Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20127 | 1 Kb Login Authentication Script Project | 1 Kb Login Authentication Script | 2022-07-20 | N/A | 9.8 CRITICAL |
| A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. Affected by this issue is some unknown functionality. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-30222 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2022-07-20 | 4.6 MEDIUM | 8.4 HIGH |
| Windows Shell Remote Code Execution Vulnerability. | |||||
| CVE-2022-30221 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 7 and 6 more | 2022-07-20 | 5.1 MEDIUM | 8.8 HIGH |
| Windows Graphics Component Remote Code Execution Vulnerability. | |||||
| CVE-2022-30220 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-20 | 7.2 HIGH | 7.8 HIGH |
| Windows Common Log File System Driver Elevation of Privilege Vulnerability. | |||||
| CVE-2022-30216 | 1 Microsoft | 4 Windows 10, Windows 11, Windows Server 2016 and 1 more | 2022-07-20 | 6.5 MEDIUM | 8.8 HIGH |
| Windows Server Service Tampering Vulnerability. | |||||
| CVE-2022-25803 | 1 Bestpractical | 1 Request Tracker | 2022-07-20 | N/A | 6.1 MEDIUM |
| Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. | |||||
| CVE-2022-25802 | 1 Bestpractical | 1 Request Tracker | 2022-07-20 | N/A | 6.1 MEDIUM |
| Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. | |||||
| CVE-2022-25801 | 1 Bestpractical | 1 Request Tracker For Incident Response | 2022-07-20 | N/A | 9.1 CRITICAL |
| Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools. | |||||
| CVE-2022-22477 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2022-07-20 | N/A | 6.1 MEDIUM |
| IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 225605. | |||||
| CVE-2022-22460 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2022-07-20 | N/A | 7.5 HIGH |
| IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. IBM X-Force ID: 225013. | |||||
| CVE-2022-22453 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2022-07-20 | N/A | 7.5 HIGH |
| IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 224919. | |||||
| CVE-2022-22452 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2022-07-20 | N/A | 7.5 HIGH |
| IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 224918. | |||||
| CVE-2022-22450 | 2 Ibm, Linux | 2 Security Verify Governance, Linux Kernel | 2022-07-20 | N/A | 3.8 LOW |
| IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. IBM X-Force ID: 224916. | |||||
| CVE-2022-35283 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2022-07-20 | N/A | 6.5 MEDIUM |
| IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request. | |||||
| CVE-2022-34094 | 1 I3geo Project | 1 I3geo | 2022-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php. | |||||
| CVE-2022-34093 | 1 I3geo Project | 1 I3geo | 2022-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php. | |||||
| CVE-2022-34092 | 1 I3geo Project | 1 I3geo | 2022-07-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php. | |||||
| CVE-2022-2211 | 2 Libguestfs, Redhat | 2 Libguestfs, Enterprise Linux | 2022-07-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in libguestfs. This issue occurs while calculating the greatest possible number of matching keys in the get_keys() function. This flaw leads to a denial of service, either by mistake or malicious actor. | |||||
| CVE-2011-4916 | 1 Linux | 1 Linux Kernel | 2022-07-20 | 2.1 LOW | 5.5 MEDIUM |
| Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*. | |||||
| CVE-2022-21500 | 1 Oracle | 1 E-business Suite | 2022-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. <br> <br>Oracle E-Business Suite 12.1 is not impacted by this vulnerability. Customers should refer to the Patch Availability Document for details. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2022-30213 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2022-07-19 | 2.1 LOW | 5.5 MEDIUM |
| Windows GDI+ Information Disclosure Vulnerability. | |||||
| CVE-2022-30214 | 1 Microsoft | 3 Windows Server 2016, Windows Server 2019, Windows Server 2022 | 2022-07-19 | 6.0 MEDIUM | 6.6 MEDIUM |
| Windows DNS Server Remote Code Execution Vulnerability. | |||||
| CVE-2022-34464 | 1 Siemens | 4 Sicam Gridedge Essential Arm, Sicam Gridedge Essential Gds Arm, Sicam Gridedge Essential Gds Intel and 1 more | 2022-07-19 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). Affected software uses an improperly protected file to import SSH keys. Attackers with access to the filesystem of the host on which SICAM GridEdge runs, are able to inject a custom SSH key to that file. | |||||
| CVE-2022-31257 | 1 Mendix | 1 Mendix | 2022-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). In case of access to an active user session in an application that is built with an affected version, it’s possible to change that user’s password bypassing password validations within a Mendix application. This could allow to set weak passwords. | |||||
| CVE-2022-33736 | 1 Siemens | 1 Opcenter Quality | 2022-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). The affected applications do not properly validate login information during authentication. This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials. | |||||
| CVE-2006-0963 | 1 Stlport Project | 1 Stlport | 2022-07-19 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in STLport 5.0.2 might allow local users to execute arbitrary code via (1) long locale environment variables to a strcpy function call in c_locale_glibc2.c and (2) long arguments to unspecified functions in num_put_float.cpp. | |||||
