Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31648 | 1 Talend | 1 Administration Center | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. | |||||
| CVE-2022-1542 | 1 Justsystems | 1 Hpb Dashboard | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-1562 | 1 Room 34 Creative Services | 1 Enable Svg | 2022-06-08 | 3.5 LOW | 5.4 MEDIUM |
| The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads | |||||
| CVE-2022-1564 | 1 10web | 1 Form Maker | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-1566 | 1 Quotes Llama Project | 1 Quotes Llama | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file | |||||
| CVE-2022-29091 | 1 Dell | 3 Unity Operating Environment, Unity Xt Operating Environment, Unityvsa Operating Environment | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | |||||
| CVE-2022-1568 | 1 Wpdarko | 1 Team Members | 2022-06-08 | 3.5 LOW | 4.8 MEDIUM |
| The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2022-1582 | 1 Webfactoryltd | 1 External Links In New Window \/ New Tab | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. | |||||
| CVE-2022-29082 | 1 Dell | 1 Emc Networker | 2022-06-08 | 4.9 MEDIUM | 4.6 MEDIUM |
| Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates. | |||||
| CVE-2022-28875 | 3 Apple, F-secure, Microsoft | 9 Macos, Atlant, Cloud Protection For Salesforce and 6 more | 2022-06-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker. | |||||
| CVE-2022-26765 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-06-08 | 1.9 LOW | 4.7 MEDIUM |
| A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. | |||||
| CVE-2022-26764 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-06-08 | 2.6 LOW | 4.7 MEDIUM |
| A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | |||||
| CVE-2022-26767 | 1 Apple | 1 Macos | 2022-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. | |||||
| CVE-2022-26766 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2022-06-08 | 4.3 MEDIUM | 5.5 MEDIUM |
| A certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation. | |||||
| CVE-2021-45818 | 1 Safarimontage | 1 Safari Montage | 2022-06-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAFARI Montage 8.7.32 is affected by a CRLF injection vulnerability which can lead to HTTP response splitting. | |||||
| CVE-2022-26690 | 1 Apple | 1 Macos | 2022-06-08 | 2.6 LOW | 4.7 MEDIUM |
| Description: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system. | |||||
| CVE-2022-22674 | 1 Apple | 2 Mac Os X, Macos | 2022-06-08 | 4.9 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory. | |||||
| CVE-2022-26726 | 1 Apple | 3 Mac Os X, Macos, Watchos | 2022-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen. | |||||
| CVE-2022-26725 | 1 Apple | 1 Macos | 2022-06-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector. | |||||
| CVE-2022-29188 | 1 Stripe | 1 Smokescreen | 2022-06-07 | 6.4 MEDIUM | 6.5 MEDIUM |
| Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also offers an option to deny access to additional (e.g., external) URLs by way of a deny list. There was an issue in Smokescreen that made it possible to bypass the deny list feature by surrounding the hostname with square brackets (e.g. `[example.com]`). This only impacted the HTTP proxy functionality of Smokescreen. HTTPS requests were not impacted. Smokescreen version 0.0.4 contains a patch for this issue. | |||||
| CVE-2022-20674 | 1 Cisco | 1 Common Services Platform Collector | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2022-20673 | 1 Cisco | 1 Common Services Platform Collector | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2022-20672 | 1 Cisco | 1 Common Services Platform Collector | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2022-26706 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-06-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions. | |||||
| CVE-2022-29185 | 1 Totp-rs Project | 1 Totp-rs | 2022-06-07 | 3.5 LOW | 4.4 MEDIUM |
| totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password (TOTP). Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and thus reuse it in the same time window. The attacker would have to know the password beforehand nonetheless. Starting with patched version 1.1.0, the library uses constant-time comparison. There are currently no known workarounds. | |||||
| CVE-2021-3468 | 1 Avahi | 1 Avahi | 2022-06-07 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in avahi in versions 0.6 up to 0.8. The event used to signal the termination of the client connection on the avahi Unix socket is not correctly handled in the client_work function, allowing a local attacker to trigger an infinite loop. The highest threat from this vulnerability is to the availability of the avahi service, which becomes unresponsive after this flaw is triggered. | |||||
| CVE-2022-26727 | 1 Apple | 2 Mac Os X, Macos | 2022-06-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system. | |||||
