| CVE Number |
Description |
Base Score |
Reference |
| CVE-2017-2827 |
An exploitable command injection vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can allow for a user to inject arbitrary shell characters during account creation resulting in command injection. An attacker can simply send an HTTP request to the device to trigger this vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2827 |
| CVE-2017-2916 |
An exploitable vulnerability exists in the /api/CONFIG/restore functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an arbitrary file to be overwritten. An attacker can send an HTTP request to trigger this vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2916 |
| CVE-2017-2917 |
An exploitable vulnerability exists in the notifications functionality of Circle with Disney running firmware 2.0.1. Specially crafted network packets can cause an OS command injection. An attacker can send an HTTP request to trigger this vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2917 |
| CVE-2017-2923 |
An exploitable heap based buffer overflow vulnerability exists in the 'read_biff_next_record function' of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2923 |
| CVE-2017-2924 |
An exploitable heap-based buffer overflow vulnerability exists in the read_legacy_biff function of FreeXL 1.0.3. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2924 |
| CVE-2018-1999001 |
A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1999001 |
| CVE-2018-20545 |
There is an illegal WRITE memory access at common-image.c (function load_image) in libcaca 0.99.beta19 for 4bpp data. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2018-20545 |
| CVE-2019-1003005 |
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-1003005 |
| CVE-2019-5032 |
An exploitable out-of-bounds read vulnerability exists in the LabelSst record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5032 |
| CVE-2019-10384 |
Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed users to obtain CSRF tokens without an associated web session ID, resulting in CSRF tokens that did not expire and could be used to bypass CSRF protection for the anonymous user. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-10384 |
| CVE-2019-5130 |
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5130 |
| CVE-2019-5131 |
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5131 |
| CVE-2019-5145 |
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit PDF Reader, version 9.7.0.29435. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5145 |
| CVE-2020-7246 |
A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a malicious PHP code file via the profile photo functionality, by leveraging a path traversal vulnerability in the users['photop_preview'] delete photo feature, allowing bypass of .htaccess protection. NOTE: this issue exists because of an incomplete fix for CVE-2015-3884. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-7246 |
| CVE-2019-5187 |
An exploitable out-of-bounds write vulnerability exists in the TIFreadstripdata function of the igcore19d.dll library of Accusoft ImageGear 19.5.0. A specially crafted TIFF file file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5187 |
| CVE-2019-5136 |
An exploitable privilege escalation vulnerability exists in the iw_console functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted menu selection string can cause an escape from the restricted console, resulting in system access as the root user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5136 |
| CVE-2019-5140 |
An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iwsystem call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5140 |
| CVE-2019-5141 |
An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5141 |
| CVE-2019-5143 |
An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted time server entry can cause an overflow of the time server buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5143 |
| CVE-2019-5153 |
An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause an overflow of an error message buffer, resulting in remote code execution. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5153 |
| CVE-2019-5162 |
An exploitable improper access control vulnerability exists in the iw_webs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as that user. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5162 |
| CVE-2021-21480 |
SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAP_XMII Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application. Also, an attacker authenticated as a developer can use the application to upload and execute a file which will permit them to execute operating systems commands completely compromising the server hosting the application. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-21480 |
| CVE-2020-36403 |
HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read). |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36403 |
| CVE-2021-43559 |
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-43559 |
| CVE-2021-44227 |
In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-44227 |
| CVE-2021-45960 |
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-45960 |
| CVE-2022-22825 |
lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22825 |
| CVE-2022-22826 |
nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22826 |
| CVE-2022-22827 |
storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22827 |
| CVE-2021-44520 |
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Command Injection vulnerability, leading to remote code execution with root privileges. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-44520 |
| CVE-2022-24857 |
django-mfa3 is a library that implements multi factor authentication for the django web framework. It achieves this by modifying the regular login view. Django however has a second login view for its admin area. This second login view was not modified, so the multi factor authentication can be bypassed. Users are affected if they have activated both django-mfa3 (< 0.5.0) and django.contrib.admin and have not taken any other measures to prevent users from accessing the admin login view. The issue has been fixed in django-mfa3 0.5.0. It is possible to work around the issue by overwriting the admin login route, e.g. by adding the following URL definition *before* the admin routes: url('admin/login/', lambda request: redirect(settings.LOGIN_URL) |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24857 |
| CVE-2021-44519 |
In Citrix XenMobile Server through 10.12 RP9, there is an Authenticated Directory Traversal vulnerability, leading to remote code execution. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-44519 |
| CVE-2021-42192 |
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42192 |
| CVE-2020-16231 |
The affected Bachmann Electronic M-Base Controllers of version MSYS v1.06.14 and later use weak cryptography to protect device passwords. Affected controllers that are actively supported include MX207, MX213, MX220, MC206, MC212, MC220, and MH230 hardware controllers, and affected end-of-life controller include MC205, MC210, MH212, ME203, CS200, MP213, MP226, MPC240, MPC265, MPC270, MPC293, MPE270, and CPC210 hardware controllers. Security Level 0 is set at default from the manufacturer, which could allow an unauthenticated remote attacker to gain access to the password hashes. Security Level 4 is susceptible if an authenticated remote attacker or an unauthenticated person with physical access to the device reads and decrypts the password to conduct further attacks. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-16231 |
| CVE-2014-125001 |
A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2014-125001 |
| CVE-2022-27305 |
Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27305 |
| CVE-2021-33014 |
An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-33014 |
| CVE-2022-1261 |
Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1261 |
| CVE-2022-31265 |
The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31265 |
| CVE-2022-30584 |
Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30584 |
| CVE-2022-1611 |
The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1611 |
| CVE-2021-3555 |
A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3555 |
| CVE-2022-1808 |
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1808 |
| CVE-2022-24848 |
DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the `/api/programs/orgUnits?programs=` API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. The vulnerability is not exposed to a non-malicious user and requires a conscious attack to be exploited. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance's database. Security patches are now available for DHIS2 versions 2.36.10.1 and 2.37.6.1. One may apply mitigations at the web proxy level as a workaround. More information about these mitigations is available in the GitHub Security Advisory. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24848 |
| CVE-2020-20971 |
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-20971 |
| CVE-2021-32546 |
Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with "\\" as its name, and then rename this file to .git/config with the custom configuration content (and then save it). |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32546 |
| CVE-2021-34078 |
lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project's package.json file. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-34078 |
| CVE-2021-34081 |
OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-34081 |
| CVE-2022-22767 |
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22767 |
| CVE-2022-28799 |
The TikTok application before 23.8.4 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28799 |
| CVE-2022-29624 |
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29624 |
| CVE-2022-29647 |
An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29647 |
| CVE-2022-29725 |
An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29725 |
| CVE-2022-29735 |
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29735 |
| CVE-2022-30425 |
Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30425 |
| CVE-2022-30819 |
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30819 |
| CVE-2022-30820 |
In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30820 |
| CVE-2022-30821 |
In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30821 |
| CVE-2022-30822 |
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30822 |
| CVE-2021-45982 |
NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-45982 |
| CVE-2022-31462 |
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31462 |
| CVE-2022-30232 |
A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30232 |
| CVE-2022-30238 |
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30238 |
| CVE-2022-26493 |
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module's default settings which require the options "Either sign SAML assertions" and "x509 certificate". This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) - SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26493 |
| CVE-2022-32291 |
In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32291 |
| CVE-2021-41932 |
A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-41932 |
| CVE-2022-21745 |
In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468872; Issue ID: ALPS06468872. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21745 |
| CVE-2022-30469 |
In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL injection. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30469 |
| CVE-2019-9971 |
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-9971 |
| CVE-2019-9972 |
PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-9972 |
| CVE-2020-36529 |
A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22. This affects the file traceroute.php of the Traceroute Handler. The manipulation leads to privilege escalation with a command injection. It is possible to initiate the attack remotely. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36529 |
| CVE-2020-36530 |
A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22. This vulnerability affects the Alert Summary. The manipulation leads to sql injection. The attack can be initiated remotely. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36530 |
| CVE-2020-36531 |
A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22. This issue affects the Device Manager Page. An injection leads to privilege escalation. The attack may be initiated remotely. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36531 |
| CVE-2020-36535 |
A vulnerability classified as critical has been found in MINMAX. This affects an unknown part of the file /newsDia.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36535 |
| CVE-2020-36536 |
A vulnerability was found in Brandbugle. It has been rated as critical. Affected by this issue is some unknown functionality of the file /main.php. The manipulation leads to sql injection. The attack may be launched remotely. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36536 |
| CVE-2020-36537 |
A vulnerability was found in Everywhere CMS. It has been classified as critical. Affected is an unknown function. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36537 |
| CVE-2020-36538 |
A vulnerability was found in Eatan CMS. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. The attack can be launched remotely. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36538 |
| CVE-2017-20017 |
A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0. This issue affects some unknown processing of the file /timeline2.php. The manipulation of the argument primaryID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.1.1 is able to address this issue. It is recommended to upgrade the affected component. |
8.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-20017 |
| CVE-2019-13933 |
A vulnerability has been identified in SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants), SCALANCE X204RNA (HSR), SCALANCE X204RNA (PRP), SCALANCE X204RNA EEC (HSR), SCALANCE X204RNA EEC (PRP), SCALANCE X204RNA EEC (PRP/HSR), SCALANCE X302-7 EEC (230V), SCALANCE X302-7 EEC (230V, coated), SCALANCE X302-7 EEC (24V), SCALANCE X302-7 EEC (24V, coated), SCALANCE X302-7 EEC (2x 230V), SCALANCE X302-7 EEC (2x 230V, coated), SCALANCE X302-7 EEC (2x 24V), SCALANCE X302-7 EEC (2x 24V, coated), SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2 EEC (230V), SCALANCE X307-2 EEC (230V, coated), SCALANCE X307-2 EEC (24V), SCALANCE X307-2 EEC (24V, coated), SCALANCE X307-2 EEC (2x 230V), SCALANCE X307-2 EEC (2x 230V, coated), SCALANCE X307-2 EEC (2x 24V), SCALANCE X307-2 EEC (2x 24V, coated), SCALANCE X307-3, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X308-2, SCALANCE X308-2LD, SCALANCE X308-2LD, SCALANCE X308-2LH, SCALANCE X308-2LH, SCALANCE X308-2LH+, SCALANCE X308-2LH+, SCALANCE X308-2M, SCALANCE X308-2M, SCALANCE X308-2M PoE, SCALANCE X308-2M PoE, SCALANCE X308-2M TS, SCALANCE X308-2M TS, SCALANCE X310, SCALANCE X310, SCALANCE X310FE, SCALANCE X310FE, SCALANCE X320-1 FE, SCALANCE X320-1-2LD FE, SCALANCE X408-2, SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on front), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (230V, ports on rear), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on front), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M (24V, ports on rear), SCALANCE XR324-12M TS (24V), SCALANCE XR324-12M TS (24V), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on front), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (24V, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on front), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 100-240VAC/60-250VDC, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on front), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M EEC (2x 24V, ports on rear), SCALANCE XR324-4M PoE (230V, ports on front), SCALANCE XR324-4M PoE (230V, ports on rear), SCALANCE XR324-4M PoE (24V, ports on front), SCALANCE XR324-4M PoE (24V, ports on rear), SCALANCE XR324-4M PoE TS (24V, ports on front), SIPLUS NET SCALANCE X308-2. Affected devices contain a vulnerability that allows an unauthenticated attacker to violate access-control rules. The vulnerability can be triggered by sending GET request to specific uniform resource locator on the web configuration interface of the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. An attacker could use the vulnerability to obtain sensitive information or change the device configuration. At the time of advisory publication no public exploitation of this security vulnerability was known. |
8.6 |
https://nvd.nist.gov/vuln/detail/CVE-2019-13933 |
| CVE-2022-1797 |
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online. |
8.6 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1797 |
| CVE-2022-30034 |
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. |
8.6 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30034 |
| CVE-2021-44719 |
Docker Desktop 4.3.0 has Incorrect Access Control. |
8.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-44719 |
| CVE-2022-30127 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128. |
8.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30127 |
| CVE-2022-30128 |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127. |
8.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30128 |
| CVE-2022-30236 |
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) |
8.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30236 |
| CVE-2017-2914 |
An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney running firmware 2.0.1. A specially crafted token can bypass the authentication routine of the Apid binary, causing the device to grant unintended administrative access. An attacker needs network connectivity to the device to trigger this vulnerability. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2914 |
| CVE-2018-1000194 |
A path traversal vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in FilePath.java, SoloFilePathFilter.java that allows malicious agents to read and write arbitrary files on the Jenkins master, bypassing the agent-to-master security subsystem protection. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1000194 |
| CVE-2018-20546 |
There is an illegal READ memory access at caca/dither.c (function get_rgba_default) in libcaca 0.99.beta19 for the default bpp case. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2018-20546 |
| CVE-2019-1003049 |
Users who cached their CLI authentication before Jenkins was updated to 2.150.2 and newer, or 2.160 and newer, would remain authenticated in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, because the fix for CVE-2019-1003004 in these releases did not reject existing remoting-based CLI authentication caches. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2019-1003049 |
| CVE-2019-5018 |
An exploitable use after free vulnerability exists in the window function functionality of Sqlite3 3.26.0. A specially crafted SQL command can cause a use after free vulnerability, potentially resulting in remote code execution. An attacker can send a malicious SQL command to trigger this vulnerability. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5018 |
| CVE-2022-23639 |
crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of `{i,u}64` was always the same as `Atomic{I,U}64`. However, the alignment of `{i,u}64` on a 32-bit target can be smaller than `Atomic{I,U}64`. This can cause unaligned memory accesses and data race. Crates using `fetch_*` methods with `AtomicCell<{i,u}64>` are affected by this issue. 32-bit targets without `Atomic{I,U}64` and 64-bit targets are not affected by this issue. This has been fixed in crossbeam-utils 0.8.7. There are currently no known workarounds. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23639 |
| CVE-2022-24801 |
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the `twisted.web.http` module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing can lead to desync if requests pass through multiple HTTP parsers, potentially resulting in HTTP request smuggling. Users who may be affected use Twisted Web's HTTP 1.1 server and/or proxy and also pass requests through a different HTTP server and/or proxy. The Twisted Web client is not affected. The HTTP 2.0 server uses a different parser, so it is not affected. The issue has been addressed in Twisted 22.4.0rc1. Two workarounds are available: Ensure any vulnerabilities in upstream proxies have been addressed, such as by upgrading them; or filter malformed requests by other means, such as configuration of an upstream proxy. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24801 |
| CVE-2022-0141 |
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0141 |
| CVE-2021-25745 |
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25745 |
| CVE-2022-1669 |
A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a "strcpy" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1669 |
| CVE-2022-22576 |
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22576 |
| CVE-2022-1931 |
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1931 |
| CVE-2021-34083 |
Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the 'Open in browser' option in versions up to 1.6.2, google-it will unsafely concat the result's link retrieved from google to a shell command, potentially exposing the server to RCE. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-34083 |
| CVE-2022-27778 |
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27778 |
| CVE-2022-1987 |
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. |
8.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1987 |
| CVE-2017-2915 |
An exploitable vulnerability exists in the WiFi configuration functionality of Circle with Disney running firmware 2.0.1. A specially crafted SSID can cause the device to execute arbitrary shell commands. An attacker needs to send a couple of HTTP requests and setup an access point reachable by the device to trigger this vulnerability. |
8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2915 |
| CVE-2022-26867 |
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. |
8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26867 |
| CVE-2017-2823 |
A use-after-free vulnerability exists in the .ISO parsing functionality of PowerISO 6.8. A specially crafted .ISO file can cause a vulnerability resulting in potential code execution. An attacker can send a specific .ISO file to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2823 |
| CVE-2017-2920 |
An memory corruption vulnerability exists in the .SVG parsing functionality of Computerinsel Photoline 20.02. A specially crafted .SVG file can cause a vulnerability resulting in memory corruption, which can potentially lead to arbitrary code execution. An attacker can send a specific .SVG file to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2920 |
| CVE-2017-2897 |
An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2897 |
| CVE-2017-2919 |
An exploitable stack based buffer overflow vulnerability exists in the xls_getfcell function of libxls 1.3.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2919 |
| CVE-2017-2899 |
An exploitable integer overflow exists in the TIFF loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.tif' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2899 |
