access photos from the lock screen. | 2.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-26703 |
| CVE-2007-0918 | The ATOMIC.TCP signature engine in the Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XA, 12.3YA, 12.3T, and other trains allows remote attackers to cause a denial of service (IPS crash and traffic loss) via unspecified manipulations that are not properly handled by the regular expression feature, as demonstrated using the 3123.0 (Netbus Pro Traffic) signature. | – | https://nvd.nist.gov/vuln/detail/CVE-2007-0918 |
| CVE-2008-2739 | The SERVICE.DNS signature engine in the Intrusion Prevention System (IPS) in Cisco IOS 12.3 and 12.4 allows remote attackers to cause a denial of service (device crash or hang) via network traffic that triggers unspecified IPS signatures, a different vulnerability than CVE-2008-1447. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-2739 |
| CVE-2008-3798 | Cisco IOS 12.4 allows remote attackers to cause a denial of service (device crash) via a normal, properly formed SSL packet that occurs during termination of an SSL session. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-3798 |
| CVE-2008-3799 | Memory leak in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (memory consumption and voice-service outage) via unspecified valid SIP messages. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-3799 |
| CVE-2008-3800 | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsu38644, a different vulnerability than CVE-2008-3801 and CVE-2008-3802. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-3800 |
| CVE-2008-3801 | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4 and Unified Communications Manager 4.1 through 6.1, when VoIP is configured, allows remote attackers to cause a denial of service (device or process reload) via unspecified valid SIP messages, aka Cisco Bug ID CSCsm46064, a different vulnerability than CVE-2008-3800 and CVE-2008-3802. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-3801 |
| CVE-2008-3802 | Unspecified vulnerability in the Session Initiation Protocol (SIP) implementation in Cisco IOS 12.2 through 12.4, when VoIP is configured, allows remote attackers to cause a denial of service (device reload) via unspecified valid SIP messages, aka Cisco bug ID CSCsk42759, a different vulnerability than CVE-2008-3800 and CVE-2008-3801. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-3802 |
| CVE-2008-3803 | A "logic error" in Cisco IOS 12.0 through 12.4, when a Multiprotocol Label Switching (MPLS) VPN with extended communities is configured, sometimes causes a corrupted route target (RT) to be used, which allows remote attackers to read traffic from other VPNs in opportunistic circumstances. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-3803 |
| CVE-2008-3805 | Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3806. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-3805 |
| CVE-2008-3806 | Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 series devices handles external UDP packets that are sent to 127.0.0.0/8 addresses intended for IPC communication within the device, which allows remote attackers to cause a denial of service (device or linecard reload) via crafted UDP packets, a different vulnerability than CVE-2008-3805. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-3806 |
| CVE-2008-3807 | Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when linecard redundancy is configured, enables a read/write SNMP service with "private" as the community, which allows remote attackers to obtain administrative access by guessing this community and sending SNMP requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-3807 |
| CVE-2008-3808 | Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (device reload) via a crafted Protocol Independent Multicast (PIM) packet. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-3808 |
| CVE-2008-3809 | Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices (aka 12000 Series routers) allows remote attackers to cause a denial of service (device crash) via a malformed Protocol Independent Multicast (PIM) packet. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-3809 |
| CVE-2008-3812 | Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) with HTTP Deep Packet Inspection is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed HTTP transit packet. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-3812 |
| CVE-2008-3813 | Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP mgmt daemon process is enabled, allows remote attackers to cause a denial of service (device reload) via a crafted L2TP packet. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-3813 |
| CVE-2009-1185 | udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. | – | https://nvd.nist.gov/vuln/detail/CVE-2009-1185 |
| CVE-2009-1186 | Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. | – | https://nvd.nist.gov/vuln/detail/CVE-2009-1186 |
| CVE-2009-2862 | The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252. | – | https://nvd.nist.gov/vuln/detail/CVE-2009-2862 |
| CVE-2010-4176 | plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. | – | https://nvd.nist.gov/vuln/detail/CVE-2010-4176 |
| CVE-2011-0640 | The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer. | – | https://nvd.nist.gov/vuln/detail/CVE-2011-0640 |
| CVE-2011-0946 | The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload or hang) via malformed NetMeeting Directory (aka Internet Locator Service or ILS) LDAP traffic, aka Bug ID CSCtd10712. | – | https://nvd.nist.gov/vuln/detail/CVE-2011-0946 |
| CVE-2011-3279 | The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through 15.1, and IOS XE 3.1.xSG, allows remote attackers to cause a denial of service (device reload) via a malformed SIP packet to UDP port 5060, aka Bug ID CSCti98219. | – | https://nvd.nist.gov/vuln/detail/CVE-2011-3279 |
| CVE-2014-3264 | Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier allows remote authenticated users to cause a denial of service (device reload) via crafted attributes in a RADIUS packet, aka Bug ID CSCun69561. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-3264 |
| CVE-2014-2151 | The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software 8.4(.7.15) and earlier allows remote authenticated users to obtain sensitive information via a crafted JavaScript file, aka Bug ID CSCui04520. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-2151 |
| CVE-2013-5567 | Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, when using an unsupported configuration with overlapping criteria for filtering and inspection, allows remote attackers to cause a denial of service (traffic loop and device crash) via a packet that triggers multiple matches, aka Bug ID CSCui45606. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-5567 |
| CVE-2013-6691 | The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and earlier allows remote CIFS servers to cause a denial of service (device reload) via a long share list, aka Bug ID CSCuj83344. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-6691 |
| CVE-2014-3399 | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.2(.2.4) and earlier does not properly manage session information during creation of a SharePoint handler, which allows remote authenticated users to overwrite arbitrary RAMFS cache files or inject Lua programs, and consequently cause a denial of service (portal outage or system reload), via crafted HTTP requests, aka Bug ID CSCup54208. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-3399 |
| CVE-2014-3407 | The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(.2) and earlier does not properly allocate memory blocks during HTTP packet handling, which allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCuq68888. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-3407 |
| CVE-2013-5557 | The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software 9.1(.2) and earlier allows remote authenticated users to cause a denial of service (device crash or error-recovery event) via an HTTP request that triggers a rewrite, aka Bug ID CSCug91577. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-5557 |
| CVE-2022-30785 | A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30785 |
| CVE-2022-30787 | An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30787 |
