Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2057 | 1 Libtiff | 1 Libtiff | 2022-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | |||||
| CVE-2022-2056 | 1 Libtiff | 1 Libtiff | 2022-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010. | |||||
| CVE-2020-36552 | 1 Multi Restaurant Table Reservation System Project | 1 Multi Restaurant Table Reservation System | 2022-07-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php. | |||||
| CVE-2020-36551 | 1 Multi Restaurant Table Reservation System Project | 1 Multi Restaurant Table Reservation System | 2022-07-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php. | |||||
| CVE-2020-36550 | 1 Multi Restaurant Table Reservation System Project | 1 Multi Restaurant Table Reservation System | 2022-07-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php. | |||||
| CVE-2020-36553 | 1 Multi Restaurant Table Reservation System Project | 1 Multi Restaurant Table Reservation System | 2022-07-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php. | |||||
| CVE-2020-35261 | 1 Multi Restaurant Table Reservation System Project | 1 Multi Restaurant Table Reservation System | 2022-07-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php. | |||||
| CVE-2020-35305 | 1 Gollum Project | 1 Gollum | 2022-07-21 | N/A | 6.1 MEDIUM |
| Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog. | |||||
| CVE-2022-2396 | 1 Simple E-learning System Project | 1 Simple E-learning System | 2022-07-21 | N/A | 5.4 MEDIUM |
| A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. Affected by this vulnerability is an unknown functionality of the file /vcs/claire_blake. The manipulation of the argument Bio with the input "><script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-34233 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34232 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34234 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34236 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-32222 | 1 Nodejs | 1 Node.js | 2022-07-21 | N/A | 5.3 MEDIUM |
| A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. | |||||
| CVE-2022-34237 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.. | |||||
| CVE-2022-34239 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2022-07-21 | N/A | 5.5 MEDIUM |
| Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2017-10384 | 5 Debian, Mariadb, Netapp and 2 more | 17 Debian Linux, Mariadb, Active Iq Unified Manager and 14 more | 2022-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.57 and earlier 5.6.37 and earlier 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2017-3238 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2022-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). | |||||
| CVE-2017-3244 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2022-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). | |||||
| CVE-2022-25869 | 1 Angularjs | 1 Angular | 2022-07-21 | N/A | 6.1 MEDIUM |
| All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements. | |||||
| CVE-2021-24838 | 1 Bologer | 1 Anycomment | 2022-07-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature. | |||||
| CVE-2021-29433 | 1 Matrix | 1 Sydent | 2022-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Sydent is a reference Matrix identity server. In Sydent versions 2.2.0 and prior, sissing input validation of some parameters on the endpoints used to confirm third-party identifiers could cause excessive use of disk space and memory leading to resource exhaustion. A patch for the vulnerability is in version 2.3.0. No workarounds are known to exist. | |||||
| CVE-2022-0967 | 1 Showdoc | 1 Showdoc | 2022-07-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4. | |||||
| CVE-2022-0897 | 2 Netapp, Redhat | 2 Ontap Select Deploy Administration Utility, Libvirt | 2022-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A flaw was found in the libvirt nwfilter driver. The virNWFilterObjListNumOfNWFilters method failed to acquire the `driver->nwfilters` mutex before iterating over virNWFilterObj instances. There was no protection to stop another thread from concurrently modifying the `driver->nwfilters` object. This flaw allows a malicious, unprivileged user to exploit this issue via libvirt’s API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd). | |||||
| CVE-2021-21966 | 1 Ti | 15 Cc3100, Cc3100 Firmware, Cc3120 and 12 more | 2022-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability exists in the HTTP Server /ping.html functionality of Texas Instruments CC3200 SimpleLink Solution NWP 2.9.0.0. A specially-crafted HTTP request can lead to an uninitialized read. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2021-21908 | 1 Garrett | 2 Ic Module, Ic Module Firmware | 2022-07-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Specially-crafted command line arguments can lead to arbitrary file deletion. The handle_delete function does not attempt to sanitize or otherwise validate the contents of the [file] parameter (passed to the function as argv[1]), allowing an authenticated attacker to supply directory traversal primitives and delete semi-arbitrary files. | |||||
| CVE-2021-22261 | 1 Gitlab | 1 Gitlab | 2022-07-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses | |||||
| CVE-2022-34244 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2022-07-21 | N/A | 5.5 MEDIUM |
| Adobe Photoshop versions 22.5.7 (and earlier) and 23.3.2 (and earlier) are affected by an Access of Uninitialized Pointer vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-34248 | 3 Adobe, Apple, Microsoft | 3 Indesign, Macos, Windows | 2022-07-21 | N/A | 5.5 MEDIUM |
| Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2022-2393 | 2 Pki-core Project, Redhat | 3 Pki-core, Certificate System, Enterprise Linux | 2022-07-21 | N/A | 5.7 MEDIUM |