| CVE-2017-2900 |
An exploitable integer overflow exists in the PNG loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.png' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2900 |
| CVE-2017-2901 |
An exploitable integer overflow exists in the IRIS loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.iris' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2901 |
| CVE-2017-2902 |
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2902 |
| CVE-2017-2903 |
An exploitable integer overflow exists in the DPX loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.cin' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2903 |
| CVE-2017-2904 |
An exploitable integer overflow exists in the RADIANCE loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.hdr' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2904 |
| CVE-2017-2905 |
An exploitable integer overflow exists in the bmp loading functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted '.bmp' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset via the sequencer in order to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2905 |
| CVE-2017-2906 |
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2906 |
| CVE-2017-2907 |
An exploitable integer overflow exists in the animation playing functionality of the Blender open-source 3d creation suite version 2.78c. A specially created '.avi' file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to use the file as an asset in order to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2907 |
| CVE-2017-2908 |
An exploitable integer overflow exists in the thumbnail functionality of the Blender open-source 3d creation suite version 2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to render the thumbnail for the file while in the File->Open dialog. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2908 |
| CVE-2017-2918 |
An exploitable integer overflow exists in the Image loading functionality of the Blender open-source 3d creation suite v2.78c. A specially crafted .blend file can cause an integer overflow resulting in a buffer overflow which can allow for code execution under the context of the application. An attacker can convince a user to open the file or use it as a library in order to trigger this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2918 |
| CVE-2019-5015 |
A local privilege escalation vulnerability exists in the Mac OS X version of Pixar Renderman 22.3.0's Install Helper helper tool. A user with local access can use this vulnerability to escalate their privileges to root. An attacker would need local access to the machine for a successful exploit. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5015 |
| CVE-2019-10934 |
A vulnerability has been identified in TIA Portal V14 (All versions), TIA Portal V15 (All versions < V15.1 Update 7), TIA Portal V16 (All versions), TIA Portal V17 (All versions < V17 Update 4). Changing the contents of a configuration file could allow an attacker to execute arbitrary code with SYSTEM privileges. The security vulnerability could be exploited by an attacker with a valid account and limited access rights on the system. No user interaction is required. At the time of advisory publication no public exploitation of this security vulnerability was known. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-10934 |
| CVE-2020-26664 |
A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2020-26664 |
| CVE-2021-41103 |
containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-41103 |
| CVE-2021-46143 |
In doProlog in xmlparse.c in Expat (aka libexpat) before 2.4.3, an integer overflow exists for m_groupSize. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46143 |
| CVE-2021-4034 |
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-4034 |
| CVE-2021-44000 |
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053) |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-44000 |
| CVE-2021-44016 |
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110) |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-44016 |
| CVE-2021-44018 |
A vulnerability has been identified in JT2Go (All versions < V13.2.0.7), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V13.1 (All versions < V13.1.0.9), Teamcenter Visualization V13.2 (All versions < V13.2.0.7), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112) |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-44018 |
| CVE-2022-0847 |
A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0847 |
| CVE-2022-21124 |
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21124 |
| CVE-2022-28893 |
The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28893 |
| CVE-2022-22187 |
An Improper Privilege Management vulnerability in the Windows Installer framework used in the Juniper Networks Juniper Identity Management Service (JIMS) allows an unprivileged user to trigger a repair operation. Running a repair operation, in turn, will trigger a number of file operations in the %TEMP% folder of the user triggering the repair. Some of these operations will be performed from a SYSTEM context (started via the Windows Installer service), including the execution of temporary files. An attacker may be able to provide malicious binaries to the Windows Installer, which will be executed with high privilege, leading to a local privilege escalation. This issue affects Juniper Networks Juniper Identity Management Service (JIMS) versions prior to 1.4.0. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22187 |
| CVE-2022-24287 |
A vulnerability has been identified in SIMATIC PCS 7 V9.0 and earlier (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 8). An authenticated attacker could escape the WinCC Kiosk Mode by opening the printer dialog in the affected application in case no printer is installed. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24287 |
| CVE-2022-26531 |
Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26531 |
| CVE-2022-26532 |
A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26532 |
| CVE-2021-3717 |
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3717 |
| CVE-2022-22672 |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22672 |
| CVE-2022-22675 |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22675 |
| CVE-2022-26702 |
A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26702 |
| CVE-2022-26704 |
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26704 |
| CVE-2022-26714 |
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26714 |
| CVE-2022-26715 |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26715 |
| CVE-2022-26718 |
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26718 |
| CVE-2022-26756 |
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26756 |
| CVE-2022-26757 |
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26757 |
| CVE-2022-26761 |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26761 |
| CVE-2022-26763 |
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26763 |
| CVE-2022-26768 |
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26768 |
| CVE-2022-26769 |
A memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26769 |
| CVE-2022-26770 |
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26770 |
| CVE-2022-29637 |
An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29637 |
| CVE-2022-28394 |
EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28394 |
| CVE-2022-30700 |
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30700 |
| CVE-2022-30701 |
An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30701 |
| CVE-2022-1897 |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1897 |
| CVE-2022-1934 |
Use After Free in GitHub repository mruby/mruby prior to 3.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1934 |
| CVE-2022-1942 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1942 |
| CVE-2022-31011 |
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31011 |
| CVE-2021-26635 |
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26635 |
| CVE-2021-42195 |
An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42195 |
| CVE-2021-42197 |
An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42197 |
| CVE-2021-42199 |
An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42199 |
| CVE-2021-42201 |
An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42201 |
| CVE-2021-42203 |
An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42203 |
| CVE-2021-42204 |
An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42204 |
| CVE-2022-1215 |
A format string vulnerability was found in libinput |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1215 |
| CVE-2022-1419 |
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1419 |
| CVE-2022-1652 |
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1652 |
| CVE-2022-1786 |
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1786 |
| CVE-2022-1968 |
Use After Free in GitHub repository vim/vim prior to 8.2. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1968 |
| CVE-2022-27184 |
The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27184 |
| CVE-2022-28690 |
The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28690 |
| CVE-2022-28702 |
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28702 |
| CVE-2022-29483 |
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29483 |
| CVE-2022-29488 |
The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29488 |
| CVE-2022-29692 |
Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29692 |
| CVE-2022-30540 |
The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30540 |
| CVE-2022-31500 |
In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31500 |
| CVE-2022-31782 |
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31782 |
| CVE-2022-32200 |
libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32200 |
| CVE-2022-22557 |
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22557 |
| CVE-2022-26868 |
Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26868 |
| CVE-2022-32250 |
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32250 |
| CVE-2022-29594 |
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29594 |
| CVE-2022-30726 |
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30726 |
| CVE-2022-30744 |
DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30744 |
| CVE-2021-46816 |
Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46816 |
| CVE-2021-46817 |
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46817 |
| CVE-2021-46818 |
Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. |
7.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46818 |
| CVE-2019-5024 |
A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A specific series of keyboard inputs can escape the restricted environment, resulting in full administrator access to the underlying operating system. An attacker can connect to the device via USB port with a keyboard or other HID device to trigger this vulnerability. |
7.6 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5024 |
| CVE-2017-9946 |
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-9946 |
| CVE-2017-2898 |
An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series of packets to trigger this vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2898 |
| CVE-2017-2909 |
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2909 |
| CVE-2017-17740 |
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-17740 |
| CVE-2018-1999002 |
A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1999002 |
| CVE-2019-6568 |
A vulnerability has been identified in RFID 181EIP, SIMATIC CP 1604, SIMATIC CP 1616, SIMATIC CP 343-1 Advanced, SIMATIC CP 443-1, SIMATIC CP 443-1 Advanced, SIMATIC CP 443-1 OPC UA, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F, SIMATIC IPC DiagMonitor, SIMATIC RF182C, SIMATIC RF185C, SIMATIC RF186C, SIMATIC RF188C, SIMATIC RF600 family, SIMATIC RF600R family, SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants), SIMATIC S7-PLCSIM Advanced, SIMATIC Teleservice Adapter IE Advanced, SIMATIC Teleservice Adapter IE Basic, SIMATIC Teleservice Adapter IE Standard, SIMATIC WinAC RTX (F) 2010, SIMATIC WinCC Runtime Advanced, SIMOCODE pro V EIP (incl. SIPLUS variants), SIMOCODE pro V PN (incl. SIPLUS variants), SINAMICS G130 V4.6 Control Unit, SINAMICS G130 V4.7 Control Unit, SINAMICS G130 V4.7 SP1 Control Unit, SINAMICS G130 V4.8 Control Unit, SINAMICS G130 V5.1 Control Unit, SINAMICS G130 V5.1 SP1 Control Unit, SINAMICS G150 V4.6 Control Unit, SINAMICS G150 V4.7 Control Unit, SINAMICS G150 V4.7 SP1 Control Unit, SINAMICS G150 V4.8 Control Unit, SINAMICS G150 V5.1 Control Unit, SINAMICS G150 V5.1 SP1 Control Unit, SINAMICS GH150 V4.7 (Control Unit), SINAMICS GH150 V4.8 (Control Unit), SINAMICS GL150 V4.7 (Control Unit), SINAMICS GL150 V4.8 (Control Unit), SINAMICS GM150 V4.7 (Control Unit), SINAMICS GM150 V4.8 (Control Unit), SINAMICS S120 V4.6 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.7 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V4.8 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 Control Unit (incl. SIPLUS variants), SINAMICS S120 V5.1 SP1 Control Unit (incl. SIPLUS variants), SINAMICS S150 V4.6 Control Unit, SINAMICS S150 V4.7 Control Unit, SINAMICS S150 V4.7 SP1 Control Unit, SINAMICS S150 V4.8 Control Unit, SINAMICS S150 V5.1 Control Unit, SINAMICS S150 V5.1 SP1 Control Unit, SINAMICS S210 V5.1 Control Unit, SINAMICS S210 V5.1 SP1 Control Unit, SINAMICS SL150 V4.7 (Control Unit), SINAMICS SL150 V4.8 (Control Unit), SINAMICS SM120 V4.7 (Control Unit), SINAMICS SM120 V4.8 (Control Unit), SINAMICS SM150 V4.8 (Control Unit), SIPLUS NET CP 343-1 Advanced, SIPLUS NET CP 443-1, SIPLUS NET CP 443-1 Advanced, SITOP Manager, SITOP PSU8600, SITOP UPS1600 (incl. SIPLUS variants), TIM 1531 IRC (incl. SIPLUS NET variants). The webserver of the affected devices contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the device. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-6568 |
| CVE-2019-0227 |
A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-0227 |
| CVE-2019-13565 |
An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-13565 |
| CVE-2019-5137 |
The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5137 |
| CVE-2019-5148 |
An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13. A specially crafted packet can cause an integer underflow, triggering a large memcpy that will access unmapped or out-of-bounds memory. An attacker can send this packet while unauthenticated to trigger this vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5148 |
| CVE-2019-19300 |
A vulnerability has been identified in Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200 (All versions), Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P (All versions), KTK ATE530S (All versions), SIDOOR ATD430W (All versions), SIDOOR ATE530S COATED (All versions), SIDOOR ATE531S (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.0), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC MICRO-DRIVE PDC (All versions), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (incl. SIPLUS NET variants) (All versions >= V4.2), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions < V4.4.0), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0), SIMATIC S7-1500 Software Controller (All versions < V2.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family and below (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (F) 2010 (All versions), SINAMICS S/G Control Unit w. PROFINET (All versions). The Interniche-based TCP Stack can be forced to make very expensive calls for every incoming packet which can lead to a denial of service. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-19300 |
| CVE-2020-11579 |
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-11579 |
| CVE-2021-33737 |
A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 ERPC (All versions), SIMATIC CP 343-1 Lean (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIPLUS NET CP 443-1 Advanced (All versions). Sending a specially crafted packet to port 102/tcp of an affected device could cause a denial of service condition. A restart is needed to restore normal operations. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-33737 |
| CVE-2021-34798 |
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-34798 |
| CVE-2021-41092 |
Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-41092 |
| CVE-2021-42697 |
Akka HTTP 10.1.x before 10.1.15 and 10.2.x before 10.2.7 can encounter stack exhaustion while parsing HTTP headers, which allows a remote attacker to conduct a Denial of Service attack by sending a User-Agent header with deeply nested comments. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42697 |
| CVE-2021-23727 |
This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-23727 |
| CVE-2022-21676 |
Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package starting from version `4.0.0`, including those who uses depending packages like `socket.io`. Versions prior to `4.0.0` are not impacted. A fix has been released for each major branch, namely `4.1.2` for the `4.x.x` branch, `5.2.1` for the `5.x.x` branch, and `6.1.1` for the `6.x.x` branch. There is no known workaround except upgrading to a safe version. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21676 |
| CVE-2021-39293 |
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-39293 |
| CVE-2022-21698 |
client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21698 |
| CVE-2022-25314 |
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-25314 |
| CVE-2022-0725 |
A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0725 |
| CVE-2022-0778 |
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0778 |
| CVE-2022-25622 |
A vulnerability has been identified in SIMATIC CFU DIQ (All versions), SIMATIC CFU PA (All versions), SIMATIC ET200AL IM157-1 PN (All versions), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 MF HF (All versions), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants) (All versions), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants) (All versions >= V4.2), SIMATIC ET200ecoPN, CM 8x IO-Link, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 16x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DI 8x24VDC, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DIQ 16x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/0,5A, M12-L (All versions >= V5.1.1), SIMATIC ET200ecoPN, DQ 8x24VDC/2A, M12-L (All versions >= V5.1.1), SIMATIC PN/MF Coupler (All versions), SIMATIC PN/PN Coupler (All versions >= 4.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V2.0.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.10), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V10 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions), SIMATIC TDC CP51M1 (All versions), SIMATIC TDC CPU555 (All versions), SIMATIC WinAC RTX (All versions), SIMIT Simulation Platform (All versions), SINAMICS G110M (All versions), SINAMICS G115D (All versions), SINAMICS G120 (incl. SIPLUS variants) (All versions), SINAMICS G130 (All versions), SINAMICS G150 (All versions), SINAMICS S120 (incl. SIPLUS variants) (All versions), SINAMICS S150 (All versions), SINAMICS S210 (All versions), SIPLUS HCS4200 CIM4210 (All versions), SIPLUS HCS4200 CIM4210C (All versions), SIPLUS HCS4300 CIM4310 (All versions), SIPLUS NET PN/PN Coupler (All versions >= 4.2). The PROFINET (PNIO) stack, when integrated with the Interniche IP stack, improperly handles internal resources for TCP segments where the minimum TCP-Header length is less than defined. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-25622 |
| CVE-2022-27241 |
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.11), Mendix Applications using Mendix 9 (V9.6) (All versions). Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27241 |
| CVE-2021-32040 |
It may be possible to have an extremely long aggregation pipeline in conjunction with a specific stage/operator and cause a stack overflow due to the size of the stack frames used by that stage. If an attacker could cause such an aggregation to occur, they could maliciously crash MongoDB in a DoS attack. This vulnerability affects MongoDB versions prior to 5.0.4, 4.4.11, 4.2.16. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32040 |
| CVE-2021-46789 |
Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-46789 |
| CVE-2022-29793 |
There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29793 |
| CVE-2022-29222 |
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29222 |
| CVE-2022-31261 |
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31261 |
| CVE-2021-3629 |
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3629 |
| CVE-2021-32966 |
Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32966 |
| CVE-2021-32997 |
The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-32997 |
| CVE-2022-1678 |
An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1678 |
| CVE-2022-30427 |
In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30427 |
| CVE-2022-30428 |
In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30428 |
| CVE-2022-26701 |
A race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26701 |
| CVE-2022-25878 |
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-25878 |
| CVE-2022-1589 |
The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1589 |
| CVE-2022-23082 |
In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23082 |
| CVE-2022-31002 |
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31002 |
| CVE-2022-31001 |
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31001 |
| CVE-2022-31005 |
Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31005 |
| CVE-2020-26184 |
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-26184 |
| CVE-2020-26185 |
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-26185 |
| CVE-2022-29098 |
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29098 |
| CVE-2022-29169 |
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5 service. The useragent library performs checking of device by parsing the input of User-Agent header and lets it go through lookupUserAgent() (alias of useragent.lookup() ). This function handles input by regexing and attackers can abuse that by providing some ReDos payload using `SmartWatch`. The maintainers removed `htmlclient/useragent` from versions 2.3.19, 2.4.7, and 2.5.0-beta.2. As a workaround, disable NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29169 |
| CVE-2021-33254 |
An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-33254 |
| CVE-2021-33615 |
RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-33615 |
| CVE-2021-40186 |
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-40186 |
| CVE-2021-43306 |
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-43306 |
| CVE-2021-43307 |
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-43307 |
| CVE-2021-43308 |
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-43308 |
| CVE-2022-1661 |
The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1661 |
| CVE-2022-1929 |
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1929 |
| CVE-2022-1949 |
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1949 |
| CVE-2022-24241 |
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24241 |
| CVE-2022-24581 |
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24581 |
