Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-23410 | 1 Axis | 1 Ip Utility | 2022-05-11 | 4.4 MEDIUM | 7.8 HIGH |
| AXIS IP Utility before 4.18.0 allows for remote code execution and local privilege escalation by the means of DLL hijacking. IPUtility.exe would attempt to load DLLs from its current working directory which could allow for remote code execution if a compromised DLL would be placed in the same folder. | |||||
| CVE-2021-41942 | 1 Msvod | 1 Msvod Cms | 2022-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database. | |||||
| CVE-2022-1534 | 1 Libmobi Project | 1 Libmobi | 2022-05-11 | 3.6 LOW | 7.1 HIGH |
| Buffer Over-read at parse_rawml.c:1416 in GitHub repository bfabiszewski/libmobi prior to 0.11. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. | |||||
| CVE-2022-1533 | 1 Libmobi Project | 1 Libmobi | 2022-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. This vulnerability is capable of arbitrary code execution. | |||||
| CVE-2022-24683 | 1 Hashicorp | 1 Nomad | 2022-05-11 | 7.8 HIGH | 7.5 HIGH |
| HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. | |||||
| CVE-2022-21227 | 1 Ghost | 1 Sqlite3 | 2022-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. | |||||
| CVE-2022-1543 | 1 Erudika | 1 Scoold | 2022-05-11 | 6.5 MEDIUM | 8.8 HIGH |
| Improper handling of Length parameter in GitHub repository erudika/scoold prior to 1.49.4. When the text size is large enough the service results in a momentary outage in a production environment. That can lead to memory corruption on the server. | |||||
| CVE-2022-29937 | 1 Usu | 1 Oracle Optimization | 2022-05-11 | 9.0 HIGH | 8.8 HIGH |
| USU Oracle Optimization before 5.17.5 allows authenticated DataCollection users to achieve agent root access because some common OS commands are blocked but (for example) an OS command for base64 decoding is not blocked. NOTE: this is not an Oracle Corporation product. | |||||
| CVE-2022-29936 | 1 Usu | 1 Oracle Optimization | 2022-05-11 | 6.5 MEDIUM | 8.8 HIGH |
| USU Oracle Optimization before 5.17 allows authenticated quantum users to achieve remote code execution because of /v2/quantum/save-data-upload-big-file Java deserialization. NOTE: this is not an Oracle Corporation product. | |||||
| CVE-2021-4090 | 2 Linux, Netapp | 17 Linux Kernel, Baseboard Management Controller H300e, Baseboard Management Controller H300e Firmware and 14 more | 2022-05-11 | 6.6 MEDIUM | 7.1 HIGH |
| An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat. | |||||
| CVE-2022-20084 | 2 Google, Mediatek | 55 Android, Mt6731, Mt6732 and 52 more | 2022-05-11 | 4.6 MEDIUM | 7.8 HIGH |
| In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS06498874. | |||||
| CVE-2022-29451 | 1 Rarathemes | 1 Rara One Click Demo Import | 2022-05-11 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) leading to Arbitrary File Upload vulnerability in Rara One Click Demo Import plugin <= 1.2.9 on WordPress allows attackers to trick logged-in admin users into uploading dangerous files into /wp-content/uploads/ directory. | |||||
| CVE-2021-29854 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2022-05-11 | 4.3 MEDIUM | 7.2 HIGH |
| IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680. | |||||
| CVE-2022-24882 | 1 Freerdp | 1 Freerdp | 2022-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. | |||||
| CVE-2021-42529 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2022-05-11 | 9.3 HIGH | 7.8 HIGH |
| XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | |||||
| CVE-2021-42531 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2022-05-11 | 9.3 HIGH | 7.8 HIGH |
| XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | |||||
| CVE-2021-42530 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2022-05-11 | 9.3 HIGH | 7.8 HIGH |
| XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | |||||
| CVE-2021-42532 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2022-05-11 | 9.3 HIGH | 7.8 HIGH |
| XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | |||||
| CVE-2022-20767 | 1 Cisco | 1 Firepower Threat Defense | 2022-05-11 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement rule. An attacker could exploit this vulnerability by sending crafted UDP packets through an affected device to force a buildup of UDP connections. A successful exploit could allow the attacker to cause traffic that is going through the affected device to be dropped, resulting in a DoS condition. Note: This vulnerability only affects Cisco FTD devices that are running Snort 3. | |||||
| CVE-2021-41959 | 1 Jerryscript | 1 Jerryscript | 2022-05-11 | 5.0 MEDIUM | 7.5 HIGH |
| JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak. | |||||
| CVE-2021-42165 | 1 Mitrastar | 2 Gpt-2541gnac-n1, Gpt-2541gnac-n1 Firmware | 2022-05-11 | 9.0 HIGH | 8.8 HIGH |
| MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command "deviceinfo show file &&/bin/bash" because of incorrect sanitization of parameter "path". | |||||
| CVE-2022-0916 | 1 Logitech | 1 Options | 2022-05-10 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. | |||||
| CVE-2021-22556 | 1 Google | 1 Fuchsia | 2022-05-10 | 4.6 MEDIUM | 7.8 HIGH |
| The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond. | |||||
| CVE-2021-22573 | 1 Google | 1 Oauth Client Library For Java | 2022-05-10 | 3.5 LOW | 7.3 HIGH |
| The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above | |||||
| CVE-2022-23985 | 1 Fatek | 1 Fvdesigner | 2022-05-10 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. | |||||
| CVE-2022-28505 | 1 Jflyfox | 1 Jfinal Cms | 2022-05-10 | 6.5 MEDIUM | 7.2 HIGH |
| Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. | |||||
| CVE-2022-29001 | 1 Springbootmovie Project | 1 Springbootmovie | 2022-05-10 | 6.5 MEDIUM | 7.2 HIGH |
| In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability | |||||
| CVE-2022-1273 | 1 Importwp | 1 Import Wp | 2022-05-10 | 6.5 MEDIUM | 7.2 HIGH |
| The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE | |||||
| CVE-2022-27983 | 1 Ruijienetworks | 2 Rg-nbr2100g-e, Rg-nbr2100g-e Firmware | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php. | |||||
| CVE-2022-20088 | 2 Google, Mediatek | 46 Android, Mt6580, Mt6731 and 43 more | 2022-05-10 | 4.6 MEDIUM | 7.8 HIGH |
| In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06209201. | |||||
| CVE-2022-20093 | 2 Google, Mediatek | 57 Android, Mt6731, Mt6732 and 54 more | 2022-05-10 | 4.6 MEDIUM | 7.8 HIGH |
| In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868. | |||||
| CVE-2022-1403 | 1 Deltaww | 1 Asda Soft | 2022-05-10 | 6.8 MEDIUM | 7.8 HIGH |
| ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. | |||||
| CVE-2022-1402 | 1 Deltaww | 1 Asda Soft | 2022-05-10 | 5.8 MEDIUM | 7.1 HIGH |
| ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | |||||
| CVE-2022-28042 | 2 Fedoraproject, Nothings | 2 Fedora, Stb Image.h | 2022-05-10 | 6.8 MEDIUM | 8.8 HIGH |
| stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. | |||||
| CVE-2022-0815 | 1 Mcafee | 1 Webadvisor | 2022-05-10 | 7.5 HIGH | 7.3 HIGH |
| Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. | |||||
| CVE-2021-32785 | 2 Apache, Zmartzone | 2 Http Server, Mod Auth Openidc | 2022-05-10 | 4.3 MEDIUM | 7.5 HIGH |
| mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled. | |||||
| CVE-2021-4207 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2022-05-10 | 4.6 MEDIUM | 8.8 HIGH |
| A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | |||||
| CVE-2021-4206 | 3 Debian, Qemu, Redhat | 3 Debian Linux, Qemu, Enterprise Linux | 2022-05-10 | 4.6 MEDIUM | 8.2 HIGH |
| A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | |||||
| CVE-2022-24900 | 1 Piano Led Visualizer Project | 1 Piano Led Visualizer | 2022-05-10 | 5.0 MEDIUM | 8.6 HIGH |
| Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the "malicious" parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls. | |||||
| CVE-2022-25090 | 1 Kofax | 1 Printix | 2022-05-10 | 9.3 HIGH | 8.1 HIGH |
| Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. | |||||
| CVE-2022-28048 | 2 Fedoraproject, Stb Project | 2 Fedora, Stb | 2022-05-10 | 6.8 MEDIUM | 8.8 HIGH |
| STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. | |||||
| CVE-2021-25002 | 1 Tipsacarrier Project | 1 Tipsacarrier | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL | |||||
| CVE-2022-23064 | 1 Snipeitapp | 1 Snipe-it | 2022-05-10 | 6.8 MEDIUM | 8.8 HIGH |
| In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over. | |||||
| CVE-2022-28451 | 1 Nopcommerce | 1 Nopcommerce | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature. | |||||
| CVE-2022-24892 | 1 Shopware | 1 Shopware | 2022-05-10 | 6.8 MEDIUM | 7.5 HIGH |
| Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim's account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9. | |||||
| CVE-2022-23904 | 1 Rainworx | 1 Auctionworx | 2022-05-10 | 6.0 MEDIUM | 8.0 HIGH |
| Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition. | |||||
| CVE-2022-22514 | 1 Codesys | 20 Control For Beaglebone Sl, Control For Beckhoff Cx9020, Control For Empc-a\/imx6 Sl and 17 more | 2022-05-10 | 4.9 MEDIUM | 7.1 HIGH |
| An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. | |||||
| CVE-2022-29967 | 1 Glewlwyd Project | 1 Glewlwyd | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal. | |||||
| CVE-2021-31854 | 1 Mcafee | 1 Agent | 2022-05-10 | 9.3 HIGH | 7.8 HIGH |
| A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges. | |||||
| CVE-2021-33193 | 4 Apache, Fedoraproject, Oracle and 1 more | 5 Http Server, Fedora, Secure Backup and 2 more | 2022-05-10 | 5.0 MEDIUM | 7.5 HIGH |
| A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. | |||||