Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31046 | 1 Typo3 | 1 Typo3 | 2022-06-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users. | |||||
| CVE-2021-30338 | 1 Qualcomm | 4 Sd850, Sd850 Firmware, Sdxr1 and 1 more | 2022-06-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute | |||||
| CVE-2022-32230 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server 2019 | 2022-06-23 | 7.8 HIGH | 7.5 HIGH |
| Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot. | |||||
| CVE-2022-32240 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-32242 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-32241 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-32243 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-23 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2021-36901 | 1 Asylumdigital | 1 Age Gate | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress. | |||||
| CVE-2022-32363 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=. | |||||
| CVE-2022-32362 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=. | |||||
| CVE-2022-32355 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=. | |||||
| CVE-2022-32354 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-32353 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=. | |||||
| CVE-2022-20132 | 1 Google | 1 Android | 2022-06-23 | 4.9 MEDIUM | 4.6 MEDIUM |
| In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel | |||||
| CVE-2022-31041 | 1 Maykinmedia | 1 Open Forms | 2022-06-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. only PDF / Excel / ...). The input validation of uploaded files is insufficient in versions prior to 1.0.9 and 1.1.1. Users could alter or strip file extensions to bypass this validation. This results in files being uploaded to the server that are of a different file type than indicated by the file name extension. These files may be downloaded (manually or automatically) by staff and/or other applications for further processing. Malicious files can therefore find their way into internal/trusted networks. Versions 1.0.9 and 1.1.1 contain patches for this issue. As a workaround, an API gateway or intrusion detection solution in front of open-forms may be able to scan for and block malicious content before it reaches the Open Forms application. | |||||
| CVE-2022-20134 | 1 Google | 1 Android | 2022-06-23 | 7.2 HIGH | 7.8 HIGH |
| In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397 | |||||
| CVE-2022-1958 | 1 Filecloud | 1 Filecloud | 2022-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in FileCloud. Affected is the NTFS handler which leads to improper access controls. It is possible to launch the attack remotely but it demands some form of authentication. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2021-40212 | 1 Daum | 1 Potplayer | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.21523 build 210729 may lead to code execution, information disclosure, and denial of service. | |||||
| CVE-2022-20127 | 1 Google | 1 Android | 2022-06-23 | 10.0 HIGH | 9.8 CRITICAL |
| In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221862119 | |||||
| CVE-2022-20125 | 1 Google | 1 Android | 2022-06-23 | 7.2 HIGH | 6.8 MEDIUM |
| In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515 | |||||
| CVE-2022-20124 | 1 Google | 1 Android | 2022-06-23 | 7.2 HIGH | 7.8 HIGH |
| In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-170646036 | |||||
| CVE-2022-20123 | 1 Google | 1 Android | 2022-06-23 | 7.8 HIGH | 7.5 HIGH |
| In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221852424 | |||||
| CVE-2022-31059 | 1 Discourse | 1 Discourse Calendar | 2022-06-23 | 2.1 LOW | 5.4 MEDIUM |
| Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in version 1.0.1 of the Discourse Calendar plugin. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. | |||||
| CVE-2022-29301 | 2022-06-23 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2022-29299 | 2022-06-23 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-20660. Reason: This candidate is a reservation duplicate of CVE-2021-20660. Notes: All CVE users should reference CVE-2021-20660 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2022-26776 | 1 Apple | 1 Macos | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-26775 | 1 Apple | 2 Mac Os X, Macos | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-26708 | 1 Apple | 1 Macos | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution. | |||||
| CVE-2022-26659 | 2 Docker, Microsoft | 2 Docker Desktop, Windows | 2022-06-23 | 3.6 LOW | 7.1 HIGH |
| Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. | |||||
| CVE-2021-38562 | 2 Bestpractical, Fedoraproject | 2 Request Tracker, Fedora | 2022-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. | |||||
| CVE-2022-31846 | 1 Wavlink | 2 Wn535g3, Wn535g3 Firmware | 2022-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | |||||
| CVE-2022-31845 | 1 Wavlink | 2 Wn535g3, Wn535g3 Firmware | 2022-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | |||||
| CVE-2022-27859 | 1 Nicdark | 1 Nd-travel | 2022-06-23 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress. | |||||
| CVE-2022-29406 | 1 Dynamicweblab | 1 Wp-team-manager | 2022-06-23 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin <= 1.6.9 at WordPress. | |||||
| CVE-2022-33140 | 3 Apache, Apple, Linux | 4 Nifi, Nifi Registry, Macos and 1 more | 2022-06-23 | 6.0 MEDIUM | 8.8 HIGH |
| The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments. | |||||
| CVE-2019-4575 | 1 Ibm | 1 Financial Transaction Manager | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 166801. | |||||
| CVE-2021-41672 | 1 Peel | 1 Peel Shopping | 2022-06-23 | 5.5 MEDIUM | 6.5 MEDIUM |
| PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database. | |||||
| CVE-2018-1199 | 3 Oracle, Redhat, Vmware | 5 Rapid Planning, Retail Xstore Point Of Service, Fuse and 2 more | 2022-06-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. | |||||
| CVE-2005-1006 | 1 Sonicwall | 2 Soho, Soho Firmware | 2022-06-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | |||||
| CVE-2018-1275 | 2 Oracle, Vmware | 19 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 16 more | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework. | |||||
| CVE-2018-1272 | 2 Oracle, Vmware | 25 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 22 more | 2022-06-23 | 6.0 MEDIUM | 7.5 HIGH |
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. | |||||
| CVE-2018-1271 | 2 Oracle, Vmware | 28 Application Testing Suite, Big Data Discovery, Communications Converged Application Server and 25 more | 2022-06-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. | |||||
| CVE-2018-11040 | 3 Debian, Oracle, Vmware | 28 Debian Linux, Agile Product Lifecycle Management, Application Testing Suite and 25 more | 2022-06-23 | 4.3 MEDIUM | 7.5 HIGH |
| Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. | |||||
| CVE-2018-1257 | 3 Oracle, Redhat, Vmware | 30 Agile Product Lifecycle Management, Application Testing Suite, Big Data Discovery and 27 more | 2022-06-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. | |||||
| CVE-2018-1270 | 4 Debian, Oracle, Redhat and 1 more | 28 Debian Linux, Application Testing Suite, Big Data Discovery and 25 more | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. | |||||
| CVE-2018-11039 | 3 Debian, Oracle, Vmware | 33 Debian Linux, Agile Plm, Application Testing Suite and 30 more | 2022-06-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. | |||||
| CVE-2012-2750 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2022-06-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility. | |||||
| CVE-2021-40910 | 1 Phpcms | 1 Phpcms | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side. | |||||
| CVE-2022-27889 | 1 Palantir | 1 Foundry Multipass | 2022-06-23 | 6.4 MEDIUM | 9.1 CRITICAL |
| The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations. A malicious attacker could perform an application-level denial of service attack, potentially causing authentication and/or authorization operations to fail for the duration of the attack. This could lead to performance degradation or login failures for customer Palantir Foundry environments. This vulnerability is resolved in Multipass 3.647.0. This issue affects: Palantir Foundry Multipass versions prior to 3.647.0. | |||||
| CVE-2022-31273 | 1 17ido | 1 Topidp3000 Topsec Operating System | 2022-06-23 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie. | |||||