| CVE-2022-26975 |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26975 |
| CVE-2022-27775 |
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27775 |
| CVE-2022-27780 |
The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27780 |
| CVE-2022-27781 |
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27781 |
| CVE-2022-27782 |
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27782 |
| CVE-2022-29693 |
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29693 |
| CVE-2022-29694 |
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29694 |
| CVE-2022-29695 |
Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29695 |
| CVE-2022-29729 |
Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29729 |
| CVE-2022-30496 |
SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30496 |
| CVE-2022-31004 |
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in 'data.js' has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a "hot fix" for version 1.1.1 and for the 2.x branch. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31004 |
| CVE-2022-31018 |
Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play's forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON request body or the `Form#bind` method directly on a JSON value. If the JSON data being bound to the form contains a deeply-nested JSON object or array, the form binding implementation may consume all available heap space and cause an `OutOfMemoryError`. If executing on the default dispatcher and `akka.jvm-exit-on-fatal-error` is enabled—as it is by default—then this can crash the application process. `Form.bindFromRequest` is vulnerable when using any body parser that produces a type of `AnyContent` or `JsValue` in Scala, or one that can produce a `JsonNode` in Java. This includes Play's default body parser. This vulnerability been patched in version 2.8.16. There is now a global limit on the depth of a JSON object that can be parsed, which can be configured by the user if necessary. As a workaround, applications that do not need to parse a request body of type `application/json` can switch from the default body parser to another body parser that supports only the specific type of body they expect. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31018 |
| CVE-2022-31023 |
Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors displaying to users in a production application, which could expose sensitive information from the application. In particular, the constructor for `CORSFilter` and `apply` method for `CORSActionBuilder` use the static object `DefaultHttpErrorHandler` as a default value. This is patched in Play Framework 2.8.16. The `DefaultHttpErrorHandler` object has been changed to use the prod-mode behavior, and `DevHttpErrorHandler` has been introduced for the dev-mode behavior. A workaround is available. When constructing a `CORSFilter` or `CORSActionBuilder`, ensure that a properly-configured error handler is passed. Generally this should be done by using the `HttpErrorHandler` instance provided through dependency injection or through Play's `BuiltInComponents`. Ensure that the application is not using the `DefaultHttpErrorHandler` static object in any code that may be run in production. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31023 |
| CVE-2021-42877 |
TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42877 |
| CVE-2022-22556 |
Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22556 |
| CVE-2022-30237 |
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30237 |
| CVE-2021-42886 |
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42886 |
| CVE-2021-42889 |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42889 |
| CVE-2021-42891 |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42891 |
| CVE-2021-42893 |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42893 |
| CVE-2021-39947 |
In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-39947 |
| CVE-2022-21757 |
In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21757 |
| CVE-2022-23712 |
A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23712 |
| CVE-2022-22396 |
Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases. Credentials could be the remote vSnap, offload targets, or VADP credentials depending on the operation performed. Credentials that are using API key or certificate are not printed. IBM X-Force ID: 222231. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22396 |
| CVE-2022-32275 |
Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32275 |
| CVE-2022-30587 |
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30587 |
| CVE-2022-29631 |
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29631 |
| CVE-2021-37589 |
Virtua Cobranca before 12R allows SQL Injection on the login page. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-37589 |
| CVE-2022-29564 |
Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29564 |
| CVE-2022-31028 |
MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections. Public-facing MinIO deployments are most affected. Users should upgrade to RELEASE.2022-06-02T02-11-04Z to receive a patch. One possible workaround is to use a reverse proxy to limit the number of connections being attempted in front of MinIO, and actively rejecting connections from such malicious clients. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31028 |
| CVE-2022-1708 |
A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1708 |
| CVE-2022-30717 |
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30717 |
| CVE-2022-30732 |
Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30732 |
| CVE-2022-30735 |
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30735 |
| CVE-2022-30746 |
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30746 |
| CVE-2022-21211 |
This affects all versions of package posix. When invoking the toString method, it will fallback to 0x0 value, as the value of toString is not invokable (not a function), and then it will crash with type-check. |
7.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21211 |
| CVE-2022-31460 |
Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. |
7.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31460 |
| CVE-2019-10086 |
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean. |
7.3 |
https://nvd.nist.gov/vuln/detail/CVE-2019-10086 |
| CVE-2019-5142 |
An exploitable command injection vulnerability exists in the hostname functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various authenticated requests to trigger this vulnerability. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5142 |
| CVE-2019-5165 |
An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13. A specially configured device hostname can cause the device to interpret select remote traffic as local traffic, resulting in a bypass of web authentication. An attacker can send authenticated SNMP requests to trigger this vulnerability. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5165 |
| CVE-2021-43944 |
This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2021-43944 |
| CVE-2022-26151 |
Citrix XenMobile Server 10.12 through RP11, 10.13 through RP7, and 10.14 through RP4 allows Command Injection. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26151 |
| CVE-2022-23050 |
ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23050 |
| CVE-2022-31007 |
eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31007 |
| CVE-2021-44080 |
A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2021-44080 |
| CVE-2022-30794 |
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30794 |
| CVE-2022-30795 |
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30795 |
| CVE-2022-30798 |
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30798 |
| CVE-2022-30799 |
Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30799 |
| CVE-2022-30818 |
Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30818 |
| CVE-2022-30823 |
Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\blog_events_edit.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30823 |
| CVE-2022-30825 |
Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\client_edit.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30825 |
| CVE-2022-30826 |
Wedding Management System v1.0 is vulnerable to SQL Injection via admin\\client_assign.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30826 |
| CVE-2022-30827 |
Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\package_edit.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30827 |
| CVE-2022-30828 |
Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\photos_edit.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30828 |
| CVE-2022-30829 |
Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\users_edit.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30829 |
| CVE-2022-30830 |
Wedding Management System v1.0 is vulnerable to SQL Injection via \\admin\\feature_edit.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30830 |
| CVE-2022-30831 |
Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30831 |
| CVE-2022-30832 |
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30832 |
| CVE-2022-30833 |
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30833 |
| CVE-2022-30834 |
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id= |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30834 |
| CVE-2022-30835 |
Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30835 |
| CVE-2022-30836 |
Wedding Management System v1.0 is vulnerable to SQL Injection. via Wedding-Management/admin/select.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30836 |
| CVE-2022-31339 |
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31339 |
| CVE-2022-31970 |
ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31970 |
| CVE-2022-31971 |
ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31971 |
| CVE-2022-31974 |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31974 |
| CVE-2022-31975 |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31975 |
| CVE-2022-31980 |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31980 |
| CVE-2022-31981 |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31981 |
| CVE-2022-31982 |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31982 |
| CVE-2022-31983 |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31983 |
| CVE-2022-31984 |
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31984 |
| CVE-2022-31996 |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31996 |
| CVE-2022-31998 |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31998 |
| CVE-2022-32000 |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32000 |
| CVE-2022-32001 |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/view_product.php?id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32001 |
| CVE-2022-32003 |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32003 |
| CVE-2022-32004 |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32004 |
| CVE-2022-32005 |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32005 |
| CVE-2022-32006 |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32006 |
| CVE-2022-31985 |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_sales_report&date=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31985 |
| CVE-2022-31986 |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_court_rental_report&date=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31986 |
| CVE-2022-31988 |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31988 |
| CVE-2022-31992 |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31992 |
| CVE-2022-31994 |
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31994 |
| CVE-2022-32007 |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32007 |
| CVE-2022-32008 |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32008 |
| CVE-2022-32010 |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32010 |
| CVE-2022-32011 |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32011 |
| CVE-2022-32012 |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32012 |
| CVE-2022-32013 |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32013 |
| CVE-2022-32014 |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32014 |
| CVE-2022-32015 |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32015 |
| CVE-2022-32016 |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32016 |
| CVE-2022-32017 |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32017 |
| CVE-2022-32018 |
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32018 |
| CVE-2022-32021 |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32021 |
| CVE-2022-32022 |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32022 |
| CVE-2022-32024 |
Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32024 |
| CVE-2022-32025 |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32025 |
| CVE-2022-32026 |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32026 |
| CVE-2022-32027 |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32027 |
| CVE-2022-32028 |
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32028 |
| CVE-2022-32268 |
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32268 |
| CVE-2022-30860 |
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30860 |
| CVE-2022-30586 |
Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution. |
7.2 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30586 |
| CVE-2019-5139 |
An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13. The device operating system contains an undocumented encryption password, allowing for the creation of custom diagnostic scripts. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5139 |
| CVE-2021-25746 |
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25746 |
| CVE-2021-26362 |
A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26362 |
| CVE-2022-22977 |
VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22977 |
| CVE-2022-21827 |
An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21827 |
| CVE-2022-26697 |
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26697 |
| CVE-2022-26698 |
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26698 |
| CVE-2022-30687 |
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30687 |
| CVE-2022-20806 |
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-20806 |
| CVE-2022-31463 |
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used. |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31463 |
| CVE-2022-1944 |
When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs |
7.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1944 |
| CVE-2022-1734 |
A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine. |
7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1734 |
| CVE-2022-29855 |
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29855 |
| CVE-2022-0004 |
Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in Intel(R) Boot Guard and Intel(R) TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0004 |
| CVE-2022-29854 |
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29854 |
| CVE-2022-21951 |
A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21951 |
| CVE-2022-30784 |
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30784 |
| CVE-2022-30786 |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30786 |
| CVE-2022-30788 |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30788 |
| CVE-2022-30789 |
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30789 |
| CVE-2022-1789 |
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. |
6.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1789 |
| CVE-2022-30783 |
An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30783 |
| CVE-2022-30785 |
A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30785 |
| CVE-2022-30787 |
An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30787 |
| CVE-2022-26691 |
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26691 |
| CVE-2022-29085 |
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29085 |
| CVE-2022-21750 |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521283; Issue ID: ALPS06521283. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21750 |
| CVE-2022-21751 |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511132; Issue ID: ALPS06511132. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21751 |
| CVE-2022-21752 |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493873. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21752 |
| CVE-2022-21753 |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493873; Issue ID: ALPS06493899. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21753 |
| CVE-2022-21754 |
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535953; Issue ID: ALPS06535953. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21754 |
| CVE-2022-21758 |
In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06439600; Issue ID: ALPS06439600. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21758 |
| CVE-2022-21759 |
In power service, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419106; Issue ID: ALPS06419077. |
6.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21759 |
| CVE-2017-9287 |
servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to a double free vulnerability. A user with access to search the directory can crash slapd by issuing a search including the Paged Results control with a page size of 0. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2017-9287 |
| CVE-2018-6356 |
Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On Windows, any file accessible to the Jenkins master process could be downloaded. On other operating systems, any file within the Jenkins home directory accessible to the Jenkins master process could be downloaded. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2018-6356 |
| CVE-2018-4843 |
A vulnerability has been identified in SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC NET CP 343-1 Standard (incl. SIPLUS NET variants) (All versions), SIMATIC NET CP 443-1 Advanced (incl. SIPLUS NET variants) (All versions), SIMATIC NET CP 443-1 Standard (incl. SIPLUS NET variants) (All versions), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (incl. F) (All versions < V1.7.0), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V3.X.16), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX (F) 2010 (All versions < SIMATIC WinAC RTX 2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a Denial-of-Service condition of the requesting system. The security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. Successful exploitation requires no user interaction or privileges and impacts the availability of core functionality of the affected device. A manual restart is required to recover the system. At the time of advisory publication no public exploitation of this security vulnerability is known. Siemens provides mitigations to resolve the security issue. PROFIBUS interfaces are not affected. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2018-4843 |
| CVE-2019-3799 |
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-3799 |
| CVE-2019-5014 |
An exploitable improper access control vulnerability exists in the bluetooth low energy functionality of Winco Fireworks FireFly FW-1007 V2.0. An attacker can connect to the device to trigger this vulnerability. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5014 |
| CVE-2019-3738 |
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-3738 |
| CVE-2019-3739 |
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-3739 |
| CVE-2021-40085 |
An issue was discovered in OpenStack Neutron before 16.4.1, 17.x before 17.2.1, and 18.x before 18.1.1. Authenticated attackers can reconfigure dnsmasq via a crafted extra_dhcp_opts value. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-40085 |
| CVE-2021-33716 |
A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-33716 |
| CVE-2021-43332 |
In GNU Mailman before 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-43332 |
| CVE-2021-43941 |
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-43941 |
| CVE-2022-25313 |
In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-25313 |
| CVE-2021-37209 |
A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC (All versions), RUGGEDCOM ROS RMC20 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC40 (All versions), RUGGEDCOM ROS RMC41 (All versions), RUGGEDCOM ROS RMC8388 (All versions), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (32M) (All versions), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions), RUGGEDCOM ROS RSG2300 (All versions), RUGGEDCOM ROS RSG2300P (All versions), RUGGEDCOM ROS RSG2488 (All versions), RUGGEDCOM ROS RSG907R (All versions), RUGGEDCOM ROS RSG908C (All versions), RUGGEDCOM ROS RSG909R (All versions), RUGGEDCOM ROS RSG910C (All versions), RUGGEDCOM ROS RSG920P (All versions), RUGGEDCOM ROS RSL910 (All versions), RUGGEDCOM ROS RST2228 (All versions), RUGGEDCOM ROS RST2228P (All versions), RUGGEDCOM ROS RST916C (All versions), RUGGEDCOM ROS RST916P (All versions), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions). The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-37209 |
| CVE-2021-3733 |
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3733 |
| CVE-2022-1348 |
A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1348 |
| CVE-2022-28875 |
A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28875 |
| CVE-2022-22662 |
A cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22662 |
| CVE-2022-30585 |
The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30585 |
| CVE-2022-20807 |
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-20807 |
| CVE-2022-1583 |
The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to "null" when links to external sites are clicked, which may enable tabnabbing attacks to occur. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1583 |
| CVE-2022-22361 |
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22361 |
| CVE-2022-1947 |
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1947 |
| CVE-2022-1285 |
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1285 |
| CVE-2022-29232 |
BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a meeting on the server. BigBlueButton versions 2.3.9 and 2.4-beta-1 contain a patch for this issue. There are currently no known workarounds. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29232 |
| CVE-2022-27776 |
A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27776 |
| CVE-2022-29788 |
libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29788 |
| CVE-2022-30804 |
elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30804 |
| CVE-2022-31342 |
Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31342 |
| CVE-2022-31796 |
libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31796 |
| CVE-2022-31966 |
ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31966 |
| CVE-2022-31973 |
Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31973 |
| CVE-2022-1982 |
Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1982 |
| CVE-2022-26944 |
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26944 |
| CVE-2022-29597 |
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the file contents of the internal system file requested. This ability could allow for adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29597 |
| CVE-2022-31024 |
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31024 |
