Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20084 | 1 Jung-group | 2 Smart Visu Server, Smart Visu Server Firmware | 2022-06-29 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Address. The manipulation leads to backdoor. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20083 | 1 Jung-group | 2 Smart Visu Server, Smart Visu Server Firmware | 2022-06-29 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-2112 | 1 Inventree | 1 Inventree | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2. | |||||
| CVE-2021-40955 | 1 Laiketui | 1 Laiketui | 2022-06-29 | 6.5 MEDIUM | 7.2 HIGH |
| SQL injection exists in LaiKetui v3.5.0 the background administrator list. | |||||
| CVE-2022-23079 | 1 Getmotoradmin | 1 Motor Admin | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim. | |||||
| CVE-2022-34180 | 1 Jenkins | 1 Embeddable Build Status | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. | |||||
| CVE-2022-34179 | 1 Jenkins | 1 Embeddable Build Status | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. | |||||
| CVE-2022-34175 | 1 Jenkins | 1 Jenkins | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view. | |||||
| CVE-2022-34174 | 1 Jenkins | 1 Jenkins | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. | |||||
| CVE-2022-33114 | 1 Jflyfox | 1 Jfinal Cms | 2022-06-29 | 6.5 MEDIUM | 7.2 HIGH |
| Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. | |||||
| CVE-2022-33097 | 1 74cms | 1 74cmsse | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job. | |||||
| CVE-2022-33096 | 1 74cms | 1 74cmsse | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index. | |||||
| CVE-2022-33095 | 1 74cms | 1 74cmsse | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. | |||||
| CVE-2022-33094 | 1 74cms | 1 74cmsse | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map. | |||||
| CVE-2022-33093 | 1 74cms | 1 74cmsse | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list. | |||||
| CVE-2022-33092 | 1 74cms | 1 74cmsse | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index. | |||||
| CVE-2022-33034 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c. | |||||
| CVE-2022-33033 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c. | |||||
| CVE-2022-33032 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c. | |||||
| CVE-2022-33028 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c. | |||||
| CVE-2022-33027 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c. | |||||
| CVE-2022-33026 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | |||||
| CVE-2022-33025 | 1 Gnu | 1 Libredwg | 2022-06-29 | 6.8 MEDIUM | 7.8 HIGH |
| LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. | |||||
| CVE-2022-1833 | 1 Redhat | 1 Amq Broker | 2022-06-29 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in AMQ Broker Operator 7.9.4 installed via UI using OperatorHub where a low-privilege user that has access to the namespace where the AMQ Operator is deployed has access to clusterwide edit rights by checking the secrets. The service account used for building the Operator gives more permission than expected and an attacker could benefit from it. This requires at least an already compromised low-privilege account or insider attack. | |||||
| CVE-2022-31083 | 1 Parseplatform | 1 Parse-server | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 4.10.11 and 5.2.2, the certificate in the Parse Server Apple Game Center auth adapter not validated. As a result, authentication could potentially be bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Versions 4.0.11 and 5.2.2 prevent this by introducing a new `rootCertificateUrl` property to the Parse Server Apple Game Center auth adapter which takes the URL to the root certificate of Apple's Game Center authentication certificate. If no value is set, the `rootCertificateUrl` property defaults to the URL of the current root certificate as of May 27, 2022. Keep in mind that the root certificate can change at any time and that it is the developer's responsibility to keep the root certificate URL up-to-date when using the Parse Server Apple Game Center auth adapter. There are no known workarounds for this issue. | |||||
| CVE-2018-25044 | 1 Bittorrent | 1 Utorrent | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in uTorrent. This issue affects some unknown processing of the component Guest Account. The manipulation leads to privilege escalation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2018-25043 | 1 Bittorrent | 1 Utorrent | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in uTorrent. This vulnerability affects unknown code of the component PRNG. The manipulation leads to weak authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2018-25042 | 1 Bittorrent | 1 Utorrent | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in uTorrent. This affects an unknown part. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component. | |||||
| CVE-2022-1665 | 1 Redhat | 1 Enterprise Linux | 2022-06-29 | 4.6 MEDIUM | 8.8 HIGH |
| A set of pre-production kernel packages of Red Hat Enterprise Linux for IBM Power architecture can be booted by the grub in Secure Boot mode even though it shouldn't. These kernel builds don't have the secure boot lockdown patches applied to it and can bypass the secure boot validations, allowing the attacker to load another non-trusted code. | |||||
| CVE-2021-4156 | 1 Libsndfile Project | 1 Libsndfile | 2022-06-28 | 5.8 MEDIUM | 8.1 HIGH |
| An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. | |||||
| CVE-2022-32973 | 1 Tenable | 1 Nessus | 2022-06-28 | 9.0 HIGH | 8.8 HIGH |
| An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. | |||||
| CVE-2022-1614 | 1 Wp-email Project | 1 Wp-email | 2022-06-28 | 4.3 MEDIUM | 7.5 HIGH |
| The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions. | |||||
| CVE-2022-33995 | 1 Devolutions | 1 Remote Desktop Manager | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. | |||||
| CVE-2022-33048 | 1 Online Railway Reservation System Project | 1 Online Railway Reservation System | 2022-06-28 | 6.5 MEDIUM | 7.2 HIGH |
| Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php. | |||||
| CVE-2017-20066 | 1 Adminer Login Project | 1 Adminer Login | 2022-06-28 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-22979 | 1 Vmware | 1 Spring Cloud Function | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework. | |||||
| CVE-2021-40511 | 1 Obdasystems | 1 Mastro | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service. | |||||
| CVE-2021-40510 | 1 Obdasystems | 1 Mastro | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs. | |||||
| CVE-2017-20081 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/reports.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20080 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. Affected by this issue is some unknown functionality of the file /admin/googleads.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2018-18907 | 1 Dlink | 2 Dir-850l, Dir-850l Firmare | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption. | |||||
| CVE-2017-20079 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical was found in Hindu Matrimonial Script. Affected by this vulnerability is an unknown functionality of the file /admin/photo.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-28865 | 1 Powerjob | 1 Powerjob | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save. | |||||
| CVE-2017-20078 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/featured.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20077 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. This issue affects some unknown processing of the file /admin/success_story.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20076 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. This vulnerability affects unknown code of the file /admin/searchview.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20075 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20074 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Hindu Matrimonial Script and classified as critical. Affected by this issue is some unknown functionality of the file /admin/newsletter1.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20073 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in Hindu Matrimonial Script and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cms.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20072 | 1 Hindu Matrimonial Script Project | 1 Hindu Matrimonial Script | 2022-06-28 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/generalsettings.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||