| CVE-2022-26691 | A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26691 |
| CVE-2022-28394 | EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28394 |
| CVE-2022-30687 | Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30687 |
| CVE-2022-30700 | An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30700 |
| CVE-2022-30701 | An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30701 |
| CVE-2022-20765 | A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-20765 |
| CVE-2022-20797 | A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-20797 |
| CVE-2022-20802 | A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-20802 |
| CVE-2022-20806 | Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-20806 |
| CVE-2022-20807 | Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-20807 |
| CVE-2022-1897 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1897 |
| CVE-2022-25878 | The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files | – | https://nvd.nist.gov/vuln/detail/CVE-2022-25878 |
| CVE-2022-1927 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1927 |
| CVE-2021-3555 | A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3555 |
| CVE-2022-1942 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1942 |
| CVE-2022-30973 | We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30973 |
| CVE-2022-23082 | In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-23082 |
| CVE-2022-22361 | IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22361 |
| CVE-2022-29220 | github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set to `dependabot[bot]` to determine if the PR is a legit PR. Theoretically, an owner of a seemingly valid and legit action in the pipeline can check if the PR is created by dependabot and if their own action has enough permissions to modify the PR in the pipeline. If so, they can modify the PR by adding a second seemingly valid and legit commit to the PR, as they can set arbitrarily the username and email in for commits in git. Because the bot only checks if the actor is valid, it would pass the malicious changes through and merge the PR automatically, without getting noticed by project maintainers. It would probably not be possible to determine where the malicious commit came from, as it would only say `dependabot[bot]` and the corresponding email-address. Version 3.2.0 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29220 |
| CVE-2022-29243 | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. Versions 22.2.7 and 23.0.4 contain a fix for this issue. There are currently no known workarounds available. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29243 |
| CVE-2022-29245 | SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client’s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `curve25519-sha256@libssh.org` key exchange algorithms. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29245 |
| CVE-2022-29258 | XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platform Filter UI contains a possible cross-site scripting vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) according to the instructions in the GitHub Security Advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29258 |
| CVE-2022-31002 | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31002 |
| CVE-2022-31001 | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31001 |
| CVE-2022-31003 | Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31003 |
| CVE-2022-31005 | Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31005 |
| CVE-2022-31007 | eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31007 |
| CVE-2022-31011 | TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31011 |
| CVE-2022-1808 | Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1808 |
| CVE-2022-1893 | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1893 |
| CVE-2022-1947 | Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1947 |
| CVE-2022-31013 | Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code is not using `await` to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31013 |
| CVE-2022-31015 | Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select;. This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31015 |
| CVE-2021-27778 | HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-27778 |
| CVE-2022-1285 | Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1285 |
| CVE-2022-29875 | A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29875 |
| CVE-2020-26184 | Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-26184 |
| CVE-2020-26185 | Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-26185 |
| CVE-2022-29098 | Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29098 |
| CVE-2021-27914 | A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript | – | https://nvd.nist.gov/vuln/detail/CVE-2021-27914 |
| CVE-2022-24848 | DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the `/api/programs/orgUnits?programs=` API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. The vulnerability is not exposed to a non-malicious user and requires a conscious attack to be exploited. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance's database. Security patches are now available for DHIS2 versions 2.36.10.1 and 2.37.6.1. One may apply mitigations at the web proxy level as a workaround. More information about these mitigations is available in the GitHub Security Advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-24848 |
| CVE-2022-31000 | solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31000 |
| CVE-2022-31022 | Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. There is no patch for this issue because the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31022 |
| CVE-2022-29169 | BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5 service. The useragent library performs checking of device by parsing the input of User-Agent header and lets it go through lookupUserAgent() (alias of useragent.lookup() ). This function handles input by regexing and attackers can abuse that by providing some ReDos payload using `SmartWatch`. The maintainers removed `htmlclient/useragent` from versions 2.3.19, 2.4.7, and 2.5.0-beta.2. As a workaround, disable NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29169 |
| CVE-2022-29232 | BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a meeting on the server. BigBlueButton versions 2.3.9 and 2.4-beta-1 contain a patch for this issue. There are currently no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29232 |
| CVE-2022-29233 | BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of internal ids rather than on verification of the role of the user. Versions 2.3.18 and 2.4-rc-1 contain a patch for this issue. There are currently no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29233 |
| CVE-2022-29234 | BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s after the lock setting was enacted. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29234 |
| CVE-2022-29235 | BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29235 |
| CVE-2022-29236 | BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced grace period. The attacker must be a meeting participant. The problem has been patched in versions 2.3.18 and 2.4-rc-6. There are currently no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29236 |
| CVE-2019-12349 | An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2019-12349 |
| CVE-2019-12350 | An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma. | – | https://nvd.nist.gov/vuln/detail/CVE-2019-12350 |
| CVE-2019-12351 | An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma. | – | https://nvd.nist.gov/vuln/detail/CVE-2019-12351 |
| CVE-2020-20971 | Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-20971 |
| CVE-2020-28246 | A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-28246 |
| CVE-2021-26633 | SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26633 |
| CVE-2021-26634 | SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26634 |
| CVE-2021-26635 | In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26635 |
| CVE-2021-32546 | Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with "\\" as its name, and then rename this file to .git/config with the custom configuration content (and then save it). | – | https://nvd.nist.gov/vuln/detail/CVE-2021-32546 |
