Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-32346 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/view_room.php?id=. | |||||
| CVE-2022-32338 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/manage_doctor.php?id=. | |||||
| CVE-2022-32351 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message. | |||||
| CVE-2021-35082 | 1 Qualcomm | 6 Mdm9206, Mdm9206 Firmware, Qca9367 and 3 more | 2022-06-21 | 9.3 HIGH | 8.1 HIGH |
| Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command packet has been received in Snapdragon Industrial IOT | |||||
| CVE-2022-32350 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room_type. | |||||
| CVE-2022-1762 | 1 Webence | 1 Iq Block Country | 2022-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. | |||||
| CVE-2022-29524 | 1 Fujielectric | 1 V-server | 2022-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2022-1900 | 1 Copify | 1 Copify | 2022-06-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-24077 | 1 Naver | 1 Cloud Explorer | 2022-06-21 | 6.9 MEDIUM | 7.8 HIGH |
| Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. | |||||
| CVE-2022-1777 | 1 Filr Project | 1 Filr | 2022-06-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as delete all files or arbitrary ones. | |||||
| CVE-2022-1765 | 1 Hot Linked Image Cacher Project | 1 Hot Linked Image Cacher | 2022-06-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF. This can be used to store / cache images from external domains on the server, which could lead to legal risks (due to copyright violations or licensing rules). | |||||
| CVE-2022-1779 | 1 Auto Delete Posts Project | 1 Auto Delete Posts | 2022-06-21 | 5.8 MEDIUM | 8.1 HIGH |
| The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once. | |||||
| CVE-2022-1791 | 1 One Click Plugin Updater Project | 1 One Click Plugin Updater | 2022-06-21 | 5.8 MEDIUM | 8.1 HIGH |
| The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check. | |||||
| CVE-2013-4090 | 1 Varnish-cache | 1 Varnish Cache | 2022-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| Varnish HTTP cache before 3.0.4: ACL bug | |||||
| CVE-2015-8852 | 2 Debian, Varnish-cache | 2 Debian Linux, Varnish Cache | 2022-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated by a \r (carriage return) character in conjunction with multiple Content-Length headers in an HTTP request. | |||||
| CVE-2019-15892 | 2 Debian, Varnish-cache | 3 Debian Linux, Varnish, Varnish Cache | 2022-06-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered in Varnish Cache before 6.0.4 LTS, and 6.1.x and 6.2.x before 6.2.1. An HTTP/1 parsing failure allows a remote attacker to trigger an assert by sending crafted HTTP/1 requests. The assert will cause an automatic restart with a clean cache, which makes it a Denial of Service attack. | |||||
| CVE-2017-12425 | 1 Varnish-cache | 2 Varnish, Varnish Cache | 2022-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, 4.1.0 through 4.1.7, 5.0.0, and 5.1.0 through 5.1.2. A wrong if statement in the varnishd source code means that particular invalid requests from the client can trigger an assert, related to an Integer Overflow. This causes the varnishd worker process to abort and restart, losing the cached contents in the process. An attacker can therefore crash the varnishd worker process on demand and effectively keep it from serving content - a Denial-of-Service attack. The specific source-code filename containing the incorrect statement varies across releases. | |||||
| CVE-2021-41641 | 1 Deno | 1 Deno | 2022-06-21 | 3.6 LOW | 8.4 HIGH |
| Deno <=1.14.0 file sandbox does not handle symbolic links correctly. When running Deno with specific write access, the Deno.symlink method can be used to gain access to any directory. | |||||
| CVE-2022-29501 | 1 Schedmd | 1 Slurm | 2022-06-20 | 9.0 HIGH | 8.8 HIGH |
| SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. | |||||
| CVE-2022-30075 | 1 Tp-link | 2 Archer Ax50, Archer Ax50 Firmware | 2022-06-20 | 6.5 MEDIUM | 8.8 HIGH |
| In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation. | |||||
| CVE-2017-16544 | 5 Busybox, Canonical, Debian and 2 more | 8 Busybox, Ubuntu Linux, Debian Linux and 5 more | 2022-06-20 | 6.5 MEDIUM | 8.8 HIGH |
| In the add_match function in libbb/lineedit.c in BusyBox through 1.27.2, the tab autocomplete feature of the shell, used to get a list of filenames in a directory, does not sanitize filenames and results in executing any escape sequence in the terminal. This could potentially result in code execution, arbitrary file writes, or other attacks. | |||||
| CVE-2015-7547 | 10 Canonical, Debian, F5 and 7 more | 30 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 27 more | 2022-06-20 | 6.8 MEDIUM | 8.1 HIGH |
| Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module. | |||||
| CVE-2022-1968 | 1 Vim | 1 Vim | 2022-06-20 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-1898 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-06-20 | 6.8 MEDIUM | 7.8 HIGH |
| Use After Free in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-1851 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-06-20 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-0943 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-06-20 | 4.6 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. | |||||
| CVE-2022-0417 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-06-20 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2021-3903 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-06-20 | 4.6 MEDIUM | 7.8 HIGH |