| CVE-2022-31459 |
Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31459 |
| CVE-2022-31461 |
Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31461 |
| CVE-2022-30233 |
A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30233 |
| CVE-2022-29767 |
adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29767 |
| CVE-2022-29773 |
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29773 |
| CVE-2022-1935 |
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1935 |
| CVE-2022-1936 |
Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1936 |
| CVE-2022-29617 |
Due to improper error handling an authenticated user can crash CLA assistant instance. This could impact the availability of the application. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29617 |
| CVE-2022-28478 |
SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal. The "Remove file" functionality inside the "Log files management" menu does not sanitize user input allowing attackers with admin privileges to delete arbitrary files on the remote system. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28478 |
| CVE-2020-36528 |
A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850. Affected is /MobileHandler.ashx which leads to broken access control. The attack requires authentication. Upgrading to version 1.0.4.851 is able to address this issue. It is recommended to upgrade the affected component. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36528 |
| CVE-2020-36532 |
A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36532 |
| CVE-2020-36534 |
A vulnerability was found in easyii CMS. It has been classified as problematic. Affected is an unknown function of the file /admin/sign/out. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36534 |
| CVE-2022-1422 |
The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1422 |
| CVE-2022-1424 |
The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site. |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1424 |
| CVE-2022-21499 |
KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21499 |
| CVE-2022-21504 |
The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). |
6.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21504 |
| CVE-2021-41089 |
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. |
6.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-41089 |
| CVE-2021-41091 |
Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers. |
6.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-41091 |
| CVE-2022-1462 |
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. |
6.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1462 |
| CVE-2018-8032 |
Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2018-8032 |
| CVE-2019-13038 |
mod_auth_mellon through 0.14.2 has an Open Redirect via the login?ReturnTo= substring, as demonstrated by omitting the // after http: in the target URL. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2019-13038 |
| CVE-2021-43331 |
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-43331 |
| CVE-2021-43558 |
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-43558 |
| CVE-2021-45818 |
SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-45818 |
| CVE-2021-25086 |
The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-25086 |
| CVE-2022-29710 |
A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29710 |
| CVE-2022-29091 |
Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29091 |
| CVE-2021-28508 |
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28508 |
| CVE-2021-28509 |
This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-28509 |
| CVE-2022-31648 |
Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31648 |
| CVE-2022-1009 |
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1009 |
| CVE-2022-1527 |
The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1527 |
| CVE-2022-1528 |
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1528 |
| CVE-2022-1582 |
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1582 |
| CVE-2022-29258 |
XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platform Filter UI contains a possible cross-site scripting vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) according to the instructions in the GitHub Security Advisory. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29258 |
| CVE-2022-23237 |
E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23237 |
| CVE-2022-24238 |
ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24238 |
| CVE-2022-26972 |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26972 |
| CVE-2022-26974 |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26974 |
| CVE-2022-26977 |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26977 |
| CVE-2022-26978 |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26978 |
| CVE-2022-29540 |
resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints, |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29540 |
| CVE-2022-29598 |
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29598 |
| CVE-2022-29653 |
OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29653 |
| CVE-2022-29711 |
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29711 |
| CVE-2022-29732 |
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29732 |
| CVE-2022-30349 |
siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30349 |
| CVE-2022-30513 |
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30513 |
| CVE-2022-30514 |
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30514 |
| CVE-2022-29718 |
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29718 |
| CVE-2022-1988 |
Cross-site Scripting (XSS) - Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1988 |
| CVE-2021-42245 |
FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42245 |
| CVE-2022-31493 |
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31493 |
| CVE-2022-31492 |
Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31492 |
| CVE-2022-31498 |
LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31498 |
| CVE-2022-31494 |
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31494 |
| CVE-2022-31495 |
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31495 |
| CVE-2022-1241 |
The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1241 |
| CVE-2022-1597 |
The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks |
6.1 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1597 |
| CVE-2017-2911 |
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2911 |
| CVE-2017-2912 |
An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the goclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2912 |
| CVE-2017-2913 |
An exploitable vulnerability exists in the filtering functionality of Circle with Disney. SSL certificates for specific domain names can cause the Bluecoat library to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2017-2913 |
| CVE-2021-36221 |
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-36221 |
| CVE-2022-24769 |
Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24769 |
| CVE-2021-3597 |
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3597 |
| CVE-2022-29245 |
SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client’s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `curve25519-sha256@libssh.org` key exchange algorithms. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29245 |
| CVE-2022-31015 |
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call. This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31015 |
| CVE-2022-26491 |
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26491 |
| CVE-2022-29733 |
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack. |
5.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29733 |
| CVE-2022-27774 |
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. |
5.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27774 |
| CVE-2022-30277 |
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). |
5.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30277 |
| CVE-2019-5011 |
An exploitable privilege escalation vulnerability exists in the helper service CleanMyMac X, version 4.20, due to improper updating. The application failed to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. A user with local access can use this vulnerability to modify the file system as root. An attacker would need local access to the machine for a successful exploit. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5011 |
| CVE-2019-5020 |
An exploitable denial of service vulnerability exists in the object lookup functionality of Yara 3.8.1. A specially crafted binary file can cause a negative value to be read to satisfy an assert, resulting in Denial of Service. An attacker can create a malicious binary to trigger this vulnerability. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5020 |
| CVE-2020-27842 |
There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-27842 |
| CVE-2020-9014 |
In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows local users to cause a denial of service (BSOD) via crafted input to the virtual audio device driver with IOCTL 0x9C402402, 0x9C402406, or 0x9C40240A. \\Device\\EMPNSAUIO and \\DosDevices\\EMPNSAU are similarly affected. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-9014 |
| CVE-2020-9453 |
In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x9C402406 and IOCtl 0x9C40240A. (0x9C402402 has only a NULL pointer dereference.) This affects \\Device\\EMPMPAUIO and \\DosDevices\\EMPMPAU. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2020-9453 |
| CVE-2021-33910 |
basic/unit-name.c in systemd prior to 246.15, 247.8, 248.5, and 249.1 has a Memory Allocation with an Excessive Size Value (involving strdupa and alloca for a pathname controlled by a local attacker) that results in an operating system crash. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-33910 |
| CVE-2022-0854 |
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMA_FROM_DEVICE. This flaw allows a local user to read random memory from the kernel space. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0854 |
| CVE-2022-1475 |
An integer overflow vulnerability was found in FFmpeg versions before 4.4.2 and before 5.0.1 in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1475 |
| CVE-2022-22616 |
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22616 |
| CVE-2022-22663 |
This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22663 |
| CVE-2022-22674 |
An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22674 |
| CVE-2022-22676 |
An event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-22676 |
| CVE-2022-26766 |
A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26766 |
| CVE-2022-26767 |
The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26767 |
| CVE-2022-30973 |
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30973 |
| CVE-2022-31022 |
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. There is no patch for this issue because the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31022 |
| CVE-2021-42196 |
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42196 |
| CVE-2021-42198 |
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42198 |
| CVE-2021-42200 |
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42200 |
| CVE-2021-42202 |
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42202 |
| CVE-2021-43512 |
An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2021-43512 |
| CVE-2022-1943 |
A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1943 |
| CVE-2022-29779 |
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29779 |
| CVE-2022-29780 |
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29780 |
| CVE-2022-30503 |
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30503 |
| CVE-2022-31783 |
Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31783 |
| CVE-2022-32201 |
In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32201 |
| CVE-2022-32202 |
In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32202 |
| CVE-2022-26866 |
Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26866 |
| CVE-2022-21748 |
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06511030; Issue ID: ALPS06511030. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21748 |
| CVE-2022-21749 |
In telephony, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06511058; Issue ID: ALPS06511058. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21749 |
| CVE-2022-28224 |
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28224 |
| CVE-2022-30727 |
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30727 |
| CVE-2022-30731 |
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30731 |
| CVE-2022-30745 |
Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30745 |
| CVE-2022-30747 |
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30747 |
| CVE-2022-30748 |
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. |
5.5 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30748 |
| CVE-2018-1999005 |
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in BuildTimelineWidget.java, BuildTimelineWidget/control.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1999005 |
| CVE-2018-1999007 |
A cross-site scripting vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers with the ability to control the existence of some URLs in Jenkins to define JavaScript that would be executed in another user's browser when that other user views HTTP 404 error pages while Stapler debug mode is enabled. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1999007 |
| CVE-2019-1003050 |
The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2019-1003050 |
| CVE-2022-30596 |
A flaw was found in moodle where ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30596 |
| CVE-2022-20802 |
A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-20802 |
| CVE-2022-1928 |
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1928 |
| CVE-2022-0642 |
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0642 |
| CVE-2022-1562 |
The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1562 |
| CVE-2022-24967 |
Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS). |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-24967 |
| CVE-2022-26976 |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26976 |
| CVE-2022-29628 |
A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29628 |
| CVE-2022-29648 |
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29648 |
| CVE-2022-29734 |
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29734 |
| CVE-2022-30999 |
FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files ('image/svg+xml'), navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an attacker. This Javascript code could include the execution of HTTP web requests to Flarum, or any other web service. This could allow data to be leaked by an authenticated Flarum user, or, possibly, for data to be modified maliciously. This issue has been patched with v1.2.3, which now sanitizes uploaded SVG files. As a workaround, remove the ability for users to upload SVG files through FoF Upload. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30999 |
| CVE-2021-38221 |
bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-38221 |
| CVE-2022-26497 |
BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26497 |
| CVE-2022-30429 |
Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30429 |
| CVE-2022-29770 |
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29770 |
| CVE-2022-1940 |
A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1940 |
| CVE-2022-28051 |
The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28051 |
| CVE-2020-36523 |
A vulnerability was found in PlantUML 6.43. It has been declared as problematic. Affected by this vulnerability is the component Database Information Macro. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36523 |
| CVE-2020-36524 |
A vulnerability was found in Refined Toolkit. It has been rated as problematic. Affected by this issue is some unknown functionality of the component UI-Image/UI-Button. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36524 |
| CVE-2020-36525 |
A vulnerability classified as problematic has been found in Linking. This affects an unknown part of the component New Windows Macro. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36525 |
| CVE-2020-36526 |
A vulnerability classified as problematic was found in Countdown Timer. This vulnerability affects unknown code of the component Macro Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36526 |
| CVE-2020-36527 |
A vulnerability, which was classified as problematic, has been found in Server Status. This issue affects some unknown processing of the component HTTP Status/SMTP Status. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2020-36527 |
| CVE-2022-1997 |
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0. |
5.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1997 |
| CVE-2017-9947 |
A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2017-9947 |
| CVE-2018-1000067 |
An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1000067 |
| CVE-2018-1000068 |
An improper input validation vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to access plugin resource files in the META-INF and WEB-INF directories that should not be accessible, if the Jenkins home directory is on a case-insensitive file system. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1000068 |
| CVE-2019-5017 |
An exploitable information disclosure vulnerability exists in the KCodes NetUSB.ko kernel module that enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potentially several other vendors/products. An unauthenticated, remote attacker can craft and send a packet containing an opcode that will trigger the kernel module to return several addresses. One of which can be used to calculate the dynamic base address of the module for further exploitation. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2019-5017 |
| CVE-2021-26085 |
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-26085 |
| CVE-2021-22925 |
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22925 |
| CVE-2021-43560 |
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-43560 |
| CVE-2022-0140 |
The Visual Form Builder WordPress plugin before 3.0.8 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0140 |
| CVE-2022-1328 |
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1328 |
| CVE-2021-3503 |
A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-3503 |
| CVE-2022-30597 |
A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30597 |
| CVE-2021-27780 |
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27780 |
| CVE-2022-1893 |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1893 |
| CVE-2022-29235 |
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29235 |
| CVE-2022-26971 |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26971 |
| CVE-2022-26973 |
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26973 |
| CVE-2022-27779 |
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-27779 |
| CVE-2022-32265 |
qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32265 |
| CVE-2022-29784 |
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29784 |
| CVE-2022-31025 |
Discourse is an open source platform for community discussion. Prior to version 2.8.4 on the `stable` branch and 2.9.0beta5 on the `beta` and `tests-passed` branches, inviting users on sites that use single sign-on could bypass the `must_approve_users` check and invites by staff are always approved automatically. The issue is patched in Discourse version 2.8.4 on the `stable` branch and version `2.9.0.beta5` on the `beta` and `tests-passed` branches. As a workaround, disable invites or increase `min_trust_level_to_allow_invite` to reduce the attack surface to more trusted users. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31025 |
| CVE-2022-30709 |
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30709 |
| CVE-2022-30715 |
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30715 |
| CVE-2022-30716 |
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30716 |
| CVE-2022-30719 |
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30719 |
| CVE-2022-30720 |
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30720 |
| CVE-2022-30721 |
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30721 |
| CVE-2022-30733 |
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30733 |
| CVE-2022-30734 |
Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30734 |
| CVE-2022-30736 |
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30736 |
| CVE-2022-30737 |
Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30737 |
| CVE-2022-30743 |
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. |
5.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30743 |
| CVE-2019-13057 |
An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or with a proxyAuthz (RFC 4370) control. (It is not a common configuration to deploy a system where the server administrator and a DB administrator enjoy different levels of trust.) |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2019-13057 |
| CVE-2022-1926 |
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3. |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1926 |
| CVE-2021-33504 |
Couchbase Server before 7.1.0 has Incorrect Access Control. |
4.9 |
https://nvd.nist.gov/vuln/detail/CVE-2021-33504 |
| CVE-2019-10383 |
A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2019-10383 |
| CVE-2022-20765 |
A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-20765 |
| CVE-2021-27781 |
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27781 |
| CVE-2022-0376 |
The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0376 |
| CVE-2022-1275 |
The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite) |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1275 |
| CVE-2022-1294 |
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1294 |
| CVE-2022-1299 |
The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1299 |
| CVE-2022-1387 |
The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1387 |
| CVE-2022-1395 |
The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1395 |
| CVE-2022-1456 |
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1456 |
| CVE-2022-1542 |
The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1542 |
| CVE-2022-1564 |
The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1564 |
| CVE-2022-1566 |
The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1566 |
| CVE-2022-1568 |
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1568 |
| CVE-2022-1643 |
The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1643 |
| CVE-2022-1644 |
The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1644 |
| CVE-2022-1645 |
The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1645 |
| CVE-2022-1646 |
The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1646 |
| CVE-2021-27778 |
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27778 |
| CVE-2021-27914 |
A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-27914 |
| CVE-2021-36866 |
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2021-36866 |
| CVE-2022-30482 |
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \\admin\\add_cata.php via the ctg_name parameters. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30482 |
| CVE-2022-1979 |