| CVE-2021-33254 | An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33254 |
| CVE-2021-33504 | Couchbase Server before 7.1.0 has Incorrect Access Control. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33504 |
| CVE-2021-33615 | RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33615 |
| CVE-2021-34078 | lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-34078 |
| CVE-2021-34079 | OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the 'ports' entry of a crafted docker-compose.yml file. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-34079 |
| CVE-2021-34080 | OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-34080 |
| CVE-2021-34081 | OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-34081 |
| CVE-2021-34082 | OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-34082 |
| CVE-2021-34083 | Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially exposing the server to RCE. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-34083 |
| CVE-2021-34084 | OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-34084 |
| CVE-2021-36866 | Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36866 |
| CVE-2021-36890 | Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-36890 |
| CVE-2021-40186 | The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40186 |
| CVE-2021-42195 | An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42195 |
| CVE-2021-42196 | An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42196 |
| CVE-2021-42197 | An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42197 |
| CVE-2021-42198 | An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42198 |
| CVE-2021-42199 | An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42199 |
| CVE-2021-42200 | An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42200 |
| CVE-2021-42201 | An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42201 |
| CVE-2021-42202 | An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42202 |
| CVE-2021-42203 | An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42203 |
| CVE-2021-42204 | An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42204 |
| CVE-2021-42872 | TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42872 |
| CVE-2021-43306 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method | – | https://nvd.nist.gov/vuln/detail/CVE-2021-43306 |
| CVE-2021-43307 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method | – | https://nvd.nist.gov/vuln/detail/CVE-2021-43307 |
| CVE-2021-43308 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function | – | https://nvd.nist.gov/vuln/detail/CVE-2021-43308 |
| CVE-2021-43512 | An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-43512 |
| CVE-2021-44080 | A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44080 |
| CVE-2021-44095 | Project Worlds Official Hospital Management System in php 1.0 is vulnerable to SQL Injection on login page organization. ¶¶ A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44095 |
| CVE-2021-44096 | EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action - update_user. This allows a remote attacker to compromise Application SQL database. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44096 |
| CVE-2021-44097 | EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44097 |
| CVE-2021-44098 | EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44098 |
| CVE-2022-1215 | A format string vulnerability was found in libinput | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1215 |
| CVE-2022-1419 | The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1419 |
| CVE-2022-1462 | An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1462 |
| CVE-2022-1652 | Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1652 |
| CVE-2022-1660 | The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1660 |
| CVE-2022-1661 | The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1661 |
| CVE-2022-1786 | A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1786 |
| CVE-2022-1789 | With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1789 |
| CVE-2022-1797 | A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1797 |
| CVE-2022-1929 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1929 |
| CVE-2022-1943 | A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1943 |
| CVE-2022-1949 | An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1949 |
| CVE-2022-1968 | Use After Free in GitHub repository vim/vim prior to 8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1968 |
| CVE-2022-22767 | Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22767 |
| CVE-2022-23236 | E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-23236 |
| CVE-2022-23237 | E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-23237 |
| CVE-2022-24238 | ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-24238 |
| CVE-2022-24239 | ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-24239 |
| CVE-2022-24240 | ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-24240 |
| CVE-2022-24241 | ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-24241 |
| CVE-2022-24581 | ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-24581 |
| CVE-2022-24967 | Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-24967 |
| CVE-2022-25237 | Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-25237 |
| CVE-2022-26491 | An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26491 |
| CVE-2022-26971 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26971 |
| CVE-2022-26972 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26972 |
| CVE-2022-26973 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26973 |
| CVE-2022-26974 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26974 |
| CVE-2022-26975 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26975 |
| CVE-2022-26976 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26976 |
| CVE-2022-26977 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26977 |
| CVE-2022-26978 | Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26978 |
| CVE-2022-27184 | The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27184 |
| CVE-2022-27774 | An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27774 |
| CVE-2022-27775 | An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27775 |
| CVE-2022-27776 | A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27776 |
| CVE-2022-27778 | A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27778 |
| CVE-2022-27779 | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27779 |
| CVE-2022-27780 | The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27780 |
| CVE-2022-27781 | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27781 |
| CVE-2022-27782 | libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27782 |
| CVE-2022-28605 | LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a hardcoded password for the SSL certificate. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28605 |
| CVE-2022-28690 | The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28690 |
| CVE-2022-28702 | Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28702 |
| CVE-2022-28799 | The TikTok application before 23.8.4 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28799 |
| CVE-2022-28945 | An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28945 |
| CVE-2022-29483 | Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29483 |
| CVE-2022-29488 | The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29488 |
| CVE-2022-29540 | resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints, | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29540 |
| CVE-2022-29598 | Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29598 |
| CVE-2022-29624 | An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29624 |
| CVE-2022-29627 | An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29627 |
| CVE-2022-29628 | A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29628 |
| CVE-2022-29647 | An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29647 |
| CVE-2022-29648 | A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29648 |
| CVE-2022-29653 | OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29653 |
| CVE-2022-29659 | Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29659 |
| CVE-2022-29692 | Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29692 |
| CVE-2022-29693 | Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29693 |