| CVE-2021-32989 | 1 Lcds | 1 Laquis Scada | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting. | |||||
| CVE-2021-32964 | 1 Aggsoft | 1 Webserver | 2022-06-07 | 5.0 MEDIUM | 5.3 MEDIUM |
| The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system. | |||||
| CVE-2021-32962 | 1 Aggsoft | 1 Webserver | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to cross-site scripting, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2022-29358 | 1 Epub2txt2 Project | 1 Epub2txt2 | 2022-06-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XML file. | |||||
| CVE-2022-26746 | 1 Apple | 2 Mac Os X, Macos | 2022-06-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences. | |||||
| CVE-2022-26745 | 1 Apple | 1 Macos | 2022-06-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory. | |||||
| CVE-2022-26755 | 1 Apple | 2 Mac Os X, Macos | 2022-06-07 | 4.3 MEDIUM | 6.3 MEDIUM |
| This issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox. | |||||
| CVE-2021-35487 | 1 Nokia | 1 Broadcast Message Center | 2022-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data. | |||||
| CVE-2021-4231 | 1 Angular | 1 Angular | 2022-06-07 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component. | |||||
| CVE-2022-26865 | 1 Dell | 1 Supportassist Os Recovery | 2022-06-07 | 7.2 HIGH | 6.8 MEDIUM |
| Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator. | |||||
| CVE-2022-29252 | 1 Xwiki | 1 Xwiki | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the "requestJoin" field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `WikiManager.JoinWiki` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory. | |||||
| CVE-2019-14862 | 3 Knockoutjs, Oracle, Redhat | 5 Knockout, Business Intelligence, Goldengate and 2 more | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | |||||
| CVE-2019-5023 | 1 Opensrcsec | 2 Grsecurity, Pax | 2022-06-07 | 4.3 MEDIUM | 5.9 MEDIUM |
| An exploitable vulnerability exists in the grsecurity PaX patch for the function read_kmem, in PaX from version pax-linux-4.9.8-test1 to 4.9.24-test7, grsecurity official from version grsecurity-3.1-4.9.8-201702060653 to grsecurity-3.1-4.9.24-201704252333, grsecurity unofficial from version v4.9.25-unofficialgrsec to v4.9.74-unofficialgrsec. PaX adds a temp buffer to the read_kmem function, which is never freed when an invalid address is supplied. This results in a memory leakage that can lead to a crash of the system. An attacker needs to induce a read to /dev/kmem using an invalid address to exploit this vulnerability. | |||||
| CVE-2019-3740 | 2 Dell, Oracle | 18 Bsafe Cert-j, Bsafe Crypto-j, Bsafe Ssl-j and 15 more | 2022-06-07 | 4.3 MEDIUM | 6.5 MEDIUM |
| RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys. | |||||
| CVE-2020-28588 | 1 Linux | 1 Linux Kernel | 2022-06-07 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents. | |||||
| CVE-2020-13524 | 2 Apple, Pixar | 3 Mac Os X, Macos, Openusd | 2022-06-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | |||||
| CVE-2022-29251 | 1 Xwiki | 1 Xwiki | 2022-06-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the `FlamingoThemesCode.WebHomeSheet` wiki page related to the "newThemeName" form field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `FlamingoThemesCode.WebHomeSheet` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory. | |||||
| CVE-2020-15230 | 1 Vapor Project | 1 Vapor | 2022-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4. | |||||
| CVE-2021-27783 | 1 Hcltech | 2 Bigfix Mobile, Bigfix Modern Client Management | 2022-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. | |||||
| CVE-2017-2829 | 1 Foscam | 2 C1 Indoor Hd Camera, C1 Indoor Hd Camera Firmware | 2022-06-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| An exploitable directory traversal vulnerability exists in the web management interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.37. A specially crafted HTTP request can cause the application to read a file from disk but a failure to adequately filter characters results in allowing an attacker to specify a file outside of a directory. An attacker can simply send an HTTP request to the device to trigger this vulnerability. | |||||
| CVE-2018-4036 | 1 Macpaw | 1 Cleanmymac X | 2022-06-07 | 2.1 LOW | 5.5 MEDIUM |
| The CleanMyMac X software contains an exploitable privilege escalation vulnerability due to improper input validation. An attacker with local access could use this vulnerability to modify the running kernel extensions on the system. | |||||
| CVE-2018-4035 | 1 Macpaw | 1 Cleanmymac X | 2022-06-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. | |||||
| CVE-2018-4034 | 1 Macpaw | 1 Cleanmymac X | 2022-06-07 | 4.9 MEDIUM | 5.5 MEDIUM |
| The CleanMyMac X software contains an exploitable privilege escalation vulnerability that exists due to improper input validation. An attacker with local access could use this vulnerability to modify the file system as root. | |||||