Search
Total
17685 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37404 | 1 Apache | 1 Hadoop | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. | |||||
| CVE-2021-33473 | 1 Dragonfly Project | 1 Dragonfly | 2022-07-15 | 4.9 MEDIUM | 9.1 CRITICAL |
| An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL. | |||||
| CVE-2022-31536 | 1 Ytdl-sync Project | 1 Ytdl-sync | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31535 | 1 Fishtank Project | 1 Fishtank | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31534 | 1 Pythonweb Project | 1 Pythonweb | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-33936 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2022-07-15 | 10.0 HIGH | 9.8 CRITICAL |
| Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2021-35283 | 1 Atoms183 Cms Project | 1 Atoms183 Cms | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php. | |||||
| CVE-2022-31533 | 1 Umbral Project | 1 Umbral | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31560 | 1 Photo Tag Project | 1 Photo Tag | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31559 | 1 Flask-yeoman Project | 1 Flask-yeoman | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31562 | 1 Internshipsystem Project | 1 Internshipsystem | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31561 | 1 Sphere Imagebackend Project | 1 Sphere Imagebackend | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31564 | 1 Munhak | 1 Munhak-moa | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31563 | 1 Vprj Project | 1 Vprj | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31565 | 1 Syrabond Project | 1 Syrabond | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31502 | 1 Wormnest Project | 1 Wormnest | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31506 | 1 Cmu | 1 Opendiamond | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31501 | 1 Onyxforum Project | 1 Onyxforum | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31505 | 1 Mercadoenlineaback Project | 1 Mercadoenlineaback | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31504 | 1 Baiduwenkuspider Flaskweb Project | 1 Baiduwenkuspider Flaskweb | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31503 | 1 Orchest | 1 Orchest | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31510 | 1 Simple-rat Project | 1 Simple-rat | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31509 | 1 Iedadata | 1 Usap-dc Web Submission And Dataset Search | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31508 | 1 Idayrus | 1 E-voting | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31507 | 1 Ganga Project | 1 Ganga | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31514 | 1 Fan Platform Project | 1 Fan Platform | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31513 | 1 Krypton Project | 1 Krypton | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31512 | 1 Flask-mvc Project | 1 Flask-mvc | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31511 | 1 Equanimity Project | 1 Equanimity | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31517 | 1 Mercury Sample Manager Project | 1 Mercury Sample Manager | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31516 | 1 Harveyzyh Python Project | 1 Harveyzyh Python | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31515 | 1 Carceresbe Project | 1 Carceresbe | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31520 | 1 Logstash-management-api Project | 1 Logstash-management-api | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31519 | 1 Windmill Project | 1 Windmill | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31518 | 1 Python-recipe-database Project | 1 Python-recipe-database | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31523 | 1 Paddlepaddle | 1 Anakin | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31522 | 1 Karaokey Project | 1 Karaokey | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31521 | 1 Mosaic Project | 1 Mosaic | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31526 | 1 Thunderatz | 1 Thunderdocs | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31525 | 1 Deep Learning Studio Project | 1 Deep Learning Studio | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31524 | 1 Purestorage | 1 Pure Swagger | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31529 | 1 Monorepo Project | 1 Monorepo | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31528 | 1 Bonn Activity Maps Annotation Tool Project | 1 Bonn Activity Maps Annotation Tool | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31527 | 1 Flask-file-server Project | 1 Flask-file-server | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-32207 | 1 Haxx | 1 Curl | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | |||||
| CVE-2022-32056 | 1 Online Accreditation Management System Project | 1 Online Accreditation Management System | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php. | |||||
| CVE-2021-29281 | 1 Gfi | 1 Archiver | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317. | |||||
| CVE-2022-2321 | 1 Heroiclabs | 1 Nakama | 2022-07-14 | 5.0 MEDIUM | 9.8 CRITICAL |
| Improper Restriction of Excessive Authentication Attempts in GitHub repository heroiclabs/nakama prior to 3.13.0. This results in login brute-force attacks. | |||||
| CVE-2021-28506 | 1 Arista | 1 Eos | 2022-07-14 | 9.4 HIGH | 9.1 CRITICAL |
| An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device. | |||||
| CVE-2022-33980 | 1 Apache | 1 Commons Configuration | 2022-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default. | |||||