Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-26944 | 1 Percona | 1 Xtrabackup | 2022-06-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997. | |||||
| CVE-2022-26497 | 1 Bigbluebutton | 1 Greenlight | 2022-06-11 | 3.5 LOW | 5.4 MEDIUM |
| BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously. | |||||
| CVE-2022-1982 | 1 Mattermost | 1 Mattermost Server | 2022-06-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post. | |||||
| CVE-2022-30727 | 1 Google | 1 Android | 2022-06-11 | 2.1 LOW | 5.5 MEDIUM |
| Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. | |||||
| CVE-2022-30729 | 1 Google | 1 Android | 2022-06-11 | 2.1 LOW | 4.6 MEDIUM |
| Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. | |||||
| CVE-2022-30725 | 1 Google | 1 Android | 2022-06-11 | 3.3 LOW | 4.3 MEDIUM |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||||
| CVE-2022-30724 | 1 Google | 1 Android | 2022-06-11 | 3.3 LOW | 4.3 MEDIUM |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||||
| CVE-2022-30723 | 1 Google | 1 Android | 2022-06-11 | 3.3 LOW | 4.3 MEDIUM |
| Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||||
| CVE-2022-30721 | 1 Google | 1 Android | 2022-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||||
| CVE-2022-30720 | 1 Google | 1 Android | 2022-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||||
| CVE-2022-30719 | 1 Google | 1 Android | 2022-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||||
| CVE-2022-30716 | 1 Google | 1 Android | 2022-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. | |||||
| CVE-2022-30715 | 1 Google | 1 Android | 2022-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. | |||||
| CVE-2022-30709 | 1 Google | 1 Android | 2022-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||||
| CVE-2021-38221 | 1 Bbs-go Project | 1 Bbs-go | 2022-06-10 | 3.5 LOW | 5.4 MEDIUM |
| bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS. | |||||
| CVE-2022-0004 | 1 Intel | 796 Atom P5921b, Atom P5921b Firmware, Atom P5931b and 793 more | 2022-06-10 | 7.2 HIGH | 6.8 MEDIUM |
| Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in Intel(R) Boot Guard and Intel(R) TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2022-30514 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. | |||||
| CVE-2022-30513 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 | |||||
| CVE-2022-30503 | 1 Nginx | 1 Njs | 2022-06-10 | 2.1 LOW | 5.5 MEDIUM |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. | |||||
| CVE-2022-30482 | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar Project | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar | 2022-06-10 | 3.5 LOW | 4.8 MEDIUM |
| Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. | |||||
| CVE-2022-22361 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2022-06-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2021-43512 | 1 Flightradar24 | 1 Flightradar24 Flight Tracker | 2022-06-10 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys. | |||||
| CVE-2022-32201 | 1 Libjpeg Project | 1 Libjpeg | 2022-06-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. | |||||
| CVE-2022-32202 | 1 Libjpeg Project | 1 Libjpeg | 2022-06-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. | |||||
| CVE-2022-31973 | 1 Online Fire Reporting System Project | 1 Online Fire Reporting System | 2022-06-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img. | |||||
| CVE-2022-30999 | 1 Friendsofflarum | 1 Upload | 2022-06-10 | 3.5 LOW | 5.4 MEDIUM |
| FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files ('image/svg+xml'), navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an attacker. This Javascript code could include the execution of HTTP web requests to Flarum, or any other web service. This could allow data to be leaked by an authenticated Flarum user, or, possibly, for data to be modified maliciously. This issue has been patched with v1.2.3, which now sanitizes uploaded SVG files. As a workaround, remove the ability for users to upload SVG files through FoF Upload. | |||||
| CVE-2022-31342 | 1 Online Car Wash Booking System Project | 1 Online Car Wash Booking System | 2022-06-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img. | |||||
| CVE-2022-31966 | 1 Chatbot App With Suggestion Project | 1 Chatbot App With Suggestion | 2022-06-10 | 5.5 MEDIUM | 6.5 MEDIUM |
| ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img. | |||||
| CVE-2022-1462 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2022-06-10 | 3.3 LOW | 6.3 MEDIUM |
| An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. | |||||
| CVE-2021-43941 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2022-06-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. | |||||
| CVE-2022-29732 | 1 Deltacontrols | 2 Entelitouch, Entelitouch Firmware | 2022-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-30349 | 1 Sscms | 1 Siteserver Cms | 2022-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-30277 | 1 Bd | 1 Synapsys | 2022-06-10 | 3.6 LOW | 5.7 MEDIUM |
| BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). | |||||
| CVE-2022-29788 | 1 Libmobi Project | 1 Libmobi | 2022-06-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. | |||||
| CVE-2022-29733 | 1 Deltacontrols | 2 Entelitouch, Entelitouch Firmware | 2022-06-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack. | |||||
| CVE-2022-29780 | 1 Nginx | 1 Njs | 2022-06-09 | 2.1 LOW | 5.5 MEDIUM |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. | |||||
| CVE-2022-29779 | 1 Nginx | 1 Njs | 2022-06-09 | 2.1 LOW | 5.5 MEDIUM |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | |||||
| CVE-2022-29734 | 1 Ict | 2 Protege Gx, Protege Wx | 2022-06-09 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | |||||
| CVE-2022-29711 | 1 Librenms | 1 Librenms | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. | |||||
| CVE-2022-29628 | 1 Online Market Place Site Project | 1 Online Market Place Site | 2022-06-09 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter. | |||||
| CVE-2022-29598 | 1 Solutions-atlantic | 1 Regulatory Reporting System | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . | |||||
| CVE-2022-29540 | 1 Resi | 1 Gemini-net | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints, | |||||
| CVE-2022-29648 | 1 Jflyfox | 1 Jfinal Cms | 2022-06-09 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. | |||||
| CVE-2022-29653 | 1 Ofcms Project | 1 Ofcms | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. | |||||
| CVE-2021-3503 | 1 Redhat | 1 Wildfly | 2022-06-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. | |||||
| CVE-2021-28509 | 1 Arista | 45 7050cx3-32s, 7050cx3m-32s, 7050sx3-48c8 and 42 more | 2022-06-09 | 3.6 LOW | 6.1 MEDIUM |
| This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device. | |||||
| CVE-2021-28508 | 1 Arista | 45 7050cx3-32s, 7050cx3m-32s, 7050sx3-48c8 and 42 more | 2022-06-09 | 3.6 LOW | 6.1 MEDIUM |
| This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device. | |||||
| CVE-2022-26491 | 2 Debian, Pidgin | 2 Debian Linux, Pidgin | 2022-06-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. | |||||
| CVE-2022-26972 | 1 Barco | 1 Control Room Management Suite | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. | |||||
| CVE-2022-26973 | 1 Barco | 1 Control Room Management Suite | 2022-06-09 | 5.0 MEDIUM | 5.3 MEDIUM |
| Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details. | |||||