Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-22444 | 1 Ibm | 2 Aix, Vios | 2022-06-23 | 2.1 LOW | 5.5 MEDIUM |
| IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444. | |||||
| CVE-2022-30931 | 1 Employee Leaves Management System Project | 1 Employee Leaves Management System | 2022-06-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. | |||||
| CVE-2022-29437 | 1 Nextcode | 1 Image Slider By Nextcode | 2022-06-23 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | |||||
| CVE-2022-32252 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker. | |||||
| CVE-2020-5421 | 3 Netapp, Oracle, Vmware | 38 Oncommand Insight, Snap Creator Framework, Snapcenter and 35 more | 2022-06-23 | 3.6 LOW | 6.5 MEDIUM |
| In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. | |||||
| CVE-2022-31619 | 1 Siemens | 1 Teamcenter | 2022-06-23 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions. | |||||
| CVE-2022-29485 | 1 Ss-proj | 1 Shirasagi | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-32286 | 1 Mendix | 1 Saml | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link. | |||||
| CVE-2022-29438 | 1 Nextcode | 1 Image Slider By Nextcode | 2022-06-23 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | |||||
| CVE-2021-40633 | 1 Giflib Project | 1 Giflib | 2022-06-23 | 5.1 MEDIUM | 8.8 HIGH |
| A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file. | |||||
| CVE-2022-32254 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. | |||||
| CVE-2022-32256 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. | |||||
| CVE-2022-32255 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. | |||||
| CVE-2022-31050 | 1 Typo3 | 1 Typo3 | 2022-06-23 | 6.5 MEDIUM | 7.2 HIGH |
| TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | |||||
| CVE-2021-41413 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2022-06-23 | 6.8 MEDIUM | 7.8 HIGH |
| ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB. | |||||
| CVE-2022-29482 | 1 Dena | 1 Mobaoku-auction \& Flea Market | 2022-06-23 | 4.3 MEDIUM | 3.7 LOW |
| 'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | |||||
| CVE-2022-31049 | 1 Typo3 | 1 Typo3 | 2022-06-23 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | |||||
| CVE-2022-31048 | 1 Typo3 | 1 Typo3 | 2022-06-23 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | |||||
| CVE-2022-32260 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application creates temporary user credentials for UMC (User Management Component) users. An attacker could use these temporary credentials for authentication bypass in certain scenarios. | |||||
| CVE-2022-30229 | 1 Siemens | 1 Sicam Gridedge Essential | 2022-06-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of an user, such as credentials, in case that user's id is known. | |||||
| CVE-2022-29034 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. | |||||
| CVE-2022-32261 | 1 Siemens | 1 Sinema Remote Connect Server | 2022-06-23 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. | |||||
| CVE-2021-3907 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2022-06-23 | 7.5 HIGH | 9.8 CRITICAL |
| OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on. | |||||
| CVE-2021-30347 | 1 Qualcomm | 128 Ar8035, Ar8035 Firmware, Qca6390 and 125 more | 2022-06-22 | 9.3 HIGH | 8.1 HIGH |
| Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-29522 | 1 Fujielectric | 2 V-server, V-sft | 2022-06-22 | 6.8 MEDIUM | 7.8 HIGH |
| Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2022-32359 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category. | |||||
| CVE-2022-32358 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry. | |||||
| CVE-2022-32238 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-32237 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-32239 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-06-22 | 4.3 MEDIUM | 3.3 LOW |
| When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-29612 | 1 Sap | 2 Host Agent, Netweaver Abap | 2022-06-22 | 4.0 MEDIUM | 4.3 MEDIUM |
| SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application. | |||||
| CVE-2022-32367 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=. | |||||
| CVE-2022-32366 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=. | |||||
| CVE-2021-35071 | 1 Qualcomm | 342 Aqt1000, Aqt1000 Firmware, Ar8035 and 339 more | 2022-06-22 | 2.1 LOW | 5.5 MEDIUM |
| Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2021-35070 | 1 Qualcomm | 18 Qcm6125, Qcm6125 Firmware, Qcs6125 and 15 more | 2022-06-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-40650 | 1 Softwareag | 1 Connx | 2022-06-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set. | |||||
| CVE-2022-2079 | 1 Xgenecloud | 1 Nocodb | 2022-06-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. | |||||
| CVE-2021-40649 | 1 Softwareag | 1 Connx | 2022-06-22 | 6.4 MEDIUM | 6.5 MEDIUM |
| In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set. | |||||
| CVE-2021-35072 | 1 Qualcomm | 164 Apq8009, Apq8009 Firmware, Apq8009w and 161 more | 2022-06-22 | 7.2 HIGH | 7.8 HIGH |
| Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2021-35073 | 1 Qualcomm | 112 Ar8035, Ar8035 Firmware, Qca6390 and 109 more | 2022-06-22 | 7.8 HIGH | 7.5 HIGH |
| Possible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2021-35076 | 1 Qualcomm | 114 Ar8035, Ar8035 Firmware, Qca6390 and 111 more | 2022-06-22 | 7.8 HIGH | 7.5 HIGH |
| Possible null pointer dereference due to improper validation of RRC connection reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-32337 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-22 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=. | |||||
| CVE-2021-35078 | 1 Qualcomm | 214 Aqt1000, Aqt1000 Firmware, Ar8035 and 211 more | 2022-06-22 | 7.8 HIGH | 7.5 HIGH |
| Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-31403 | 1 Combodo | 1 Itop | 2022-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. | |||||
| CVE-2021-35079 | 1 Qualcomm | 122 Apq8053, Apq8053 Firmware, Aqt1000 and 119 more | 2022-06-22 | 2.1 LOW | 5.5 MEDIUM |
| Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2022-26476 | 1 Siemens | 3 Spectrum Power 4, Spectrum Power 7, Spectrum Power Microgrid Management System | 2022-06-22 | 5.4 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges. | |||||
| CVE-2021-35080 | 1 Qualcomm | 50 Qcm2290, Qcm2290 Firmware, Qcm4290 and 47 more | 2022-06-22 | 4.9 MEDIUM | 5.5 MEDIUM |
| Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | |||||
| CVE-2022-32364 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=. | |||||
| CVE-2022-32365 | 1 Product Show Room Site Project | 1 Product Show Room Site | 2022-06-22 | 6.5 MEDIUM | 7.2 HIGH |
| Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=. | |||||
| CVE-2022-1759 | 1 Rb Internal Links Project | 1 Rb Internal Links | 2022-06-22 | 3.5 LOW | 5.4 MEDIUM |
| The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping | |||||