| CVE-2022-29694 | Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29694 |
| CVE-2022-29695 | Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29695 |
| CVE-2022-29711 | LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29711 |
| CVE-2022-29712 | LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29712 |
| CVE-2022-29725 | An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29725 |
| CVE-2022-29729 | Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29729 |
| CVE-2022-29730 | USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29730 |
| CVE-2022-29731 | An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29731 |
| CVE-2022-29732 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29732 |
| CVE-2022-29733 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29733 |
| CVE-2022-29734 | A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29734 |
| CVE-2022-29735 | Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29735 |
| CVE-2022-29776 | Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29776 |
| CVE-2022-29777 | Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29777 |
| CVE-2022-29779 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29779 |
| CVE-2022-29780 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29780 |
| CVE-2022-29788 | libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29788 |
| CVE-2022-30034 | Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30034 |
| CVE-2022-30115 | Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30115 |
| CVE-2022-30277 | BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30277 |
| CVE-2022-30324 | HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30324 |
| CVE-2022-30349 | siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30349 |
| CVE-2022-30352 | phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30352 |
| CVE-2022-30423 | Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30423 |
| CVE-2022-30425 | Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30425 |
| CVE-2022-30470 | In Afian Filerun 20220202 Changing the "search_tika_path" variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30470 |
| CVE-2022-30478 | Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in \\search_product.php via the keyword parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30478 |
| CVE-2022-30481 | Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30481 |
| CVE-2022-30482 | Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \\admin\\add_cata.php via the ctg_name parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30482 |
| CVE-2022-30490 | Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30490 |
| CVE-2022-30496 | SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30496 |
| CVE-2022-30503 | Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30503 |
| CVE-2022-30506 | An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30506 |
| CVE-2022-30510 | School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30510 |
| CVE-2022-30511 | School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30511 |
| CVE-2022-30512 | School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30512 |
| CVE-2022-30513 | School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30513 |
| CVE-2022-30514 | School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30514 |
| CVE-2022-30521 | The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30521 |
| CVE-2022-30540 | The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30540 |
| CVE-2022-30794 | Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30794 |
| CVE-2022-30795 | Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30795 |
| CVE-2022-30797 | Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30797 |
| CVE-2022-30798 | Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30798 |
| CVE-2022-30799 | Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30799 |
| CVE-2022-30804 | elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30804 |
| CVE-2022-30808 | elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30808 |
| CVE-2022-30809 | elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30809 |
| CVE-2022-30810 | elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30810 |
| CVE-2022-30813 | elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30813 |
| CVE-2022-30814 | elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30814 |
| CVE-2022-30815 | elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar= | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30815 |
| CVE-2022-30816 | elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30816 |
| CVE-2022-30817 | Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30817 |
| CVE-2022-30818 | Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30818 |
| CVE-2022-30819 | In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30819 |
| CVE-2022-30820 | In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30820 |
| CVE-2022-30821 | In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30821 |
| CVE-2022-30822 | In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30822 |
| CVE-2022-30823 | Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\blog_events_edit.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30823 |
| CVE-2022-30825 | Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\client_edit.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30825 |
| CVE-2022-30826 | Wedding Management System v1.0 is vulnerable to SQL Injection via admin\\client_assign.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30826 |
| CVE-2022-30827 | Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\package_edit.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30827 |
| CVE-2022-30828 | Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\photos_edit.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30828 |
| CVE-2022-30829 | Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\users_edit.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30829 |
| CVE-2022-30830 | Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\feature_edit.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30830 |
| CVE-2022-30831 | Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30831 |
| CVE-2022-30832 | Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30832 |
| CVE-2022-30833 | Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30833 |
| CVE-2022-30834 | Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id= | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30834 |
| CVE-2022-30835 | Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30835 |
| CVE-2022-30836 | Wedding Management System v1.0 is vulnerable to SQL Injection. via Wedding-Management/admin/select.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30836 |
| CVE-2022-30999 | FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files ('image/svg+xml'), navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an attacker. This Javascript code could include the execution of HTTP web requests to Flarum, or any other web service. This could allow data to be leaked by an authenticated Flarum user, or, possibly, for data to be modified maliciously. This issue has been patched with v1.2.3, which now sanitizes uploaded SVG files. As a workaround, remove the ability for users to upload SVG files through FoF Upload. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30999 |
| CVE-2022-31004 | CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a "hot fix" for version 1.1.1 and for the 2.x branch. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31004 |
| CVE-2022-31327 | Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31327 |
| CVE-2022-31328 | Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31328 |
| CVE-2022-31329 | Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31329 |
| CVE-2022-31335 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31335 |
| CVE-2022-31336 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31336 |
| CVE-2022-31337 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31337 |
| CVE-2022-31338 | Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31338 |
| CVE-2022-31339 | Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31339 |
| CVE-2022-31340 | Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31340 |
| CVE-2022-31342 | Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31342 |