| CVE-2007-0803 | 1 Stlport Project | 1 Stlport | 2022-07-19 | 7.5 HIGH | N/A |
| Multiple buffer overflows in STLport before 5.0.3 allow remote attackers to execute arbitrary code via unspecified vectors relating to (1) "print floats" and (2) a missing null termination in the "rope constructor." | |||||
| CVE-2006-4483 | 1 Php | 1 Php | 2022-07-19 | 9.3 HIGH | N/A |
| The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache. | |||||
| CVE-2006-4482 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2022-07-19 | 9.3 HIGH | N/A |
| Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990. | |||||
| CVE-2022-29884 | 1 Siemens | 6 Sicam A8000 Cp-8000, Sicam A8000 Cp-8000 Firmware, Sicam A8000 Cp-8021 and 3 more | 2022-07-19 | 7.1 HIGH | 7.5 HIGH |
| A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). When using the HTTPS server under specific conditions, affected devices do not properly free resources. This could allow an unauthenticated remote attacker to put the device into a denial of service condition. | |||||
| CVE-2022-29560 | 1 Siemens | 22 Ruggedcom Rox Mx5000, Ruggedcom Rox Mx5000 Firmware, Ruggedcom Rox Mx5000re and 19 more | 2022-07-19 | 10.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). Affected devices do not properly validate user input, making them susceptible to command injection. An attacker with access to either the shell or the web CLI with administrator privileges could access the underlying operating system as the root user. | |||||
| CVE-2022-35403 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2022-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. (This also affects Asset Explorer before 6977 with authentication.) | |||||
| CVE-2022-33155 | 1 Ameos Tarteaucitron Project | 1 Ameos Tarteaucitron | 2022-07-19 | 3.5 LOW | 5.4 MEDIUM |
| The ameos_tarteaucitron (aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible) extension before 1.2.23 for TYPO3 allows XSS. | |||||
| CVE-2022-29602 | 1 Grid Elements Project | 1 Grid Elements | 2022-07-19 | 3.5 LOW | 5.4 MEDIUM |
| The gridelements (aka Grid Elements) extension through 7.6.1, 8.x through 8.7.0, 9.x through 9.7.0, and 10.x through 10.2.0 extension for TYPO3 allows XSS. | |||||
| CVE-2022-33154 | 1 Schema Project | 1 Schema | 2022-07-19 | 3.5 LOW | 5.4 MEDIUM |
| The schema (aka Embedding schema.org vocabulary) extension before 1.13.1 and 2.x before 2.5.1 for TYPO3 allows XSS. | |||||
| CVE-2022-2385 | 1 Kubernetes | 1 Aws-iam-authenticator | 2022-07-19 | 6.0 MEDIUM | 8.8 HIGH |
| A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. | |||||
| CVE-2022-32205 | 2 Fedoraproject, Haxx | 2 Fedora, Curl | 2022-07-19 | 4.3 MEDIUM | 4.3 MEDIUM |
| A malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method. | |||||
| CVE-2019-17383 | 1 Netaddr Project | 1 Netaddr | 2022-07-19 | 7.5 HIGH | 9.8 CRITICAL |
| The netaddr gem before 2.0.4 for Ruby has misconfigured file permissions, such that a gem install may result in 0777 permissions in the target filesystem. | |||||
| CVE-2016-5626 | 3 Mariadb, Oracle, Redhat | 6 Mariadb, Mysql, Enterprise Linux Eus and 3 more | 2022-07-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. | |||||
| CVE-2017-10378 | 5 Debian, Mariadb, Netapp and 2 more | 17 Debian Linux, Mariadb, Active Iq Unified Manager and 14 more | 2022-07-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2017-10379 | 5 Debian, Mariadb, Netapp and 2 more | 17 Debian Linux, Mariadb, Active Iq Unified Manager and 14 more | 2022-07-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client programs). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2016-5624 | 3 Mariadb, Oracle, Redhat | 8 Mariadb, Mysql, Enterprise Linux Desktop and 5 more | 2022-07-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||||
| CVE-2014-4260 | 4 Debian, Mariadb, Oracle and 1 more | 8 Debian Linux, Mariadb, Mysql and 5 more | 2022-07-19 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allows remote authenticated users to affect integrity and availability via vectors related to SRCHAR. | |||||
| CVE-2018-2755 | 6 Canonical, Debian, Mariadb and 3 more | 15 Ubuntu Linux, Debian Linux, Mariadb and 12 more | 2022-07-19 | 3.7 LOW | 7.7 HIGH |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of MySQL Server. CVSS 3.0 Base Score 7.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2015-0501 | 7 Canonical, Debian, Juniper and 4 more | 14 Ubuntu Linux, Debian Linux, Junos Space and 11 more | 2022-07-19 | 5.7 MEDIUM | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. | |||||
| CVE-2020-14812 | 5 Debian, Fedoraproject, Mariadb and 2 more | 8 Debian Linux, Fedora, Mariadb and 5 more | 2022-07-19 | 6.8 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). Supported versions that are affected are 5.6.49 and prior, 5.7.31 and prior and 8.0.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2018-2766 | 5 Canonical, Debian, Mariadb and 2 more | 8 Ubuntu Linux, Debian Linux, Mariadb and 5 more | 2022-07-19 | 6.8 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2017-3309 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2022-07-19 | 4.0 MEDIUM | 7.7 HIGH |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). | |||||
| CVE-2017-3308 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2022-07-19 | 4.0 MEDIUM | 7.7 HIGH |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H). | |||||
| CVE-2013-0375 | 4 Canonical, Mariadb, Oracle and 1 more | 7 Ubuntu Linux, Mariadb, Mysql and 4 more | 2022-07-19 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication. | |||||