| vim is vulnerable to Heap-based Buffer Overflow | |||||
| CVE-2021-24957 | 1 Advanced Page Visit Counter Project | 1 Advanced Page Visit Counter | 2022-06-20 | 6.5 MEDIUM | 8.8 HIGH |
| The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection | |||||
| CVE-2022-26757 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-06-20 | 9.3 HIGH | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-5844 | 1 Artica | 1 Pandora Fms | 2022-06-20 | 6.5 MEDIUM | 7.2 HIGH |
| index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pandora FMS v7.0 NG allows authenticated administrators to upload malicious PHP scripts, and execute them via base64 decoding of the file location. This affects v7.0NG.742_FIX_PERL2020. | |||||
| CVE-2022-31325 | 1 Churchcrm | 1 Churchcrm | 2022-06-19 | 6.5 MEDIUM | 7.2 HIGH |
| There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php. | |||||
| CVE-2021-37589 | 1 Virtuasoftware | 1 Cobranca | 2022-06-19 | 5.0 MEDIUM | 7.5 HIGH |
| Virtua Cobranca before 12R allows SQL Injection on the login page. | |||||
| CVE-2022-26532 | 1 Zyxel | 130 Atp100, Atp100 Firmware, Atp100w and 127 more | 2022-06-19 | 7.2 HIGH | 7.8 HIGH |
| A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command. | |||||
| CVE-2022-26531 | 1 Zyxel | 130 Atp100, Atp100 Firmware, Atp100w and 127 more | 2022-06-19 | 4.6 MEDIUM | 7.8 HIGH |
| Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload. | |||||
| CVE-2022-31033 | 1 Mechanize Project | 1 Mechanize | 2022-06-19 | 5.0 MEDIUM | 7.5 HIGH |
| The Mechanize library is used for automating interaction with websites. Mechanize automatically stores and sends cookies, follows redirects, and can follow links and submit forms. In versions prior to 2.8.5 the Authorization header is leaked after a redirect to a different port on the same site. Users are advised to upgrade to Mechanize v2.8.5 or later. There are no known workarounds for this issue. | |||||
| CVE-2022-29798 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2022-06-18 | 7.8 HIGH | 7.5 HIGH |
| There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46. Successful exploitation could cause denial of service. | |||||
| CVE-2022-31761 | 1 Huawei | 2 Emui, Magic Ui | 2022-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| Configuration defects in the secure OS module. Successful exploitation of this vulnerability will affect confidentiality. | |||||
| CVE-2022-31754 | 1 Huawei | 2 Emui, Magic Ui | 2022-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| Logical defects in code implementation in some products. Successful exploitation of this vulnerability may affect the availability of some features. | |||||
| CVE-2021-46812 | 1 Huawei | 2 Emui, Harmonyos | 2022-06-18 | 5.0 MEDIUM | 7.5 HIGH |
| The Device Manager has a vulnerability in multi-device interaction. Successful exploitation of this vulnerability may affect data integrity. | |||||
| CVE-2017-20019 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2022-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this vulnerability is an unknown functionality of the component Config Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-1202 | 1 Usabilitydynamics | 1 Wp-crm | 2022-06-17 | 6.8 MEDIUM | 7.8 HIGH |
| The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability. | |||||
| CVE-2017-20020 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2022-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85. Affected by this issue is some unknown functionality. The manipulation leads to cross site request forgery. The attack may be launched remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-2062 | 1 Xgenecloud | 1 Nocodb | 2022-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||||
| CVE-2017-20022 | 1 Solar-log | 16 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 13 more | 2022-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information disclosure. The attack can be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-2013 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Deploy | 2022-06-17 | 4.3 MEDIUM | 7.5 HIGH |
| In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space. | |||||
| CVE-2022-31042 | 2 Drupal, Guzzlephp | 2 Drupal, Guzzle | 2022-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any `Cookie` header manually added to the initial request would not be stripped. We now always strip it, and allow the cookie middleware to re-add any cookies that it deems should be there. Affected Guzzle 7 users should upgrade to Guzzle 7.4.4 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.7 or 7.4.4. Users unable to upgrade may consider an alternative approach to use your own redirect middleware, rather than ours. If you do not require or expect redirects to be followed, one should simply disable redirects all together. | |||||
| CVE-2017-20045 | 1 Navetti | 1 Pricepoint | 2022-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Navetti PricePoint 4.6.0.0. It has been declared as critical. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20042 | 1 Navetti | 1 Pricepoint | 2022-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection (Blind). The attack can be launched remotely. Upgrading to version 4.7.0.0 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2020-8177 | 4 Debian, Fujitsu, Haxx and 1 more | 15 Debian Linux, M10-1, M10-1 Firmware and 12 more | 2022-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |||||