| CVE-2022-31343 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31343 |
| CVE-2022-31344 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31344 |
| CVE-2022-31345 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31345 |
| CVE-2022-31346 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31346 |
| CVE-2022-31347 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31347 |
| CVE-2022-31348 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31348 |
| CVE-2022-31350 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31350 |
| CVE-2022-31351 | Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31351 |
| CVE-2022-31352 | Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31352 |
| CVE-2022-31353 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31353 |
| CVE-2022-31354 | Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31354 |
| CVE-2022-31500 | In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31500 |
| CVE-2022-31782 | ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31782 |
| CVE-2022-31783 | Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31783 |
| CVE-2022-31796 | libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31796 |
| CVE-2022-31799 | Bottle before 0.12.20 mishandles errors during early request binding. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31799 |
| CVE-2022-31945 | Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31945 |
| CVE-2022-31946 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31946 |
| CVE-2022-31948 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31948 |
| CVE-2022-31951 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31951 |
| CVE-2022-31952 | Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31952 |
| CVE-2022-31953 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31953 |
| CVE-2022-31956 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31956 |
| CVE-2022-31957 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31957 |
| CVE-2022-31959 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31959 |
| CVE-2022-31961 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31961 |
| CVE-2022-31962 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31962 |
| CVE-2022-31964 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31964 |
| CVE-2022-31965 | Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31965 |
| CVE-2022-31966 | ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31966 |
| CVE-2022-31969 | ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31969 |
| CVE-2022-31970 | ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31970 |
| CVE-2022-31971 | ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31971 |
| CVE-2022-31973 | Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31973 |
| CVE-2022-31974 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31974 |
| CVE-2022-31975 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31975 |
| CVE-2022-31976 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31976 |
| CVE-2022-31977 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31977 |
| CVE-2022-31978 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31978 |
| CVE-2022-31980 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31980 |
| CVE-2022-31981 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31981 |
| CVE-2022-31982 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31982 |
| CVE-2022-31983 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31983 |
| CVE-2022-31984 | Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31984 |
| CVE-2022-32200 | libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32200 |
| CVE-2022-32201 | In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32201 |
| CVE-2022-32202 | In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32202 |
| CVE-2022-31996 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31996 |
| CVE-2022-31998 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31998 |
| CVE-2022-32000 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32000 |
| CVE-2022-32001 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/view_product.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32001 |
| CVE-2022-32002 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32002 |
| CVE-2022-32003 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32003 |
| CVE-2022-32004 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32004 |
| CVE-2022-32005 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32005 |
| CVE-2022-32006 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32006 |
| CVE-2022-31985 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_sales_report&date=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31985 |
| CVE-2022-31986 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_court_rental_report&date=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31986 |
| CVE-2022-31988 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31988 |
| CVE-2022-31989 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31989 |
| CVE-2022-31990 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31990 |
| CVE-2022-31991 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31991 |
| CVE-2022-31992 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31992 |
| CVE-2022-31993 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31993 |
| CVE-2022-31994 | Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31994 |
| CVE-2022-32007 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32007 |
| CVE-2022-32008 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32008 |
| CVE-2022-32010 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32010 |
| CVE-2022-32011 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32011 |
| CVE-2022-32012 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32012 |
| CVE-2022-32013 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32013 |
| CVE-2022-32014 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32014 |
| CVE-2022-32015 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32015 |
| CVE-2022-32016 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32016 |
| CVE-2022-32017 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32017 |
| CVE-2022-32018 | Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32018 |
| CVE-2022-32020 | Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=save_settings. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32020 |
| CVE-2022-32021 | Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32021 |
| CVE-2022-32022 | Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32022 |
| CVE-2022-32024 | Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32024 |
| CVE-2022-32025 | Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32025 |
| CVE-2022-32026 | Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32026 |
| CVE-2022-32027 | Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32027 |
| CVE-2022-32028 | Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32028 |
| CVE-2022-31018 | Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON request body or the `Form#bind` method directly on a JSON value. If the JSON data being bound to the form contains a deeply-nested JSON object or array, the form binding implementation may consume all available heap space and cause an `OutOfMemoryError`. If executing on the default dispatcher and `akka.jvm-exit-on-fatal-error` is enabled—as it is by default—then this can crash the application process. `Form.bindFromRequest` is vulnerable when using any body parser that produces a type of `AnyContent` or `JsValue` in Scala, or one that can produce a `JsonNode` in Java. This includes Play's default body parser. This vulnerability been patched in version 2.8.16. There is now a global limit on the depth of a JSON object that can be parsed, which can be configured by the user if necessary. As a workaround, applications that do not need to parse a request body of type `application/json` can switch from the default body parser to another body parser that supports only the specific type of body they expect. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31018 |
| CVE-2021-38221 | bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-38221 |
| CVE-2021-45981 | NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-45981 |
| CVE-2021-45982 | NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-45982 |
| CVE-2021-45983 | NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-45983 |