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input --redacted-- leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1979 |
| CVE-2022-1980 |
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input --redacted-- leads to cross site scripting. The attack may be initiated remotely but requires authentication. Exploit details have been disclosed to the public |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1980 |
| CVE-2022-30861 |
FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30861 |
| CVE-2022-30863 |
FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30863 |
| CVE-2022-28479 |
SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS. An attacker with admin privileges can inject the payload inside the "Role management" menu and then trigger the payload by loading the "Users management" menu |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28479 |
| CVE-2022-1991 |
A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0. Affected is the file Master.php of the Master List. The manipulation of the argument Description with the input leads to cross site scripting. It is possible to launch the attack remotely but it requires authentication. Exploit details have been disclosed to the public. |
4.8 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1991 |
| CVE-2017-14159 |
slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command, as demonstrated by openldap-initscript. |
4.7 |
https://nvd.nist.gov/vuln/detail/CVE-2017-14159 |
| CVE-2022-26690 |
Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system. |
4.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26690 |
| CVE-2022-26764 |
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. |
4.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26764 |
| CVE-2022-26765 |
A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. |
4.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26765 |
| CVE-2020-6220 |
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. Exploit is possible only when the bttoken in victim’s session is active. |
4.7 |
https://nvd.nist.gov/vuln/detail/CVE-2020-6220 |
| CVE-2022-29082 |
Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates. |
4.6 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29082 |
| CVE-2022-1716 |
Keep My Notes v1.80.147 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. |
4.6 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1716 |
| CVE-2022-30729 |
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. |
4.6 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30729 |
| CVE-2022-30730 |
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. |
4.6 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30730 |
| CVE-2021-20317 |
A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2021-20317 |
| CVE-2022-0494 |
A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-0494 |
| CVE-2022-26688 |
An issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26688 |
| CVE-2022-23236 |
E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-23236 |
| CVE-2022-21746 |
In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479698; Issue ID: ALPS06479698. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21746 |
| CVE-2022-21747 |
In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478078; Issue ID: ALPS06478078. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21747 |
| CVE-2022-21755 |
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545464; Issue ID: ALPS06545464. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21755 |
| CVE-2022-21756 |
In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06535950; Issue ID: ALPS06535950. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21756 |
| CVE-2022-21760 |
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479562; Issue ID: ALPS06479562. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21760 |
| CVE-2022-21761 |
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479532; Issue ID: ALPS06479532. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21761 |
| CVE-2022-21762 |
In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477946; Issue ID: ALPS06477946. |
4.4 |
https://nvd.nist.gov/vuln/detail/CVE-2022-21762 |
| CVE-2018-1000192 |
A information exposure vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in AboutJenkins.java, ListPluginsCommand.java that allows users with Overall/Read access to enumerate all installed plugins. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1000192 |
| CVE-2018-1000193 |
A improper neutralization of control sequences vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in HudsonPrivateSecurityRealm.java that allows users to sign up using user names containing control characters that can then appear to have the same name as other users, and cannot be deleted via the UI. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1000193 |
| CVE-2018-1000195 |
A server-side request forgery vulnerability exists in Jenkins 2.120 and older, LTS 2.107.2 and older in ZipExtractionInstaller.java that allows users with Overall/Read permission to have Jenkins submit a HTTP GET request to an arbitrary URL and learn whether the response is successful (200) or not. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1000195 |
| CVE-2018-1999003 |
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1999003 |
| CVE-2018-1999004 |
A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in SlaveComputer.java that allows attackers with Overall/Read permission to initiate agent launches, and abort in-progress agent launches. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2018-1999004 |
| CVE-2022-30598 |
A flaw was found in moodle where global search results could include author information on some activities where a user may not otherwise have access to it. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30598 |
| CVE-2022-1203 |
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1203 |
| CVE-2022-29243 |
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. Versions 22.2.7 and 23.0.4 contain a fix for this issue. There are currently no known workarounds available. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29243 |
| CVE-2022-31000 |
solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-31000 |
| CVE-2022-26905 |
Microsoft Edge (Chromium-based) Spoofing Vulnerability. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-26905 |
| CVE-2022-29233 |
BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of internal ids rather than on verification of the role of the user. Versions 2.3.18 and 2.4-rc-1 contain a patch for this issue. There are currently no known workarounds. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29233 |
| CVE-2022-29234 |
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s after the lock setting was enacted. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29234 |
| CVE-2022-29236 |
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced grace period. The attacker must be a meeting participant. The problem has been patched in versions 2.3.18 and 2.4-rc-6. There are currently no known workarounds. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29236 |
| CVE-2021-36890 |
Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-36890 |
| CVE-2022-29627 |
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29627 |
| CVE-2022-29731 |
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-29731 |
| CVE-2022-30115 |
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30115 |
| CVE-2021-42892 |
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2021-42892 |
| CVE-2022-1821 |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for a subgroup member to access the members list of their parent group. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1821 |
| CVE-2022-30723 |
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30723 |
| CVE-2022-30724 |
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30724 |
| CVE-2022-30725 |
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30725 |
| CVE-2022-30738 |
Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30738 |
| CVE-2022-30739 |
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30739 |
| CVE-2022-30740 |
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30740 |
| CVE-2022-1421 |
The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack |
4.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1421 |
| CVE-2021-22924 |
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate. |
3.7 |
https://nvd.nist.gov/vuln/detail/CVE-2021-22924 |
| CVE-2020-4008 |
The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sensor is going to be installed, may overwrite a limited number of files with output from the sensor installation. |
3.6 |
https://nvd.nist.gov/vuln/detail/CVE-2020-4008 |
| CVE-2022-32296 |
The Linux kernel before 5.17.9 allows TCP servers to identify clients by observing what source ports are used. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-32296 |
| CVE-2022-28794 |
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-28794 |
| CVE-2022-30714 |
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30714 |
| CVE-2022-30728 |
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30728 |
| CVE-2022-30741 |
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30741 |
| CVE-2022-30742 |
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. |
3.3 |
https://nvd.nist.gov/vuln/detail/CVE-2022-30742 |
| CVE-2020-13353 |
When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. |
3.2 |
https://nvd.nist.gov/vuln/detail/CVE-2020-13353 |
| CVE-2021-35576 |
Vulnerability in the Oracle Database Enterprise Edition Unified Audit component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Easily exploitable vulnerability allows high privileged attacker having Local Logon privilege with network access via Oracle Net to compromise Oracle Database Enterprise Edition Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Enterprise Edition Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). |
2.7 |
https://nvd.nist.gov/vuln/detail/CVE-2021-35576 |
| CVE-2022-1783 |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1. It may be possible for malicious group maintainers to add new members to a project within their group, through the REST API, even after their group owner enabled a setting to prevent members from being added to projects within that group. |
2.7 |
https://nvd.nist.gov/vuln/detail/CVE-2022-1783 |
| CVE-2022-1966 |
A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1966 |
| CVE-2022-27438 |
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27438 |
| CVE-2022-2022 |
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2022 |
| CVE-2021-35530 |
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0 2.1.0; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35530 |
| CVE-2021-35531 |
Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35531 |
| CVE-2021-35532 |
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product. The vulnerability allows an attacker or malicious agent who manages to gain access to the system and obtain an account with sufficient privilege to upload a malicious firmware to the product. This issue affects: Hitachi Energy TXpert Hub CoreTec 4 version 2.0.0; 2.0.1; 2.1.0; 2.1.1; 2.1.2; 2.1.3; 2.2.0; 2.2.1. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35532 |
| CVE-2022-30466 |
joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30466 |
| CVE-2022-31470 |
An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31470 |
| CVE-2022-24065 |
The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection. When calling the cookiecutter function from Python code with the checkout parameter, it is passed to the hg checkout command in a way that additional flags can be set. The additional flags can be used to perform a command injection. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-24065 |
| CVE-2019-25062 |
A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2019-25062 |
| CVE-2019-25063 |
A vulnerability was found in Sricam IP CCTV Camera. It has been classified as critical. Affected is an unknown function of the component Device Viewer. The manipulation leads to memory corruption. Local access is required to approach this attack. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2019-25063 |
| CVE-2020-36543 |
A vulnerability, which was classified as critical, was found in SialWeb CMS. This affects an unknown part of the file /about.php. The manipulation of the argument Id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-36543 |
| CVE-2020-36544 |
A vulnerability has been found in SialWeb CMS and classified as problematic. This vulnerability affects unknown code of the component Search Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-36544 |
| CVE-2022-1703 |
Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1703 |
| CVE-2022-21122 |
The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context. As the Math class is exposed to user-land, it can be used to get access to JavaScript's Function constructor. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-21122 |
| CVE-2022-0779 |
The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-0779 |
| CVE-2022-0788 |
The WP Fundraising Donation and Crowdfunding Platform WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-0788 |
| CVE-2022-1005 |
The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1005 |
| CVE-2022-1394 |
The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1394 |
| CVE-2022-1469 |
The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1469 |
| CVE-2022-1506 |
The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1506 |
| CVE-2022-1541 |
The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1541 |
| CVE-2022-1569 |
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1569 |
| CVE-2022-1570 |
The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1570 |
| CVE-2022-1577 |
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. Or disable the automatic backup schedule |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1577 |
| CVE-2022-1598 |
The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1598 |
| CVE-2022-1647 |
The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1647 |
| CVE-2022-1673 |
The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1673 |
| CVE-2022-1683 |
The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1683 |
| CVE-2022-1684 |
The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1684 |
| CVE-2022-1685 |
The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1685 |
| CVE-2022-1686 |
The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1686 |
| CVE-2022-1687 |
The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1687 |
| CVE-2022-1688 |
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1688 |
| CVE-2022-1689 |
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1689 |
| CVE-2022-1690 |
The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1690 |
| CVE-2022-1691 |
The Realty Workstation WordPress plugin through 1.0.6 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1691 |
| CVE-2022-1692 |
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1692 |
| CVE-2022-1695 |
The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1695 |
| CVE-2022-1709 |
The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1709 |
| CVE-2022-1712 |
The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1712 |
| CVE-2022-31497 |
LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31497 |
| CVE-2022-1996 |
Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1996 |
| CVE-2022-30552 |
Das U-Boot 2022.01 has a Buffer Overflow. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30552 |
| CVE-2022-30790 |
Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30790 |
| CVE-2020-14125 |
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2020-14125 |
| CVE-2021-36710 |
ToaruOS 1.99.2 is affected by incorrect access control via the kernel. Improper MMU management and having a low GDT address allows it to be mapped in userland. A call gate can then be written to escalate to CPL 0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-36710 |
| CVE-2022-24296 |
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver. 3.21 and prior, Air Conditioning System AG-150A-A Ver. 3.21 and prior, Air Conditioning System AG-150A-J Ver. 3.21 and prior, Air Conditioning System GB-50AD Ver. 3.21 and prior, Air Conditioning System GB-50ADA-A Ver. 3.21 and prior, Air Conditioning System GB-50ADA-J Ver. 3.21 and prior, Air Conditioning System EB-50GU-A Ver. 7.10 and prior, Air Conditioning System EB-50GU-J Ver. 7.10 and prior, Air Conditioning System AE-200J Ver. 7.97 and prior, Air Conditioning System AE-200A Ver. 7.97 and prior, Air Conditioning System AE-200E Ver. 7.97 and prior, Air Conditioning System AE-50J Ver. 7.97 and prior, Air Conditioning System AE-50A Ver. 7.97 and prior, Air Conditioning System AE-50E Ver. 7.97 and prior, Air Conditioning System EW-50J Ver. 7.97 and prior, Air Conditioning System EW-50A Ver. 7.97 and prior, Air Conditioning System EW-50E Ver. 7.97 and prior, Air Conditioning System TE-200A Ver. 7.97 and prior, Air Conditioning System TE-50A Ver. 7.97 and prior and Air Conditioning System TW-50A Ver. 7.97 and prior allows a remote unauthenticated attacker to cause a disclosure of encrypted message of the air conditioning systems by sniffing encrypted communications. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-24296 |
| CVE-2022-28382 |
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to the use of an insecure encryption AES mode (Electronic Codebook, aka ECB), an attacker may be able to extract information even from encrypted data, for example by observing repeating byte patterns. The firmware of the USB-to-SATA bridge controller INIC-3637EN uses AES-256 with the ECB mode. This operation mode of block ciphers (e.g., AES) always encrypts identical plaintext data, in this case blocks of 16 bytes, to identical ciphertext data. For some data, for instance bitmap images, the lack of the cryptographic property called diffusion, within ECB, can leak sensitive information even in encrypted data. Thus, the use of the ECB operation mode can put the confidentiality of specific information at risk, even in an encrypted form. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28382 |
| CVE-2022-28383 |
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to insufficient firmware validation, an attacker can store malicious firmware code for the USB-to-SATA bridge controller on the USB drive (e.g., by leveraging physical access during the supply chain). This code is then executed. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428, Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0, Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1, and Fingerprint Secure Portable Hard Drive Part Number #53650. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28383 |
| CVE-2022-28384 |
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they allow an offline brute-force attack for determining the correct passcode, and thus gaining unauthorized access to the stored encrypted data. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28384 |
| CVE-2022-28385 |
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to missing integrity checks, an attacker can manipulate the content of the emulated CD-ROM drive (containing the Windows and macOS client software). The content of this emulated CD-ROM drive is stored as an ISO-9660 image in the hidden sectors of the USB drive, that can only be accessed using special IOCTL commands, or when installing the drive in an external disk enclosure. By manipulating this ISO-9660 image or replacing it with another one, an attacker is able to store malicious software on the emulated CD-ROM drive. This software may get executed by an unsuspecting victim when using the device. For example, an attacker with temporary physical access during the supply chain could program a modified ISO-9660 image on a device that always accepts an attacker-controlled password for unlocking the device. If the attacker later on gains access to the used USB drive, he can simply decrypt all contained user data. Storing arbitrary other malicious software is also possible. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28385 |
| CVE-2022-28387 |
An issue was discovered in certain Verbatim drives through 2022-03-31. Due to an insecure design, they can be unlocked by an attacker who can then gain unauthorized access to the stored data. The attacker can simply use an undocumented IOCTL command that retrieves the correct password. This affects Executive Fingerprint Secure SSD GDMSFE01-INI3637-C VER1.1 and Fingerprint Secure Portable Hard Drive Part Number #53650. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28387 |
| CVE-2022-30899 |
A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30899 |
| CVE-2022-31325 |
There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31325 |
| CVE-2022-32273 |
As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32273 |
| CVE-2022-28386 |
An issue was discovered in certain Verbatim drives through 2022-03-31. The security feature for lockout (e.g., requiring a reformat of the drive after 20 failed unlock attempts) does not work as specified. More than 20 attempts may be made. This affects Keypad Secure USB 3.2 Gen 1 Drive Part Number #49428 and Store 'n' Go Secure Portable HDD GD25LK01-3637-C VER4.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28386 |
| CVE-2022-30875 |
Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30875 |
| CVE-2021-40589 |
ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40589 |
| CVE-2021-40592 |
GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c. Function isoffin_process() can result in DoS by infinite loop. To exploit, the victim must open a specially crafted mp4 file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40592 |
| CVE-2022-30877 |
The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.2. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30877 |
| CVE-2022-30882 |
pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor. The impact is: execute arbitrary code (remote). When installing the pyanxdns package of version 0.2, the request package will be installed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30882 |
| CVE-2022-31313 |
api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31313 |
| CVE-2022-29013 |
A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29013 |
| CVE-2022-29014 |
A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29014 |
| CVE-2022-31496 |
LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31496 |
| CVE-2022-24840 |
django-s3file is a lightweight file upload input for Django and Amazon S3 . In versions prior to 5.5.1 it was possible to traverse the entire AWS S3 bucket and in most cases to access or delete files. If the `AWS_LOCATION` setting was set, traversal was limited to that location only. The issue was discovered by the maintainer. There were no reports of the vulnerability being known to or exploited by a third party, prior to the release of the patch. The vulnerability has been fixed in version 5.5.1 and above. There is no feasible workaround. We must urge all users to immediately updated to a patched version. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-24840 |
| CVE-2022-25804 |
