Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20054 | 1 Xyzscripts | 1 Contact Form Manager | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-32442 | 1 Yuba | 1 U5cms | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl (96502)%27bad=", it can cause html injection. | |||||
| CVE-2021-37764 | 1 Xos-shop | 1 Xos Shop System | 2022-06-28 | 5.5 MEDIUM | 8.1 HIGH |
| Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/manufacturers.php. | |||||
| CVE-2021-46820 | 1 Xos-shop | 1 Xos Shop System | 2022-06-28 | 5.5 MEDIUM | 8.1 HIGH |
| Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php | |||||
| CVE-2022-34491 | 2022-06-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-29969. Reason: This candidate is a duplicate of CVE-2022-29969. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2022-29969 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2022-30767 | 1 Denx | 1 U-boot | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196. | |||||
| CVE-2021-22959 | 2 Llhttp, Oracle | 2 Llhttp, Graalvm | 2022-06-28 | 6.4 MEDIUM | 6.5 MEDIUM |
| The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6. | |||||
| CVE-2021-22960 | 2 Llhttp, Oracle | 2 Llhttp, Graalvm | 2022-06-28 | 5.8 MEDIUM | 6.5 MEDIUM |
| The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. | |||||
| CVE-2021-28116 | 2 Fedoraproject, Squid-cache | 2 Fedora, Squid | 2022-06-28 | 4.3 MEDIUM | 5.3 MEDIUM |
| Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. | |||||
| CVE-2017-20061 | 1 Elefantcms | 1 Elefant Cms | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20060 | 1 Elefantcms | 1 Elefant Cms | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20059 | 1 Elefantcms | 1 Elefant Cms | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input </title><img src=no onerror=alert(1)> leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20058 | 1 Elefantcms | 1 Elefantcms | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20057 | 1 Elefantcms | 1 Elefant Cms | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-31873 | 1 Trendnet | 2 Tv-ip110wn, Tv-ip110wn Firmware | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi. | |||||
| CVE-2022-22138 | 1 Fast String Search Project | 1 Fast String Search | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation. | |||||
| CVE-2022-25345 | 1 Discordjs | 1 Opus | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash. | |||||
| CVE-2022-31941 | 1 Rescue Dispatch Management System Project | 1 Rescue Dispatch Management System | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_user&id=. | |||||
| CVE-2022-32444 | 1 Yuba | 1 U5cms | 2022-06-28 | 5.8 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. | |||||
| CVE-2022-22317 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Curam Social Program Management and 4 more | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281. | |||||
| CVE-2022-22318 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Curam Social Program Management and 4 more | 2022-06-28 | 6.5 MEDIUM | 9.8 CRITICAL |
| IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. | |||||
| CVE-2022-30422 | 1 Proietti | 1 Planet Time Enterprise | 2022-06-28 | 10.0 HIGH | 9.8 CRITICAL |
| Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter. | |||||
| CVE-2022-2128 | 1 Trudesk Project | 1 Trudesk | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4. | |||||
| CVE-2022-31355 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=. | |||||
| CVE-2022-31356 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=. | |||||
| CVE-2022-31357 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=. | |||||
| CVE-2022-31296 | 1 Online Discussion Forum Project | 1 Online Discussion Forum | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php. | |||||
| CVE-2022-2113 | 1 Inventree | 1 Inventree | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2. | |||||
| CVE-2022-2111 | 1 Inventree | 1 Inventree | 2022-06-27 | 6.5 MEDIUM | 8.8 HIGH |
| Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2. | |||||
| CVE-2021-45026 | 1 Rocketsoftware | 1 Ags-zena | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2021-45025 | 1 Rocketsoftware | 1 Ags-zena | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie. | |||||
| CVE-2021-45024 | 1 Rocketsoftware | 1 Ags-zena | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE). | |||||
| CVE-2021-41490 | 1 Rice | 1 Open Motion Planning Library | 2022-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior. | |||||
| CVE-2021-41408 | 1 Voipmonitor | 1 Voipmonitor | 2022-06-27 | 7.5 HIGH | 9.8 CRITICAL |
| VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter. | |||||
| CVE-2019-12352 | 1 Zzcms | 1 Zzcms | 2022-06-27 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie. | |||||
| CVE-2018-25040 | 1 Utorrent | 1 Web | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in uTorrent Web. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HTTP RPC Server. The manipulation leads to privilege escalation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2022-30329 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2022-06-27 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. An OS injection vulnerability exists within the web interface, allowing an attacker with valid credentials to execute arbitrary shell commands. | |||||
| CVE-2022-30325 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2022-06-27 | 3.3 LOW | 8.8 HIGH |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network. | |||||
| CVE-2022-30328 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2022-06-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface. | |||||
| CVE-2022-30327 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2022-06-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known. | |||||
| CVE-2022-29548 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2022-06-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0. | |||||
| CVE-2022-30326 | 1 Trendnet | 2 Tew-831dr, Tew-831dr Firmware | 2022-06-27 | 3.5 LOW | 5.4 MEDIUM |
| An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface. | |||||
| CVE-2014-125025 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125024 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2018-25041 | 1 Utorrent | 1 Web | 2022-06-27 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | |||||
| CVE-2014-125023 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125022 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125021 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125020 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. | |||||
| CVE-2014-125019 | 1 Ffmpeg | 1 Ffmpeg | 2022-06-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | |||||