| CVE-2022-1716 | Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1716 |
| CVE-2022-1979 | A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input --redacted-- leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1979 |
| CVE-2022-1980 | A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input --redacted-- leads to cross site scripting. The attack may be initiated remotely but requires authentication. Exploit details have been disclosed to the public | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1980 |
| CVE-2022-1982 | Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1982 |
| CVE-2022-25163 | Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number "24061" or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number "24061" or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version "08" or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-25163 |
| CVE-2022-26497 | BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26497 |
| CVE-2022-26944 | Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26944 |
| CVE-2022-29597 | Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the file contents of the internal system file requested. This ability could allow for adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29597 |
| CVE-2022-29704 | BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29704 |
| CVE-2022-30429 | Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30429 |
| CVE-2022-31023 | Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors displaying to users in a production application, which could expose sensitive information from the application. In particular, the constructor for `CORSFilter` and `apply` method for `CORSActionBuilder` use the static object `DefaultHttpErrorHandler` as a default value. This is patched in Play Framework 2.8.16. The `DefaultHttpErrorHandler` object has been changed to use the prod-mode behavior, and `DevHttpErrorHandler` has been introduced for the dev-mode behavior. A workaround is available. When constructing a `CORSFilter` or `CORSActionBuilder`, ensure that a properly-configured error handler is passed. Generally this should be done by using the `HttpErrorHandler` instance provided through dependency injection or through Play's `BuiltInComponents`. Ensure that the application is not using the `DefaultHttpErrorHandler` static object in any code that may be run in production. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31023 |
| CVE-2022-32019 | Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32019 |
| CVE-2021-42875 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42875 |
| CVE-2022-31024 | richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31024 |
| CVE-2021-33473 | An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33473 |
| CVE-2021-42877 | TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42877 |
| CVE-2022-22556 | Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22556 |
| CVE-2022-22557 | PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22557 |
| CVE-2022-26866 | Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26866 |
| CVE-2022-26867 | PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26867 |
| CVE-2022-26868 | Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26868 |
| CVE-2022-26869 | Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26869 |
| CVE-2022-29084 | Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29084 |
| CVE-2022-29085 | Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29085 |
| CVE-2022-29718 | Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29718 |
| CVE-2022-32250 | net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32250 |
| CVE-2022-31459 | Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31459 |
| CVE-2022-31460 | Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31460 |
| CVE-2022-31461 | Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31461 |
| CVE-2022-31462 | Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31462 |
| CVE-2022-31463 | Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31463 |
| CVE-2022-29594 | eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29594 |
| CVE-2022-30232 | A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30232 |
| CVE-2022-30233 | A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30233 |
| CVE-2022-30234 | A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30234 |
| CVE-2022-30235 | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30235 |
| CVE-2022-30236 | A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30236 |
| CVE-2022-30237 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30237 |
| CVE-2022-30238 | A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30238 |
| CVE-2022-29767 | adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29767 |
| CVE-2022-32265 | qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32265 |
| CVE-2022-32268 | StarWind SAN and NAS v0.2 build 1914 allow remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32268 |
| CVE-2022-32269 | In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript\: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32269 |
| CVE-2022-32270 | In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32270 |
| CVE-2022-32271 | In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32271 |
| CVE-2022-1987 | Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1987 |
| CVE-2022-1988 | Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1988 |
| CVE-2021-42884 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42884 |
| CVE-2021-42885 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42885 |
| CVE-2021-42886 | TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42886 |
| CVE-2021-42887 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42887 |
| CVE-2021-42888 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42888 |
| CVE-2021-42889 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42889 |
| CVE-2021-42890 | TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42890 |
| CVE-2021-42891 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42891 |
| CVE-2021-42892 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42892 |
| CVE-2021-42893 | In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42893 |
| CVE-2022-26493 | Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" and "x509 certificate". This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26493 |
| CVE-2021-43271 | Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.) | – | https://nvd.nist.gov/vuln/detail/CVE-2021-43271 |
| CVE-2022-29770 | XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29770 |
| CVE-2022-29773 | An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29773 |
| CVE-2022-29784 | PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29784 |
| CVE-2022-26134 | In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26134 |
| CVE-2022-32291 | In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32291 |
| CVE-2022-32296 | The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32296 |
| CVE-2021-42245 | FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42245 |
| CVE-2022-30860 | FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30860 |
| CVE-2022-30861 | FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30861 |
| CVE-2022-30863 | FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30863 |
| CVE-2021-41932 | A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41932 |
| CVE-2021-39947 | In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs | – | https://nvd.nist.gov/vuln/detail/CVE-2021-39947 |
| CVE-2022-1783 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1783 |
| CVE-2022-1821 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1821 |
| CVE-2022-1935 | Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1935 |
| CVE-2022-1936 | Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1936 |
| CVE-2022-1940 | A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1940 |
| CVE-2022-1944 | When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1944 |
| CVE-2022-31479 | An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. The injected commands only get executed during start up or when unsafe calls regarding the hostname are used. This allows the attacker to gain remote access to the device and can make their persistence permanent by modifying the filesystem. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31479 |