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. Insecure permissions for the serverconfig registry key (under JavaSoft\\Prefs\\de\\igel\\rm\\config in HKEY_LOCAL_MACHINE\\SOFTWARE) allow an unprivileged local attacker to read the encrypted dbuser and dbpassword values for the UMS superuser. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25804 |
| CVE-2022-25805 |
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. The transmission of cleartext LDAP bind credentials by the cmd_mgt_load_mgt_tree command allows an attacker (who can intercept or inspect traffic between an authenticated UMS client and server) to compromise those LDAP bind credentials. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25805 |
| CVE-2022-25806 |
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the PrefDBCredentials class allows an attacker, who has discovered encrypted superuser credentials, to decrypt those credentials using a static 8-byte DES key. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25806 |
| CVE-2022-25807 |
An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100. A hardcoded DES key in the LDAPDesPWEncrypter class allows an attacker, who has discovered encrypted LDAP bind credentials, to decrypt those credentials using a static 8-byte DES key. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25807 |
| CVE-2022-30075 |
In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30075 |
| CVE-2022-31649 |
ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31649 |
| CVE-2022-32195 |
Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32195 |
| CVE-2022-24896 |
Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-24896 |
| CVE-2022-29254 |
silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library. For a subset of Omnipay gateways (those that use intermediary states like `isNotification()` or `isRedirect()`), if the payment identifier or success URL is exposed it is possible for payments to be prematurely marked as completed without payment being taken. This is mitigated by the fact that most payment gateways hide this information from users, however some issuing banks offer flawed 3DSecure implementations that may inadvertently expose this data. The following versions have been patched to fix this issue: `2.5.2`, `3.0.2`, `3.1.4`, and `3.2.1`. There are no known workarounds for this vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29254 |
| CVE-2022-29255 |
Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29255 |
| CVE-2021-40610 |
Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40610 |
| CVE-2021-40668 |
The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40668 |
| CVE-2022-31019 |
Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31019 |
| CVE-2022-31026 |
Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31026 |
| CVE-2022-31027 |
OAuthenticator is an OAuth token library for the JupyerHub login handler. CILogonOAuthenticator is provided by the OAuthenticator package, and lets users log in to a JupyterHub via CILogon. This is primarily used to restrict a JupyterHub only to users of a given institute. The allowed_idps configuration trait of CILogonOAuthenticator is documented to be a list of domains that indicate the institutions whose users are authorized to access this JupyterHub. This authorization is validated by ensuring that the *email* field provided to us by CILogon has a *domain* that matches one of the domains listed in `allowed_idps`.If `allowed_idps` contains `berkeley.edu`, you might expect only users with valid current credentials provided by University of California, Berkeley to be able to access the JupyterHub. However, CILogonOAuthenticator does *not* verify which provider is used by the user to login, only the email address provided. So a user can login with a GitHub account that has email set to `<something>@berkeley.edu`, and that will be treated exactly the same as someone logging in using the UC Berkeley official Identity Provider. The patch fixing this issue makes a *breaking change* in how `allowed_idps` is interpreted. It's no longer a list of domains, but configuration representing the `EntityID` of the IdPs that are allowed, picked from the [list maintained by CILogon](https://cilogon.org/idplist/). Users are advised to upgrade. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31027 |
| CVE-2022-31030 |
containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31030 |
| CVE-2022-31386 |
A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31386 |
| CVE-2022-31390 |
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31390 |
| CVE-2022-31393 |
Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31393 |
| CVE-2022-31827 |
MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31827 |
| CVE-2022-31830 |
Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31830 |
| CVE-2021-40961 |
CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40961 |
| CVE-2022-1998 |
A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1998 |
| CVE-2022-23138 |
ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-23138 |
| CVE-2022-2035 |
A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219. The issue exists because there are no limitations on the domain or format of the url supplied by the user, allowing an attacker to craft malicious urls which can trigger a reflected XSS payload in the context of a victim's browser. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2035 |
| CVE-2022-32272 |
OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access control, resulting in privilege escalation. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32272 |
| CVE-2022-0823 |
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-0823 |
| CVE-2022-24969 |
bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-24969 |
| CVE-2022-2000 |
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2000 |
| CVE-2022-2016 |
Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2016 |
| CVE-2022-2017 |
A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2017 |
| CVE-2022-2018 |
A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2018 |
| CVE-2022-2019 |
A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2019 |
| CVE-2022-2020 |
A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2020 |
| CVE-2022-30760 |
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30760 |
| CVE-2022-31031 |
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by: setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun_simple` API. A patch is available in commit 450baca which should be included in the next release. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31031 |
| CVE-2022-31214 |
A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31214 |
| CVE-2016-15002 |
A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2016-15002 |
| CVE-2019-25064 |
A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2019-25064 |
| CVE-2019-25065 |
A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2019-25065 |
| CVE-2019-25066 |
A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2019-25066 |
| CVE-2019-25067 |
A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2019-25067 |
| CVE-2019-25068 |
A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2019-25068 |
| CVE-2019-25069 |
A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure (ASP.NET). The attack may be initiated remotely. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2019-25069 |
| CVE-2021-27786 |
Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. This request has an Origin header that identifies the domain that is making the initial request and defines the protocol between a browser and server to see if the request is allowed. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information when the Access-Control-Allow-Credentials is enabled. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-27786 |
| CVE-2022-1986 |
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1986 |
| CVE-2022-1992 |
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1992 |
| CVE-2022-1993 |
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1993 |
| CVE-2022-25151 |
Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag. A remote attacker could exploit this vulnerability to gain access to the management interface by using this vulnerability in combination with a successful Cross-Site Scripting attack on a user. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25151 |
| CVE-2022-25152 |
The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures. It is possible to require a mandatory approval process. Due to a vulnerability in the approval process, present in any version prior to 6.35.37347.20040, a malicious actor (with a valid session token) can create a procedure, bypass approval, and execute the procedure. This results in the ability for any user with a valid session token to perform arbitrary code execution and full system take-over on all agents. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25152 |
| CVE-2022-25153 |
The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings. Due to this setting, a malicious actor with low privileges access to a system can escalate his privileges to SYSTEM abusing an insecure openssl.conf lookup. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25153 |
| CVE-2022-26362 |
x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-26362 |
| CVE-2022-26363 |
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-26363 |
| CVE-2022-26364 |
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-26364 |
| CVE-2022-26377 |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-26377 |
| CVE-2022-28330 |
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28330 |
| CVE-2022-28614 |
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28614 |
| CVE-2022-28615 |
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28615 |
| CVE-2022-29404 |
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29404 |
| CVE-2022-2014 |
Code Injection in GitHub repository jgraph/drawio prior to 19.0.2. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2014 |
| CVE-2022-2015 |
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2015 |
| CVE-2022-2026 |
Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2026 |
| CVE-2022-2027 |
Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2027 |
| CVE-2022-2028 |
Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2028 |
| CVE-2022-2029 |
Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2029 |
| CVE-2022-2036 |
Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2036 |
| CVE-2022-2037 |
Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2037 |
| CVE-2022-30522 |
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30522 |
| CVE-2022-30556 |
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30556 |
| CVE-2022-31038 |
Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31038 |
| CVE-2022-31813 |
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31813 |
| CVE-2022-24876 |
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Kanban is a GLPI view to display Projects, Tickets, Changes or Problems on a task board. In versions prior to 10.0.1 a user can exploit a cross site scripting vulnerability in Kanban by injecting HTML code in its user name. Users are advised to upgrade. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-24876 |
| CVE-2022-29224 |
Envoy is a cloud-native high-performance proxy. Versions of envoy prior to 1.22.1 are subject to a segmentation fault in the GrpcHealthCheckerImpl. Envoy can perform various types of upstream health checking. One of them uses gRPC. Envoy also has a feature which can “hold� (prevent removal) upstream hosts obtained via service discovery until configured active health checking fails. If an attacker controls an upstream host and also controls service discovery of that host (via DNS, the EDS API, etc.), an attacker can crash Envoy by forcing removal of the host from service discovery, and then failing the gRPC health check request. This will crash Envoy via a null pointer dereference. Users are advised to upgrade to resolve this vulnerability. Users unable to upgrade may disable gRPC health checking and/or replace it with a different health checking type as a mitigation. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29224 |
| CVE-2022-30898 |
A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30898 |
| CVE-2022-29225 |
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer before overwriting the body in the decode/encodeBody. This may allow an attacker to zip bomb the decompressor by sending a small highly compressed payload. Maliciously constructed zip files may exhaust system memory and cause a denial of service. Users are advised to upgrade. Users unable to upgrade may consider disabling decompression. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29225 |
| CVE-2022-29226 |
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter implementation does not include a mechanism for validating access tokens, so by design when the HMAC signed cookie is missing a full authentication flow should be triggered. However, the current implementation assumes that access tokens are always validated thus allowing access in the presence of any access token attached to the request. Users are advised to upgrade. There is no known workaround for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29226 |
| CVE-2022-29227 |
Envoy is a cloud-native high-performance edge/middle/service proxy. In versions prior to 1.22.1 if Envoy attempts to send an internal redirect of an HTTP request consisting of more than HTTP headers, there’s a lifetime bug which can be triggered. If while replaying the request Envoy sends a local reply when the redirect headers are processed, the downstream state indicates that the downstream stream is not complete. On sending the local reply, Envoy will attempt to reset the upstream stream, but as it is actually complete, and deleted, this result in a use-after-free. Users are advised to upgrade. Users unable to upgrade are advised to disable internal redirects if crashes are observed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29227 |
| CVE-2022-29228 |
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT() in newer versions and corrupts memory on earlier versions. continueDecoding() shouldn’t ever be called from filters after a local reply has been sent. Users are advised to upgrade. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29228 |
| CVE-2022-29250 |
GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to version 10.0.1 it is possible to add extra information by SQL injection on search pages. In order to exploit this vulnerability a user must be logged in. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29250 |
| CVE-2022-31033 |
The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31033 |
| CVE-2022-31051 |
semantic-release is an open source npm package for automated version management and package publishing. In affected versions secrets that would normally be masked by semantic-release can be accidentally disclosed if they contain characters that are excluded from uri encoding by `encodeURI`. Occurrence is further limited to execution contexts where push access to the related repository is not available without modifying the repository url to inject credentials. Users are advised to upgrade. Users unable to upgrade should ensure that secrets that do not contain characters that are excluded from encoding with `encodeURI` when included in a URL are already masked properly. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31051 |
| CVE-2022-30702 |
Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30702 |
| CVE-2022-30703 |
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information. This vulnerability could also potentially be chained for privilege escalation. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30703 |
| CVE-2022-31045 |
Istio is an open platform to connect, manage, and secure microservices. In affected versions ill-formed headers sent to Envoy in certain configurations can lead to unexpected memory access resulting in undefined behavior or crashing. Users are most likely at risk if they have an Istio ingress Gateway exposed to external traffic. This vulnerability has been resolved in versions 1.12.8, 1.13.5, and 1.14.1. Users are advised to upgrade. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31045 |
| CVE-2017-20018 |
A vulnerability was found in XAMPP 7.1.1-0-VC14. It has been classified as problematic. Affected is an unknown function of the component Installer. The manipulation leads to privilege escalation. It is possible to launch the attack remotely. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20018 |
| CVE-2017-20019 |
A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20019 |
| CVE-2017-20020 |
A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20020 |
| CVE-2017-20021 |
A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85. This affects an unknown part of the component File Upload. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20021 |
| CVE-2017-20022 |
A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20022 |
| CVE-2017-20023 |
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20023 |
| CVE-2017-20024 |
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been classified as problematic. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20024 |
| CVE-2017-20025 |
A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Flash Memory. The manipulation leads to privilege escalation. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20025 |
| CVE-2017-20026 |
A vulnerability has been found in HumHub up to 1.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting (Reflected). The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20026 |
| CVE-2017-20027 |
A vulnerability was found in HumHub up to 1.0.1 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20027 |
| CVE-2017-20028 |
A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This affects an unknown part. The manipulation leads to privilege escalation. It is possible to initiate the attack remotely. Upgrading to version 1.0.0 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20028 |
| CVE-2022-31042 |
Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31042 |
| CVE-2022-31043 |
Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only changes to the host. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach which would be to use their own redirect middleware. Alternately users may simply disable redirects all together if redirects are not expected or required. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31043 |
| CVE-2017-20029 |
A vulnerability was found in PHPList 3.2.6 and classified as critical. This issue affects some unknown processing of the file /lists/index.php of the component Edit Subscription. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20029 |
| CVE-2017-20030 |
A vulnerability was found in PHPList 3.2.6. It has been classified as critical. Affected is an unknown function of the file /lists/admin/ of the component Sending Campain. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20030 |
| CVE-2017-20031 |
A vulnerability was found in PHPList 3.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument sortby with the input password leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20031 |
| CVE-2017-20032 |
A vulnerability was found in PHPList 3.2.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Subscription. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20032 |
| CVE-2017-20033 |
A vulnerability classified as problematic has been found in PHPList 3.2.6. This affects an unknown part of the file /lists/admin/. The manipulation of the argument page with the input send\\'\\";>--redacted-- leads to cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20033 |
| CVE-2017-20034 |
A vulnerability classified as problematic was found in PHPList 3.2.6. This vulnerability affects unknown code of the file /lists/admin/ of the component List Name. The manipulation leads to cross site scripting (Persistent). The attack can be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20034 |
| CVE-2017-20035 |
A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6. This issue affects some unknown processing of the file /lists/admin/ of the component Subscribe. The manipulation leads to cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20035 |
| CVE-2017-20036 |
A vulnerability, which was classified as problematic, was found in PHPList 3.2.6. Affected is an unknown function of the file /lists/admin/ of the component Bounce Rule. The manipulation leads to cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 3.3.1 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20036 |
| CVE-2021-42811 |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-42811 |
| CVE-2022-32563 |
An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2. Admin credentials are not verified when using X.509 client-certificate authentication from Sync Gateway to Couchbase Server. When Sync Gateway is configured to authenticate with Couchbase Server using X.509 client certificates, the admin credentials provided to the Admin REST API are ignored, resulting in privilege escalation for unauthenticated users. The Public REST API is not impacted by this issue. A workaround is to replace X.509 certificate based authentication with Username and Password authentication inside the bootstrap configuration. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32563 |
| CVE-2021-44117 |
A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-44117 |
| CVE-2021-44582 |
A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-44582 |
| CVE-2022-27502 |
RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27502 |
| CVE-2022-31788 |
IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31788 |
| CVE-2022-32978 |
There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32978 |
| CVE-2022-22426 |
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management. An attacker could exploit this vulnerability to bypass authentication and gain unauthorized access to the Spectrum Copy Data Management catalog which contains metadata. IBM X-Force ID: 223718. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22426 |
| CVE-2022-22479 |
IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 225887. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22479 |
| CVE-2022-30610 |
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 227363. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30610 |
| CVE-2022-30611 |
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using some fields of the form in the portal UI to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the page is viewed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 227364. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30611 |
| CVE-2022-31769 |
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31769 |
| CVE-2022-29948 |
Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode is known, it is possible to successfully unlock the target device and read the stored data in cleartext. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29948 |
| CVE-2022-31402 |
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31402 |
| CVE-2018-17240 |
There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2018-17240 |
| CVE-2022-31282 |
Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31282 |
| CVE-2022-31285 |