| A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. This flaw allows an authenticated attacker on the adjacent network to impersonate another user within the scope of the domain, but they would not be able to decrypt message content. | |||||
| CVE-2022-31156 | 1 Gradle | 1 Gradle | 2022-07-20 | N/A | 4.4 MEDIUM |
| Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This can occur in two ways. When signature verification is disabled but the verification metadata contains entries for dependencies that only have a `gpg` element but no `checksum` element. When signature verification is enabled, the verification metadata contains entries for dependencies with a `gpg` element but there is no signature file on the remote repository. In both cases, the verification will accept the dependency, skipping signature verification and not complaining that the dependency has no checksum entry. For builds that are vulnerable, there are two risks. Gradle could download a malicious binary from a repository outside your organization due to name squatting. For those still using HTTP only and not HTTPS for downloading dependencies, the build could download a malicious library instead of the expected one. Gradle 7.5 patches this issue by making sure to run checksum verification if signature verification cannot be completed, whatever the reason. Two workarounds are available: Remove all `gpg` elements from dependency verification metadata if you disable signature validation and/or avoid adding `gpg` entries for dependencies that do not have signature files. | |||||
| CVE-2022-32246 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2022-07-20 | 4.9 MEDIUM | 4.6 MEDIUM |
| SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. On successful exploitation, the attacker can cause limited impact on confidentiality and integrity of the application | |||||
| CVE-2022-35227 | 1 Sap | 1 Netweaver Enterprise Portal | 2022-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. A successful exploit could allow the attacker to execute arbitrary script code which could lead to stealing or modifying of authentication information of the user, such as data relating to his or her current session. | |||||
| CVE-2022-35225 | 1 Sap | 1 Netweaver Enterprise Portal | 2022-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data. | |||||
| CVE-2022-35170 | 1 Sap | 1 Netweaver Enterprise Portal | 2022-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. This leads to limited impact on confidentiality and integrity of data. | |||||
| CVE-2022-35169 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2022-07-20 | 6.5 MEDIUM | 6.0 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application. | |||||
| CVE-2022-32248 | 1 Sap | 1 S\/4hana | 2022-07-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. This leads to an impact on the integrity of the data. | |||||
| CVE-2022-32247 | 1 Sap | 1 Netweaver Enterprise Portal | 2022-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-22370 | 1 Ibm | 1 Security Verify Access | 2022-07-20 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194. | |||||
| CVE-2022-32425 | 1 Mealie | 1 Mealie | 2022-07-20 | N/A | 5.3 MEDIUM |
| The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time. | |||||
| CVE-2016-5612 | 3 Mariadb, Oracle, Redhat | 8 Mariadb, Mysql, Enterprise Linux Desktop and 5 more | 2022-07-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||||
| CVE-2020-6920 | 1 Hp | 1 Support Assistant | 2022-07-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Potential security vulnerabilities including compromise of integrity, and allowed communication with untrusted clients has been identified in HP Support Assistant software. | |||||
| CVE-2022-31102 | 1 Linuxfoundation | 1 Argo-cd | 2022-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting (XSS) bug which could allow an attacker to inject arbitrary JavaScript in the `/auth/callback` page in a victim's browser. This vulnerability only affects Argo CD instances which have single sign on (SSO) enabled. The exploit also assumes the attacker has 1) access to the API server's encryption key, 2) a method to add a cookie to the victim's browser, and 3) the ability to convince the victim to visit a malicious `/auth/callback` link. The vulnerability is classified as low severity because access to the API server's encryption key already grants a high level of access. Exploiting the XSS would allow the attacker to impersonate the victim, but would not grant any privileges which the attacker could not otherwise gain using the encryption key. A patch for this vulnerability has been released in the following Argo CD versions 2.4.5 and 2.3.6. There is currently no known workaround. | |||||
| CVE-2022-33712 | 2 Google, Samsung | 2 Android, Camera | 2022-07-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. | |||||
| CVE-2022-34467 | 1 Mendix | 1 Excel Importer | 2022-07-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). The affected component is vulnerable to XML Entity Expansion Injection. An attacker may use this to compromise the availability of the affected component. | |||||
| CVE-2022-34466 | 1 Mendix | 1 Mendix | 2022-07-20 | 3.5 LOW | 6.5 MEDIUM |
| A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information in a certain configuration. | |||||
| CVE-2022-30517 | 1 Mogublog Project | 1 Mogublog | 2022-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-33156 | 1 Matomo | 1 Integration | 2022-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. | |||||
| CVE-2022-33157 | 1 Libconnect Project | 1 Libconnect | 2022-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS. | |||||
| CVE-2022-30205 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-20 | 6.0 MEDIUM | 6.6 MEDIUM |
| Windows Group Policy Elevation of Privilege Vulnerability. | |||||