| CVE-2022-31480 | An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS). This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The attacker needs to have a properly signed and encrypted binary, loading the firmware to the device ultimately triggers a reboot. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31480 |
| CVE-2022-31481 | An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.302 for the LP series and 1.296 for the EP series. The overflowed data can allow the attacker to manipulate the “normal” code execution to that of their choosing. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31481 |
| CVE-2022-31482 | An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The overflowed data leads to segmentation fault and ultimately a denial-of-service condition, causing the device to reboot. The impact of this vulnerability is that an unauthenticated attacker could leverage this flaw to cause the target device to become unresponsive. An attacker could automate this attack to achieve persistent DoS, effectively rendering the target controller useless. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31482 |
| CVE-2022-31483 | An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.271. This allows a malicious actor to overwrite sensitive system files and install a startup service to gain remote access to the underlaying Linux operating system with root privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31483 |
| CVE-2022-31484 | An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of this vulnerability is that an unauthenticated attacker could restrict access to the web interface to legitimate users and potentially requiring them to use the default user dip switch procedure to gain access back. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31484 |
| CVE-2022-31485 | An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31485 |
| CVE-2022-31486 | An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.303 for the LP series and 1.297 for the EP series. An attacker with this level of access on the device can monitor all communications sent to and from this device, modify onboard relays, change configuration files, or cause the device to become unstable. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31486 |
| CVE-2022-1680 | An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. When group SAML SSO is configured, the SCIM feature (available only on Premium+ subscriptions) may allow any owner of a Premium group to invite arbitrary users through their username and email, then change those users' email addresses via SCIM to an attacker controlled email address and thus - in the absence of 2FA - take over those accounts. It is also possible for the attacker to change the display name and username of the targeted account. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1680 |
| CVE-2022-1966 | A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1966 |
| CVE-2022-21745 | In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21745 |
| CVE-2022-21746 | In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479698; Issue ID: ALPS06479698. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21746 |
| CVE-2022-21747 | In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21747 |
| CVE-2022-21748 | In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06511030; Issue ID: ALPS06511030. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21748 |
| CVE-2022-21749 | In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511058; Issue ID: ALPS06511058. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21749 |
| CVE-2022-21750 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521283; Issue ID: ALPS06521283. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21750 |
| CVE-2022-21751 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511132; Issue ID: ALPS06511132. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21751 |
| CVE-2022-21752 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493873. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21752 |
| CVE-2022-21753 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493899. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21753 |
| CVE-2022-21754 | In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535953; Issue ID: ALPS06535953. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21754 |
| CVE-2022-21755 | In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545464; Issue ID: ALPS06545464. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21755 |
| CVE-2022-21756 | In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535950; Issue ID: ALPS06535950. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21756 |
| CVE-2022-21757 | In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21757 |
| CVE-2022-21758 | In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06439600; Issue ID: ALPS06439600. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21758 |
| CVE-2022-21759 | In power service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419106; Issue ID: ALPS06419077. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21759 |
| CVE-2022-21760 | In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479562; Issue ID: ALPS06479562. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21760 |
| CVE-2022-21761 | In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479532; Issue ID: ALPS06479532. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21761 |
| CVE-2022-21762 | In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477946; Issue ID: ALPS06477946. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21762 |
| CVE-2022-23712 | A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-23712 |
| CVE-2022-28224 | Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28224 |
| CVE-2022-22396 | Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22396 |
| CVE-2022-30586 | Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30586 |
| CVE-2022-31493 | LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31493 |
| CVE-2022-31768 | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31768 |
| CVE-2022-32275 | Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32275 |
| CVE-2020-6220 | BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-6220 |
| CVE-2022-29617 | Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29617 |
| CVE-2022-30587 | Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30587 |
| CVE-2022-31492 | Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31492 |
| CVE-2022-29631 | Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29631 |
| CVE-2022-30469 | In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30469 |
| CVE-2022-31498 | LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31498 |
| CVE-2022-32511 | jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32511 |
| CVE-2022-27438 | Caphyon Ltd Advanced Installer 19.2 was discovered to contain a remote code execution (RCE) vulnerability via the Update Check function. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27438 |
| CVE-2022-28051 | The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28051 |
| CVE-2022-28478 | SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28478 |
| CVE-2022-28479 | SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28479 |
| CVE-2022-29296 | A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29296 |
| CVE-2022-30927 | A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable "id" parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30927 |
| CVE-2022-31494 | LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31494 |
| CVE-2022-1991 | A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input foo "><img src="" onerror="alert(document.cookie)"> leads to cross site scripting. It is possible to launch the attack remotely but it requires authentication. Exploit details have been disclosed to the public. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1991 |
| CVE-2021-37589 | Virtua Cobranca before 12R allows SQL Injection on the login page. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-37589 |
| CVE-2022-25361 | WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-25361 |
| CVE-2022-29564 | Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29564 |
| CVE-2022-31025 | Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31025 |