An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31285 |
| CVE-2022-31287 |
An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31287 |
| CVE-2022-2042 |
Use After Free in GitHub repository vim/vim prior to 8.2. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2042 |
| CVE-2022-24278 |
The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-24278 |
| CVE-2022-24429 |
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-24429 |
| CVE-2022-25845 |
The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions. Exploiting this vulnerability allows attacking remote servers. Workaround: If upgrading is not possible, you can enable [safeMode](https://github.com/alibaba/fastjson/wiki/fastjson_safemode). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25845 |
| CVE-2022-25851 |
The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25851 |
| CVE-2022-25863 |
The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25863 |
| CVE-2022-29092 |
Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability. A non-admin user can exploit the vulnerability and gain admin access to the system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29092 |
| CVE-2022-29093 |
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability. Authenticated non-admin user could exploit the issue and delete arbitrary files on the system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29093 |
| CVE-2022-29094 |
Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability. Authenticated non-admin user could exploit the issue and delete or overwrite arbitrary files on the system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29094 |
| CVE-2022-29095 |
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticated malicious user could potentially exploit this vulnerability under specific conditions leading to execution of malicious code on a vulnerable system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29095 |
| CVE-2022-32981 |
An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32981 |
| CVE-2021-41754 |
dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41754 |
| CVE-2021-41755 |
dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41755 |
| CVE-2021-41756 |
dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41756 |
| CVE-2017-20037 |
A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20037 |
| CVE-2017-20038 |
A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20038 |
| CVE-2017-20039 |
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20039 |
| CVE-2017-20040 |
A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20040 |
| CVE-2021-41502 |
An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41502 |
| CVE-2021-41738 |
ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41738 |
| CVE-2021-44266 |
GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-44266 |
| CVE-2022-30780 |
Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30780 |
| CVE-2018-25034 |
A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05. This issue affects some unknown processing of the file /goform/wlanPrimaryNetwork. The manipulation of the argument ServiceSetIdentifier with the input >--redacted-- as part of POST Request leads to cross site scripting (Persistent). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used |
– |
https://nvd.nist.gov/vuln/detail/CVE-2018-25034 |
| CVE-2018-25035 |
A vulnerability, which was classified as problematic, was found in Thomson TCW710 ST5D.10.05. Affected is an unknown function of the file /goform/RGFirewallEL. The manipulation of the argument EmailAddress/SmtpServerName with the input >--redacted-- as part of POST Request leads to cross site scripting (Persistent). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used |
– |
https://nvd.nist.gov/vuln/detail/CVE-2018-25035 |
| CVE-2018-25036 |
A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/RgTime. The manipulation of the argument TimeServer1/TimeServer2/TimeServer3 with the input >--redacted-- as part of POST Request leads to cross site scripting (Persistent). The attack can be launched remotely. The exploit has been disclosed to the public and may be used |
– |
https://nvd.nist.gov/vuln/detail/CVE-2018-25036 |
| CVE-2018-25037 |
A vulnerability was found in Thomson TCW710 ST5D.10.05 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/RgDdns. The manipulation of the argument DdnsHostName with the input >--redacted-- as part of POST Request leads to cross site scripting (Persistent). The attack may be launched remotely. The exploit has been disclosed to the public and may be used |
– |
https://nvd.nist.gov/vuln/detail/CVE-2018-25037 |
| CVE-2018-25038 |
A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName with the input >--redacted-- as part of POST Request leads to cross site scripting (Persistent). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used |
– |
https://nvd.nist.gov/vuln/detail/CVE-2018-25038 |
| CVE-2018-25039 |
A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/RgUrlBlock.asp. The manipulation of the argument BasicParentalNewKeyword with the input >--redacted-- as part of POST Request leads to cross site scripting (Persistent). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used |
– |
https://nvd.nist.gov/vuln/detail/CVE-2018-25039 |
| CVE-2021-41749 |
In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41749 |
| CVE-2021-41750 |
A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41750 |
| CVE-2021-41641 |
Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41641 |
| CVE-2022-2054 |
Command Injection in GitHub repository nuitka/nuitka prior to 0.9. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2054 |
| CVE-2022-2013 |
In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2013 |
| CVE-2022-26041 |
Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-26041 |
| CVE-2022-26834 |
Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-26834 |
| CVE-2022-27174 |
Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27174 |
| CVE-2022-27231 |
Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27231 |
| CVE-2022-28704 |
Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28704 |
| CVE-2022-29525 |
Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29525 |
| CVE-2022-29894 |
Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29894 |
| CVE-2017-20041 |
A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20041 |
| CVE-2017-20042 |
A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection (Blind). The attack can be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20042 |
| CVE-2017-20043 |
A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20043 |
| CVE-2017-20044 |
A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to basic cross site scripting (Reflected). It is possible to initiate the attack remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20044 |
| CVE-2017-20045 |
A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2017-20045 |
| CVE-2021-37404 |
There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-37404 |
| CVE-2022-32739 |
When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32739 |
| CVE-2022-32740 |
A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32740 |
| CVE-2022-32741 |
Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32741 |
| CVE-2022-2060 |
Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2060 |
| CVE-2022-2061 |
Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2061 |
| CVE-2022-2062 |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nocodb/nocodb prior to 0.91.7+. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2062 |
| CVE-2022-2063 |
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2063 |
| CVE-2022-2064 |
Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2064 |
| CVE-2022-31040 |
Open Forms is an application for creating and publishing smart forms. Prior to versions 1.0.9 and 1.1.1, the cookie consent page in Open Forms contains an open redirect by injecting a `referer` querystring parameter and failing to validate the value. A malicious actor is able to redirect users to a website under their control, opening them up for phishing attacks. The redirect is initiated by the open forms backend which is a legimate page, making it less obvious to end users they are being redirected to a malicious website. Versions 1.0.9 and 1.1.1 contain patches for this issue. There are no known workarounds avaialble. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31040 |
| CVE-2021-25116 |
The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset. As a result, low privilege users such as subscriber could delete arbitrary assets, as well as put arbitrary posts in the trash. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-25116 |
| CVE-2021-40902 |
flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40902 |
| CVE-2022-0626 |
The Advanced Admin Search WordPress plugin through 1.1.2 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-0626 |
| CVE-2022-0745 |
The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-0745 |
| CVE-2022-0786 |
The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-0786 |
| CVE-2022-0827 |
The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-0827 |
| CVE-2022-0863 |
The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-0863 |
| CVE-2022-0885 |
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-0885 |
| CVE-2022-1202 |
The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1202 |
| CVE-2022-1208 |
The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page. This affects versions up to, and including, 2.3.2. Please note this issue was partially fixed in version 2.3.2 then subsequently fully patched in version 2.3.3. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1208 |
| CVE-2022-1335 |
The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1335 |
| CVE-2022-1336 |
The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1336 |
| CVE-2022-1412 |
The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1412 |
| CVE-2022-1532 |
Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1532 |
| CVE-2022-1549 |
The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1549 |
| CVE-2022-1594 |
The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1594 |
| CVE-2022-1595 |
The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1595 |
| CVE-2022-1604 |
The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1604 |
| CVE-2022-1605 |
The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1605 |
| CVE-2022-1608 |
The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1608 |
| CVE-2022-1612 |
The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1612 |
| CVE-2022-1624 |
The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1624 |
| CVE-2022-1656 |
Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6). This includes the ability to deactivate arbitrary plugins as well as update the theme’s API key. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1656 |
| CVE-2022-1694 |
The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1694 |
| CVE-2022-1707 |
The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15. The affected file is ~/public/frontend.php and this could be exploited by unauthenticated attackers. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1707 |
| CVE-2022-1710 |
The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1710 |
| CVE-2022-1724 |
The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1724 |
| CVE-2022-1756 |
The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1756 |
| CVE-2022-1758 |
The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1758 |
| CVE-2022-1759 |
The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1759 |
| CVE-2022-1761 |
The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1761 |
| CVE-2022-1762 |
The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1762 |
| CVE-2022-1763 |
Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1763 |
| CVE-2022-1764 |
The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1764 |
| CVE-2022-1765 |
The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing rules). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1765 |
| CVE-2022-1772 |
The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing the booby-trapped payload and taking over their account. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1772 |
| CVE-2022-1773 |
The WP Athletics WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1773 |
| CVE-2022-1777 |
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as delete all files or arbitrary ones. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1777 |
| CVE-2022-1779 |
The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1779 |
| CVE-2022-1780 |
The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1780 |
| CVE-2022-1781 |
The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1781 |
| CVE-2022-1787 |
The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1787 |
| CVE-2022-1788 |
Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks. This can be used to change the file and folder permissions of any folder. This could be problematic when specific files like ini files are made readable for everyone due to this. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1788 |
| CVE-2022-1790 |
The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1790 |
| CVE-2022-1791 |
The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1791 |
| CVE-2022-1792 |
The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1792 |
| CVE-2022-1793 |
The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1793 |
| CVE-2022-1800 |
The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1800 |
| CVE-2022-1814 |
The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1814 |
| CVE-2022-1822 |
The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1822 |
| CVE-2022-1900 |
The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1900 |
| CVE-2022-1918 |
The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1918 |
| CVE-2022-1985 |
The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1985 |
| CVE-2022-2065 |
Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2065 |
| CVE-2022-2066 |
Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2066 |
| CVE-2022-2067 |
SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2067 |
| CVE-2022-31041 |
Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. only PDF / Excel / ...). The input validation of uploaded files is insufficient in versions prior to 1.0.9 and 1.1.1. Users could alter or strip file extensions to bypass this validation. This results in files being uploaded to the server that are of a different file type than indicated by the file name extension. These files may be downloaded (manually or automatically) by staff and/or other applications for further processing. Malicious files can therefore find their way into internal/trusted networks. Versions 1.0.9 and 1.1.1 contain patches for this issue. As a workaround, an API gateway or intrusion detection solution in front of open-forms may be able to scan for and block malicious content before it reaches the Open Forms application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31041 |
| CVE-2022-31398 |
A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31398 |
| CVE-2022-31400 |
A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31400 |
| CVE-2022-0209 |
The Mitsol Social Post Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.10 due to insufficient input sanitization and output escaping on the application id parameters. This makes it possible for authenticated (admin+) attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html is disabled. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-0209 |
| CVE-2022-1654 |
Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1654 |
| CVE-2022-1657 |
Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion. In the JupiterX theme, the jupiterx_cp_load_pane_action AJAX action present in the lib/admin/control-panel/control-panel.php file calls the load_control_panel_pane function. It is possible to use this action to include any local PHP file via the slug parameter. The Jupiter theme has a nearly identical vulnerability which can be exploited via the mka_cp_load_pane_action AJAX action present in the framework/admin/control-panel/logic/functions.php file, which calls the mka_cp_load_pane_action function. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1657 |
| CVE-2022-1658 |
Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, any logged-in user can delete any installed plugin on the site. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1658 |
| CVE-2022-1659 |
Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1659 |
| CVE-2022-1749 |
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1749 |
| CVE-2022-1750 |
The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with admin level capabilities and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue mostly affects sites where unfiltered_html has been disabled for administrators and on multi-site installations where unfiltered_html is disabled for administrators. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1750 |
| CVE-2022-1768 |
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1768 |
| CVE-2022-1820 |
The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1820 |
| CVE-2022-1961 |
The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1961 |
| CVE-2022-1969 |
The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the admin_update_data() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-1969 |
| CVE-2022-24077 |
Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-24077 |
| CVE-2022-29244 |
npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29244 |
| CVE-2022-30310 |
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax. This can result in unauthorized execution of system commands with root privileges due to improper access control command injection. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30310 |
| CVE-2021-46814 |
The video framework has an out-of-bounds memory read/write vulnerability. Successful exploitation of this vulnerability may affect system availability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-46814 |
| CVE-2022-31751 |
The kernel emcom module has multi-thread contention. Successful exploitation of this vulnerability may affect system availability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31751 |
| CVE-2022-31755 |
The communication module has a vulnerability of improper permission preservation. Successful exploitation of this vulnerability may affect system availability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31755 |
| CVE-2022-31756 |
The fingerprint sensor module has design defects. Successful exploitation of this vulnerability may affect data confidentiality. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31756 |
| CVE-2022-31758 |
The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31758 |
| CVE-2022-31759 |
AppLink has a vulnerability of accessing uninitialized pointers. Successful exploitation of this vulnerability may affect system availability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31759 |
| CVE-2022-31762 |
The AMS module has a vulnerability in input validation. Successful exploitation of this vulnerability may cause privilege escalation. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31762 |
| CVE-2022-31763 |
The kernel module has the null pointer and out-of-bounds array vulnerabilities. Successful exploitation of this vulnerability may affect system availability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31763 |
| CVE-2021-46811 |
HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-46811 |
| CVE-2021-46812 |
The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-46812 |
| CVE-2021-46813 |
Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-46813 |
| CVE-2021-46815 |
Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-46815 |
| CVE-2022-31055 |
kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31055 |
| CVE-2022-31752 |
Missing authorization vulnerability in the system components. Successful exploitation of this vulnerability will affect confidentiality. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31752 |
| CVE-2022-31753 |
The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31753 |
| CVE-2022-31754 |
Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31754 |
| CVE-2022-31757 |
The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31757 |
| CVE-2022-31760 |
Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services. Successful exploitation of this vulnerability may affect data integrity and confidentiality. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31760 |
| CVE-2022-31761 |
Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31761 |
| CVE-2022-23167 |
Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../.. /windows/boot.ini the LFI is UNAUTHENTICATED. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-23167 |
| CVE-2022-23168 |
The attacker could get access to the database. The SQL injection is in the username parameter at the login panel: username: admin'-- |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-23168 |
| CVE-2022-23169 |
attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-23169 |
| CVE-2022-28217 |
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system’s Availability by causing system to crash. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-28217 |
| CVE-2022-29455 |
DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29455 |
| CVE-2021-40036 |
The bone voice ID TA has a memory overwrite vulnerability. Successful exploitation of this vulnerability may result in malicious code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40036 |
| CVE-2021-40604 |
A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically. In some cases an exploitation is possible by an unauthenticated user. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40604 |
| CVE-2021-41663 |
A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41663 |
| CVE-2022-33174 |
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33174 |
| CVE-2022-33175 |
Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API. This leads to disclosing active session ids of currently logged-in administrators. The session id can then be reused to act as the administrator, allowing reading of the cleartext password, or reconfiguring the device. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-33175 |
| CVE-2022-22259 |
There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). Successful exploitation of this vulnerability may lead to a control of the victim device. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22259 |
| CVE-2022-29797 |
There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46. Successful exploitation of this vulnerability may lead to privilege escalation. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29797 |
| CVE-2022-29798 |
There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Successful exploitation could cause denial of service. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29798 |
| CVE-2022-31053 |
Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid ?-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification. There are no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31053 |
| CVE-2022-31054 |
Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. A patch for this vulnerability has been released in Argo Events version 1.7.1. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31054 |
| CVE-2022-29247 |
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows a renderer with JS execution to obtain access to a new renderer process with `nodeIntegrationInSubFrames` enabled which in turn allows effective access to `ipcRenderer`. The `nodeIntegrationInSubFrames` option does not implicitly grant Node.js access. Rather, it depends on the existing sandbox setting. If an application is sandboxed, then `nodeIntegrationInSubFrames` just gives access to the sandboxed renderer APIs, which include `ipcRenderer`. If the application then additionally exposes IPC messages without IPC `senderFrame` validation that perform privileged actions or return confidential data this access to `ipcRenderer` can in turn compromise your application / user even with the sandbox enabled. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. As a workaround, ensure that all IPC message handlers appropriately validate `senderFrame`. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29247 |
| CVE-2022-32193 |
Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32193 |
| CVE-2022-32558 |
An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32558 |
| CVE-2022-32560 |
An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32560 |
| CVE-2022-32564 |
An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32564 |
| CVE-2022-29257 |
Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29257 |
| CVE-2022-32278 |
XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32278 |
| CVE-2021-41661 |
Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory. This can lead to RCE on the web server by uploading a PHP webshell. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41661 |
| CVE-2021-41662 |
The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function. This vulnerability leads to remote code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-41662 |
| CVE-2022-32192 |
Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32192 |
| CVE-2022-32562 |
An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32562 |
| CVE-2022-32565 |
An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32565 |
| CVE-2022-31415 |
Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31415 |
| CVE-2022-31446 |
Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31446 |
| CVE-2022-31447 |
An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31447 |
| CVE-2022-25167 |
Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25167 |
| CVE-2022-2077 |
A vulnerability was found in Microsoft O365 and classified as critical. This issue affects the Conditional Access Policy which leads to improper access controls. By default the policy is not verified for every request. The attack may be initiated remotely. Exploit details have been disclosed to the public. It is recommended to change the configuration settings. NOTE: Vendor claims that pre-requisites are very high, the feature works as intended, and that configuration settings might mitigate the issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2077 |
| CVE-2022-26302 |
Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-26302 |
| CVE-2022-27176 |
Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27176 |
| CVE-2022-29482 |
'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29482 |
| CVE-2022-29485 |
Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29485 |
| CVE-2022-29506 |
Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29506 |
| CVE-2022-29509 |
Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29509 |
| CVE-2022-29522 |
Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29522 |
| CVE-2022-29524 |
Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29524 |
| CVE-2022-29925 |
Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29925 |
| CVE-2022-2079 |
Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-2079 |
| CVE-2021-30281 |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30281 |
| CVE-2021-30327 |
Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon Voice & Music |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30327 |
| CVE-2021-30334 |
Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30334 |
| CVE-2021-30338 |
Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30338 |
| CVE-2021-30339 |
Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30339 |
| CVE-2021-30340 |
Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30340 |
| CVE-2021-30341 |
Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30341 |
| CVE-2021-30342 |
Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30342 |
| CVE-2021-30343 |
Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30343 |
| CVE-2021-30344 |
Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30344 |
| CVE-2021-30345 |
RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30345 |
| CVE-2021-30346 |
RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30346 |
| CVE-2021-30347 |
Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30347 |
| CVE-2021-30349 |
Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30349 |
| CVE-2021-30350 |
Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-30350 |
| CVE-2021-35070 |
RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35070 |
| CVE-2021-35071 |
Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35071 |
| CVE-2021-35072 |
Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35072 |
| CVE-2021-35073 |
Possible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35073 |
| CVE-2021-35076 |
Possible null pointer dereference due to improper validation of RRC connection reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35076 |
| CVE-2021-35078 |
Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35078 |
| CVE-2021-35079 |
Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35079 |
| CVE-2021-35080 |
Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35080 |
| CVE-2021-35081 |
Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35081 |
| CVE-2021-35082 |
Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command packet has been received in Snapdragon Industrial IOT |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35082 |
| CVE-2021-35083 |
Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35083 |
| CVE-2021-35084 |
Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35084 |
| CVE-2021-35085 |
Possible buffer overflow due to lack of buffer length check during management frame Rx handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35085 |
| CVE-2021-35086 |
Possible buffer over read due to improper validation of SIB type when processing a NR system Information message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35086 |
| CVE-2021-35087 |
Possible null pointer access due to improper validation of system information message to be processed in Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35087 |
| CVE-2021-35090 |
Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35090 |
| CVE-2021-35091 |
Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35091 |
| CVE-2021-35092 |
Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35092 |
| CVE-2021-35094 |
Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35094 |
| CVE-2021-35095 |
Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35095 |
| CVE-2021-35096 |
Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35096 |
| CVE-2021-35098 |
Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35098 |
| CVE-2021-35100 |
Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35100 |
| CVE-2021-35101 |
Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35101 |
| CVE-2021-35102 |
Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35102 |
| CVE-2021-35104 |
Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35104 |
| CVE-2021-35111 |
Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35111 |
| CVE-2021-35112 |
A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35112 |
| CVE-2021-35114 |
Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35114 |
| CVE-2021-35116 |
APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35116 |
| CVE-2021-35118 |
An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35118 |
| CVE-2021-35119 |
Potential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35119 |
| CVE-2021-35120 |
Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35120 |
| CVE-2021-35121 |
An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35121 |
| CVE-2021-35123 |
Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon Industrial IOT |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35123 |
| CVE-2021-35126 |
Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35126 |
| CVE-2021-35129 |
Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35129 |
| CVE-2021-35130 |
Memory corruption in graphics support layer due to use after free condition in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-35130 |
| CVE-2021-37182 |
A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-37182 |
| CVE-2021-40616 |
thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40616 |
| CVE-2021-40649 |
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40649 |
| CVE-2021-40650 |
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40650 |
| CVE-2022-22057 |
Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22057 |
| CVE-2022-22064 |
Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22064 |
| CVE-2022-22065 |
Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22065 |
| CVE-2022-22068 |
kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22068 |
| CVE-2022-22071 |
Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22071 |
| CVE-2022-22072 |
Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22072 |
| CVE-2022-22082 |
Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22082 |
| CVE-2022-22083 |
Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22083 |
| CVE-2022-22084 |
Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22084 |
| CVE-2022-22085 |
Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22085 |
| CVE-2022-22086 |
Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22086 |
| CVE-2022-22087 |
memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22087 |
| CVE-2022-22090 |
Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22090 |
| CVE-2022-22103 |
Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-22103 |
| CVE-2022-25651 |
Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-25651 |
| CVE-2022-26476 |
A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-26476 |
| CVE-2022-27219 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27219 |
| CVE-2022-27220 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27220 |
| CVE-2022-27221 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27221 |
| CVE-2022-29034 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29034 |
| CVE-2022-30228 |
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could be executed. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30228 |
| CVE-2022-30229 |
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of an user, such as credentials, in case that user's id is known. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30229 |
| CVE-2022-30230 |
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to create a new user with administrative permissions. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30230 |
| CVE-2022-30231 |
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30231 |
| CVE-2022-30937 |
A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30937 |
| CVE-2022-31465 |
A vulnerability has been identified in Xpedition Designer (All versions < VX.2.11). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31465 |
| CVE-2022-31619 |
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31619 |
| CVE-2022-32145 |
A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32145 |
| CVE-2022-32251 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32251 |
| CVE-2022-32252 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32252 |
| CVE-2022-32253 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32253 |
| CVE-2022-32254 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32254 |
| CVE-2022-32255 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32255 |
| CVE-2022-32256 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32256 |
| CVE-2022-32258 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32258 |
| CVE-2022-32259 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32259 |
| CVE-2022-32260 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32260 |
| CVE-2022-32261 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32261 |
| CVE-2022-32262 |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a file upload server that is vulnerable to command injection. An attacker could use this to achieve arbitrary code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32262 |
| CVE-2022-32285 |
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32285 |
| CVE-2022-32286 |
A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32286 |
| CVE-2021-40633 |
A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40633 |
| CVE-2021-40658 |
Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40658 |
| CVE-2021-40678 |
In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40678 |
| CVE-2022-31273 |
An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31273 |
| CVE-2021-40660 |
An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-40660 |
| CVE-2022-27889 |
The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27889 |
| CVE-2022-31308 |
A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31308 |
| CVE-2022-31309 |
A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31309 |
| CVE-2022-31311 |
An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31311 |
| CVE-2022-31845 |
A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31845 |
| CVE-2022-31846 |
A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31846 |
| CVE-2022-31847 |
A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31847 |
| CVE-2022-32336 |
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32336 |
| CVE-2022-30931 |
Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30931 |
| CVE-2022-32328 |
Fast Food Ordering System v1.0 is vulnerable to Delete any file. via /ffos/classes/Master.php?f=delete_img. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32328 |
| CVE-2022-32330 |
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_menu. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32330 |
| CVE-2022-32331 |
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/view_category.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32331 |
| CVE-2022-32332 |
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_category. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32332 |
| CVE-2022-32333 |
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/sales/receipt.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32333 |
| CVE-2022-32334 |
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32334 |
| CVE-2022-32335 |
Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/manage_menu.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32335 |
| CVE-2022-32338 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/manage_doctor.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32338 |
| CVE-2022-32339 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/view_doctor.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32339 |
| CVE-2022-32340 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=patients/view_patient&id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32340 |
| CVE-2022-32341 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=user/manage_user&id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32341 |
| CVE-2022-32342 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/room_types/view_room_type.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32342 |
| CVE-2022-32343 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via hprms/admin/room_types/manage_room_type.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32343 |
| CVE-2022-32344 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32344 |
| CVE-2022-32345 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/manage_room.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32345 |
| CVE-2022-32346 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/view_room.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32346 |
| CVE-2022-32347 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32347 |
| CVE-2022-32348 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_doctor. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32348 |
| CVE-2022-32349 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_history. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32349 |
| CVE-2022-32350 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room_type. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32350 |
| CVE-2022-32351 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32351 |
| CVE-2022-32352 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_admission. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32352 |
| CVE-2021-42675 |
Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory. One can upload a malicious PHP file and obtain remote code execution. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2021-42675 |
| CVE-2022-27668 |
Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-27668 |
| CVE-2022-29612 |
SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29612 |
| CVE-2022-30930 |
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30930 |
| CVE-2022-31289 |
https://ossindex.sonatype.org/ Sonatype Nexus Repository Manager OSS 3.37.3-02 is affected by: Incorrect Access Control. The impact is: Authentication Bypass (remote). The component is: Admin Panel. The attack vector is: With the help of response manipulation Attacker can bypass the login panel and view the dashboard menus, No user interaction is required. ¶¶ 1. Go to https://nexus.e-goi.com 2. Click on the Sign In button. 3. Enter the password as admin:admin. 4. Intercept the request in Burp Suite. 5. Capture the Response of the Request. 6. Change the Status Code from 403 Forbidden to 200 OK. 7. You will see the dashboard which provides the admin access. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31289 |
| CVE-2022-31403 |
ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31403 |
| CVE-2022-32337 |
Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32337 |
| CVE-2022-32557 |
An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32557 |
| CVE-2022-32559 |
An issue was discovered in Couchbase Server before 7.0.4. Random HTTP requests lead to leaked metrics. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32559 |
| CVE-2022-32561 |
An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32561 |
| CVE-2022-29238 |
Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server's root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29238 |
| CVE-2022-30903 |
Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-30903 |
| CVE-2022-32364 |
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32364 |
| CVE-2022-32365 |
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32365 |
| CVE-2022-32366 |
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32366 |
| CVE-2022-32367 |
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32367 |
| CVE-2022-29614 |
SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29614 |
| CVE-2022-29615 |
SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29615 |
| CVE-2022-29618 |
Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29618 |
| CVE-2022-31589 |
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31589 |
| CVE-2022-31590 |
SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31590 |
| CVE-2022-31594 |
A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31594 |
| CVE-2022-31595 |
SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31595 |
| CVE-2022-32235 |
When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32235 |
| CVE-2022-31059 |
Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in version 1.0.1 of the Discourse Calendar plugin. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31059 |
| CVE-2022-32236 |
When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32236 |
| CVE-2022-32237 |
When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32237 |
| CVE-2022-32238 |
When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32238 |
| CVE-2022-32239 |
When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32239 |
| CVE-2022-29241 |
Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cross-site scripting payload or from a hooked or otherwise compromised browser to leak this access token to a malicious third party. This token can be used along with the REST API to interact with Jupyter services/notebooks such as modifying or overwriting critical files, such as .bashrc or .ssh/authorized_keys, allowing a malicious user to read potentially sensitive data and possibly gain control of the impacted system. This issue is patched in version 1.17.1. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-29241 |
| CVE-2022-31046 |
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31046 |
| CVE-2022-31047 |
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31047 |
| CVE-2022-31048 |
TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31048 |
| CVE-2022-31049 |
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31049 |
| CVE-2022-31050 |
TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31050 |
| CVE-2022-31060 |
Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31060 |
| CVE-2022-32353 |
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32353 |
| CVE-2022-32354 |
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32354 |
| CVE-2022-32355 |
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32355 |
| CVE-2022-32358 |
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32358 |
| CVE-2022-32359 |
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32359 |
| CVE-2022-32362 |
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32362 |
| CVE-2022-32363 |
Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32363 |
| CVE-2022-31066 |
EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message bus credentials when running in security-enabled mode. (No credentials are required when running in security-disabled mode.) As a result, attackers could intercept data or inject fake data into the EdgeX message bus. Users should upgrade to EdgeXFoundry Kamakura release (2.2.0) or to the June 2022 EdgeXFoundry LTS Jakarta release (2.1.1) to receive a patch. More information about which go modules, docker containers, and snaps contain patches is available in the GitHub Security Advisory. There are currently no known workarounds for this issue. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-31066 |
| CVE-2022-32230 |
Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32230 |
| CVE-2022-32240 |
When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32240 |
| CVE-2022-32241 |
When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32241 |
| CVE-2022-32242 |
When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32242 |
| CVE-2022-32243 |
When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. |
– |
https://nvd.nist.gov/vuln/detail/CVE-2022-32243 |