Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2191 | 1 Eclipse | 1 Jetty | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths. | |||||
| CVE-2022-2048 | 1 Eclipse | 1 Jetty | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. | |||||
| CVE-2022-2047 | 1 Eclipse | 1 Jetty | 2022-07-15 | 4.0 MEDIUM | 2.7 LOW |
| In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. | |||||
| CVE-2021-41042 | 1 Eclipse | 1 Lyo | 2022-07-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved. | |||||
| CVE-2022-31121 | 1 Hyperledger | 1 Fabric | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue. | |||||
| CVE-2022-33738 | 1 Openvpn | 1 Openvpn Access Server | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal | |||||
| CVE-2022-31560 | 1 Photo Tag Project | 1 Photo Tag | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31559 | 1 Flask-yeoman Project | 1 Flask-yeoman | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31562 | 1 Internshipsystem Project | 1 Internshipsystem | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31561 | 1 Sphere Imagebackend Project | 1 Sphere Imagebackend | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31136 | 1 Joinbookwyrm | 1 Bookwyrm | 2022-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as cross site scripting attacks on users viewing these fields. Users are advised to upgrade to version 0.4.1. There are no known workarounds for this issue. | |||||
| CVE-2022-31564 | 1 Munhak | 1 Munhak-moa | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31563 | 1 Vprj Project | 1 Vprj | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-23744 | 1 Checkpoint | 2 Endpoint Security, Harmony Endpoint | 2022-07-15 | 2.1 LOW | 2.3 LOW |
| Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. | |||||
| CVE-2021-41995 | 2 Apple, Pingidentity | 2 Macos, Pingid Integration For Mac Login | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | |||||
| CVE-2022-33948 | 1 Kddi | 2 Home Spot Cube 2, Home Spot Cube 2 Firmware | 2022-07-15 | 8.3 HIGH | 8.8 HIGH |
| HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product. | |||||
| CVE-2022-31566 | 1 Data Stream Algorithm Benchmark Project | 1 Data Stream Algorithm Benchmark | 2022-07-15 | 5.0 MEDIUM | 8.6 HIGH |
| The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31565 | 1 Syrabond Project | 1 Syrabond | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31472 | 1 Cybozu | 1 Garoon | 2022-07-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet. | |||||
| CVE-2022-30943 | 1 Cybozu | 1 Garoon | 2022-07-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin. | |||||
| CVE-2022-30602 | 1 Cybozu | 1 Garoon | 2022-07-15 | 5.5 MEDIUM | 8.1 HIGH |
| Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files. | |||||
| CVE-2022-31502 | 1 Wormnest Project | 1 Wormnest | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31506 | 1 Cmu | 1 Opendiamond | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31501 | 1 Onyxforum Project | 1 Onyxforum | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31505 | 1 Mercadoenlineaback Project | 1 Mercadoenlineaback | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31504 | 1 Baiduwenkuspider Flaskweb Project | 1 Baiduwenkuspider Flaskweb | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31503 | 1 Orchest | 1 Orchest | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31510 | 1 Simple-rat Project | 1 Simple-rat | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31509 | 1 Iedadata | 1 Usap-dc Web Submission And Dataset Search | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31508 | 1 Idayrus | 1 E-voting | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31507 | 1 Ganga Project | 1 Ganga | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31514 | 1 Fan Platform Project | 1 Fan Platform | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31513 | 1 Krypton Project | 1 Krypton | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31512 | 1 Flask-mvc Project | 1 Flask-mvc | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31511 | 1 Equanimity Project | 1 Equanimity | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31517 | 1 Mercury Sample Manager Project | 1 Mercury Sample Manager | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31516 | 1 Harveyzyh Python Project | 1 Harveyzyh Python | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31515 | 1 Carceresbe Project | 1 Carceresbe | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31520 | 1 Logstash-management-api Project | 1 Logstash-management-api | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31519 | 1 Windmill Project | 1 Windmill | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31518 | 1 Python-recipe-database Project | 1 Python-recipe-database | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31523 | 1 Paddlepaddle | 1 Anakin | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31522 | 1 Karaokey Project | 1 Karaokey | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31521 | 1 Mosaic Project | 1 Mosaic | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31526 | 1 Thunderatz | 1 Thunderdocs | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31525 | 1 Deep Learning Studio Project | 1 Deep Learning Studio | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31524 | 1 Purestorage | 1 Pure Swagger | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31529 | 1 Monorepo Project | 1 Monorepo | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31528 | 1 Bonn Activity Maps Annotation Tool Project | 1 Bonn Activity Maps Annotation Tool | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31527 | 1 Flask-file-server Project | 1 Flask-file-server | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||