Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34820 | 1 Siemens | 30 Simatic Cp 1242-7 V2, Simatic Cp 1242-7 V2 Firmware, Simatic Cp 1243-1 and 27 more | 2022-07-15 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions). The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges. | |||||
| CVE-2022-34819 | 1 Siemens | 30 Simatic Cp 1242-7 V2, Simatic Cp 1242-7 V2 Firmware, Simatic Cp 1243-1 and 27 more | 2022-07-15 | 9.3 HIGH | 10.0 CRITICAL |
| A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions). The application lacks proper validation of user-supplied data when parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device. | |||||
| CVE-2021-44222 | 1 Siemens | 1 Simatic Easie Core Package | 2022-07-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system. | |||||
| CVE-2022-32294 | 1 Zimbra | 1 Collaboration | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). | |||||
| CVE-2022-1057 | 1 Varktech | 1 Pricing Deals For Woocommerce | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection | |||||
| CVE-2020-36239 | 1 Atlassian | 5 Core Data Center, Data Center, Jira Data Center and 2 more | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated. | |||||
| CVE-2022-2368 | 1 Microweber | 1 Microweber | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| Business Logic Errors in GitHub repository microweber/microweber prior to 1.2.20. | |||||
| CVE-2022-26647 | 1 Siemens | 58 Scalance X200-4p Irt, Scalance X200-4p Irt Firmware, Scalance X201-3p Irt and 55 more | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6). The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions. | |||||
| CVE-2022-31588 | 1 Testplatform Project | 1 Testplatform | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31567 | 1 Data Stream Algorithm Benchmark Project | 1 Data Stream Algorithm Benchmark | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31544 | 1 Xtomo | 1 Robo-tom | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-1245 | 1 Redhat | 1 Keycloak | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services. | |||||
| CVE-2022-31587 | 1 Kg-fashion-chatbot Project | 1 Kg-fashion-chatbot | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31586 | 1 Changepop-back Project | 1 Changepop-back | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31585 | 1 Home Internet Project | 1 Home Internet | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31583 | 1 Automatedquizeval Project | 1 Automatedquizeval | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31584 | 1 S3label Project | 1 S3label | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31582 | 1 Videoserver Project | 1 Videoserver | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31581 | 1 Scorelab | 1 Openmf | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31579 | 1 Iasset Project | 1 Iasset | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31577 | 1 Audio Aligner App Project | 1 Audio Aligner App | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31580 | 1 Caretakerr-api Project | 1 Caretakerr-api | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31576 | 1 Shackerpanel Project | 1 Shackerpanel | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31575 | 1 Livro Python Project | 1 Livro Python | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31574 | 1 Realestate Project | 1 Realestate | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31573 | 1 Chainer | 1 Chainerrl-visualizer | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31572 | 1 Cockybook Project | 1 Cockybook | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31571 | 1 Python-flask-restful-api Project | 1 Python-flask-restful-api | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31570 | 1 Ceneo-web-scrapper Project | 1 Ceneo-web-scrapper | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31568 | 1 Rexians | 1 Rex-web | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31556 | 1 Trainenergyserver Project | 1 Trainenergyserver | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31555 | 1 Nurse Quest Project | 1 Nurse Quest | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31554 | 1 Movie-review-sentiment-analysis Project | 1 Movie-review-sentiment-analysis | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31553 | 1 Sleep Learner Project | 1 Sleep Learner | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31552 | 1 Anuvaad-corpus Project | 1 Anuvaad-corpus | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31551 | 1 Flask-mongo-skel Project | 1 Flask-mongo-skel | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31550 | 1 Python Athena Stack Project | 1 Python Athena Stack | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31549 | 1 Helm-flask-celery Project | 1 Helm-flask-celery | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31548 | 1 Homepage Project | 1 Homepage | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31547 | 1 Sphere Project | 1 Sphere | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31546 | 1 Glance Project | 1 Glance | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31545 | 1 Modelconverter Project | 1 Modelconverter | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31543 | 1 Setupbox Project | 1 Setupbox | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31542 | 1 Mdweb Project | 1 Mdweb | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31541 | 1 Barry Voice Assistant Project | 1 Barry Voice Assistant | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31540 | 1 Hin-eng-preprocessing Project | 1 Hin-eng-preprocessing | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31539 | 1 Kotekan Project | 1 Kotekan | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31538 | 1 Mp-m08-interface Project | 1 Mp-m08-interface | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31537 | 1 Solar-system-simulator Project | 1 Solar-system-simulator | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-2274 | 1 Openssl | 1 Openssl | 2022-07-15 | 10.0 HIGH | 9.8 CRITICAL |
| The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. | |||||