| CVE-2022-31495 | LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31495 |
| CVE-2022-31028 | MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections. Public-facing MinIO deployments are most affected. Users should upgrade to RELEASE.2022-06-02T02-11-04Z to receive a patch. One possible workaround is to use a reverse proxy to limit the number of connections being attempted in front of MinIO, and actively rejecting connections from such malicious clients. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31028 |
| CVE-2022-31279 | Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution (RCE) via an unserialized pop chain in __destruct in Illuminate\\Broadcasting\\PendingBroadcast.php and __call in Faker\\Generator.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31279 |
| CVE-2019-9971 | PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo. | – | https://nvd.nist.gov/vuln/detail/CVE-2019-9971 |
| CVE-2019-9972 | PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling. | – | https://nvd.nist.gov/vuln/detail/CVE-2019-9972 |
| CVE-2020-36523 | A vulnerability was found in PlantUML 6.43. It has been declared as problematic. Affected by this vulnerability is the component Database Information Macro. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36523 |
| CVE-2020-36524 | A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36524 |
| CVE-2020-36525 | A vulnerability classified as problematic has been found in Linking. This affects an unknown part of the component New Windows Macro. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36525 |
| CVE-2020-36526 | A vulnerability classified as problematic was found in Countdown Timer. This vulnerability affects unknown code of the component Macro Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36526 |
| CVE-2020-36527 | A vulnerability, which was classified as problematic, has been found in Server Status. This issue affects some unknown processing of the component HTTP Status/SMTP Status. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36527 |
| CVE-2020-36528 | A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36528 |
| CVE-2020-36529 | A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36529 |
| CVE-2020-36530 | A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36530 |
| CVE-2020-36531 | A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36531 |
| CVE-2020-36532 | A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36532 |
| CVE-2020-36533 | A vulnerability was found in Klapp App and classified as problematic. This issue affects some unknown processing of the JSON Web Token Handler. The manipulation leads to weak authentication. The attack may be initiated remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36533 |
| CVE-2020-36534 | A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36534 |
| CVE-2020-36535 | A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36535 |
| CVE-2020-36536 | A vulnerability was found in Brandbugle. It has been rated as critical. Affected by this issue is some unknown functionality of the file /main.php. The manipulation leads to sql injection. The attack may be launched remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36536 |
| CVE-2020-36537 | A vulnerability was found in Everywhere CMS. It has been classified as critical. Affected is an unknown function. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36537 |
| CVE-2020-36538 | A vulnerability was found in Eatan CMS. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The attack can be launched remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36538 |
| CVE-2020-36539 | A vulnerability was found in Lógico y Creativo 1.0 and classified as critical. This issue affects some unknown processing. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36539 |
| CVE-2020-36540 | A vulnerability, which was classified as critical, was found in Neetai Tech. Affected is an unknown function of the file /product.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36540 |
| CVE-2020-36541 | A vulnerability was found in Demokratian. It has been rated as critical. Affected by this issue is some unknown functionality of the file basicos_php/genera_select.php. The manipulation of the argument id_provincia with the input leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36541 |
| CVE-2020-36542 | A vulnerability classified as critical has been found in Demokratian. This affects an unknown part of the file install/install3.php. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36542 |
| CVE-2022-1708 | A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1708 |
| CVE-2022-28794 | Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28794 |
| CVE-2022-30709 | Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30709 |
| CVE-2022-30710 | Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30710 |
| CVE-2022-30711 | Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30711 |
| CVE-2022-30712 | Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30712 |
| CVE-2022-30713 | Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30713 |
| CVE-2022-30714 | Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30714 |
| CVE-2022-30715 | Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30715 |
| CVE-2022-30716 | Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30716 |
| CVE-2022-30717 | Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30717 |
| CVE-2022-30719 | Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30719 |
| CVE-2022-30720 | Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30720 |
| CVE-2022-30721 | Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30721 |
| CVE-2022-30722 | Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30722 |
| CVE-2022-30723 | Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30723 |
| CVE-2022-30724 | Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30724 |
| CVE-2022-30725 | Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30725 |
| CVE-2022-30726 | Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30726 |
| CVE-2022-30729 | Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30729 |
| CVE-2022-30727 | Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30727 |
| CVE-2022-30728 | Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30728 |
| CVE-2022-30730 | Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30730 |
| CVE-2022-30731 | Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30731 |
| CVE-2022-30732 | Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30732 |
| CVE-2022-30733 | Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30733 |
| CVE-2022-30734 | Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30734 |
| CVE-2022-30735 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30735 |
| CVE-2022-30736 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30736 |
| CVE-2022-30737 | Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30737 |
| CVE-2022-30738 | Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30738 |
| CVE-2022-30739 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30739 |
| CVE-2022-30740 | Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30740 |
| CVE-2022-30741 | Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30741 |
| CVE-2022-30742 | Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30742 |
| CVE-2022-30743 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30743 |
| CVE-2022-30744 | DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30744 |
| CVE-2022-30745 | Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30745 |
| CVE-2022-30746 | Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30746 |
| CVE-2022-30747 | PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30747 |
| CVE-2022-30748 | Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30748 |
| CVE-2022-30749 | Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30749 |
| CVE-2022-2022 | Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2022 |
| CVE-2021-35530 | A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-35530 |
| CVE-2021-35531 | Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-35531 |
| CVE-2021-35532 | A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-35532 |
| CVE-2022-30466 | joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30466 |
| CVE-2022-31470 | An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31470 |