Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31580 | 1 Caretakerr-api Project | 1 Caretakerr-api | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31576 | 1 Shackerpanel Project | 1 Shackerpanel | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31575 | 1 Livro Python Project | 1 Livro Python | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31574 | 1 Realestate Project | 1 Realestate | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31573 | 1 Chainer | 1 Chainerrl-visualizer | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31572 | 1 Cockybook Project | 1 Cockybook | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31571 | 1 Python-flask-restful-api Project | 1 Python-flask-restful-api | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31570 | 1 Ceneo-web-scrapper Project | 1 Ceneo-web-scrapper | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-32061 | 1 Snipeitapp | 1 Snipe-it | 2022-07-15 | 3.5 LOW | 4.8 MEDIUM |
| An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2022-33103 | 1 Denx | 1 U-boot | 2022-07-15 | 4.6 MEDIUM | 7.8 HIGH |
| Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir(). | |||||
| CVE-2022-24139 | 1 Iobit | 1 Advanced System Care | 2022-07-15 | 7.2 HIGH | 7.8 HIGH |
| In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used. | |||||
| CVE-2022-31568 | 1 Rexians | 1 Rex-web | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31556 | 1 Trainenergyserver Project | 1 Trainenergyserver | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31555 | 1 Nurse Quest Project | 1 Nurse Quest | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31554 | 1 Movie-review-sentiment-analysis Project | 1 Movie-review-sentiment-analysis | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31553 | 1 Sleep Learner Project | 1 Sleep Learner | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31552 | 1 Anuvaad-corpus Project | 1 Anuvaad-corpus | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31551 | 1 Flask-mongo-skel Project | 1 Flask-mongo-skel | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31550 | 1 Python Athena Stack Project | 1 Python Athena Stack | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31549 | 1 Helm-flask-celery Project | 1 Helm-flask-celery | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31548 | 1 Homepage Project | 1 Homepage | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31547 | 1 Sphere Project | 1 Sphere | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31546 | 1 Glance Project | 1 Glance | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31545 | 1 Modelconverter Project | 1 Modelconverter | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31543 | 1 Setupbox Project | 1 Setupbox | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31542 | 1 Mdweb Project | 1 Mdweb | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31541 | 1 Barry Voice Assistant Project | 1 Barry Voice Assistant | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31540 | 1 Hin-eng-preprocessing Project | 1 Hin-eng-preprocessing | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31539 | 1 Kotekan Project | 1 Kotekan | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31538 | 1 Mp-m08-interface Project | 1 Mp-m08-interface | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31537 | 1 Solar-system-simulator Project | 1 Solar-system-simulator | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2021-1387 | 1 Cisco | 121 Nexus 3016, Nexus 3016q, Nexus 3048 and 118 more | 2022-07-15 | 4.3 MEDIUM | 8.6 HIGH |
| A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory. | |||||
| CVE-2022-2274 | 1 Openssl | 1 Openssl | 2022-07-15 | 10.0 HIGH | 9.8 CRITICAL |
| The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. | |||||
| CVE-2021-37404 | 1 Apache | 1 Hadoop | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. | |||||
| CVE-2022-32275 | 1 Grafana | 1 Grafana | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd URI. | |||||
| CVE-2022-32250 | 1 Linux | 1 Linux Kernel | 2022-07-15 | 7.2 HIGH | 7.8 HIGH |
| net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. | |||||
| CVE-2021-33473 | 1 Dragonfly Project | 1 Dragonfly | 2022-07-15 | 4.9 MEDIUM | 9.1 CRITICAL |
| An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL. | |||||
| CVE-2022-1882 | 1 Linux | 1 Linux Kernel | 2022-07-15 | 7.2 HIGH | 7.8 HIGH |
| A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called. This flaw allows a local user to crash or potentially escalate their privileges on the system. | |||||
| CVE-2022-1678 | 1 Linux | 1 Linux Kernel | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients. | |||||
| CVE-2022-29968 | 1 Linux | 1 Linux Kernel | 2022-07-15 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. | |||||
| CVE-2022-32060 | 1 Snipeitapp | 1 Snipe-it | 2022-07-15 | 3.5 LOW | 4.8 MEDIUM |
| An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file. | |||||
| CVE-2015-5236 | 1 Icedtea-web Project | 1 Icedtea-web | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value. | |||||
| CVE-2022-31536 | 1 Ytdl-sync Project | 1 Ytdl-sync | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31535 | 1 Fishtank Project | 1 Fishtank | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2015-5298 | 1 Jenkins | 1 Google Login | 2022-07-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification. | |||||
| CVE-2022-31534 | 1 Pythonweb Project | 1 Pythonweb | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-33936 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2022-07-15 | 10.0 HIGH | 9.8 CRITICAL |
| Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2021-35283 | 1 Atoms183 Cms Project | 1 Atoms183 Cms | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php. | |||||
| CVE-2022-31533 | 1 Umbral Project | 1 Umbral | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31029 | 1 Adminite | 1 Adminlte | 2022-07-15 | 3.5 LOW | 4.8 MEDIUM |
| AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `<script>alert("XSS")</script>` in the field marked with "Domain to look for" and hitting <kbd>enter</kbd> (or clicking on any of the buttons) will execute the script. The user must be logged in to use this vulnerability. Usually only administrators have login access to pi-hole, minimizing the risks. Users are advised to upgrade. There are no known workarounds for this issue. | |||||