Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-25063 | 1 Sricam | 1 Deviceviewer | 2022-06-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability was found in Sricam IP CCTV Camera. It has been classified as critical. Affected is an unknown function of the component Device Viewer. The manipulation leads to memory corruption. Local access is required to approach this attack. | |||||
| CVE-2019-25062 | 1 Sricam | 1 Deviceviewer | 2022-06-21 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability was found in Sricam IP CCTV Camera and classified as critical. This issue affects some unknown processing of the component Device Viewer. The manipulation leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-22309 | 1 Ibm | 2 Power System S922, Power System S922 Firmware | 2022-06-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095. | |||||
| CVE-2022-2067 | 1 Rosariosis | 1 Rosariosis | 2022-06-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0. | |||||
| CVE-2022-27438 | 1 Caphyon | 1 Advanced Installer | 2022-06-21 | 5.1 MEDIUM | 8.1 HIGH |
| Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check. | |||||
| CVE-2019-5100 | 1 Leadtools | 1 Leadtools | 2022-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer overflow vulnerability exists in the BMP header parsing functionality of LEADTOOLS 20. A specially crafted BMP image file can cause an integer overflow, potentially resulting in code execution. An attacker can specially craft a BMP image to trigger this vulnerability. | |||||
| CVE-2019-5099 | 1 Leadtools | 1 Leadtools | 2022-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable integer underflow vulnerability exists in the CMP-parsing functionality of LEADTOOLS 20. A specially crafted CMP image file can cause an integer underflow, potentially resulting in code execution. An attacker can specially craft a CMP image to trigger this vulnerability. | |||||
| CVE-2019-5084 | 1 Leadtools | 1 Leadtools | 2022-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable heap out-of-bounds write vulnerability exists in the TIF-parsing functionality of LEADTOOLS 20. A specially crafted TIF image can cause an offset beyond the bounds of a heap allocation to be written, potentially resulting in code execution. An attacker can specially craft a TIF image to trigger this vulnerability. | |||||
| CVE-2019-5068 | 4 Canonical, Debian, Mesa3d and 1 more | 4 Ubuntu Linux, Debian Linux, Mesa and 1 more | 2022-06-21 | 3.6 LOW | 4.4 MEDIUM |
| An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D Graphics Library 19.1.2. An attacker can access the shared memory without any specific permissions to trigger this vulnerability. | |||||
| CVE-2019-5086 | 2 Debian, Xcftools Project | 2 Debian Linux, Xcftools | 2022-06-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools, version 1.0.7. An integer overflow can occur while walking through tiles that could be exploited to corrupt memory and execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file. | |||||
| CVE-2019-5102 | 1 Openwrt | 1 Openwrt | 2022-06-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. | |||||
| CVE-2019-5101 | 1 Openwrt | 1 Openwrt | 2022-06-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client's HTTP request) is written to the stream using ustream_printf, the code eventually enters the function __ustream_ssl_poll, which is used to dispatch the read/write events | |||||
| CVE-2019-5125 | 1 Leadtools | 1 Leadtools | 2022-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability. | |||||
| CVE-2019-5087 | 2 Debian, Xcftools Project | 2 Debian Linux, Xcftools | 2022-06-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable integer overflow vulnerability exists in the flattenIncrementally function in the xcf2png and xcf2pnm binaries of xcftools 1.0.7. An integer overflow can occur while calculating the row's allocation size, that could be exploited to corrupt memory and eventually execute arbitrary code. In order to trigger this vulnerability, a victim would need to open a specially crafted XCF file. | |||||
| CVE-2022-32335 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/manage_menu.php?id=. | |||||
| CVE-2022-32334 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=. | |||||
| CVE-2022-32333 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/sales/receipt.php?id=. | |||||
| CVE-2022-32332 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_category. | |||||
| CVE-2022-32331 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/view_category.php?id=. | |||||
| CVE-2022-32330 | 1 Fast Food Ordering System Project | 1 Fast Food Ordering System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_menu. | |||||
| CVE-2022-32344 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient. | |||||
| CVE-2022-32343 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via hprms/admin/room_types/manage_room_type.php?id=. | |||||
| CVE-2022-32342 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/room_types/view_room_type.php?id=. | |||||
| CVE-2022-32341 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=user/manage_user&id=. | |||||
| CVE-2022-32340 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=patients/view_patient&id=. | |||||
| CVE-2022-32339 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/view_doctor.php?id=. | |||||
| CVE-2022-32349 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_history. | |||||
| CVE-2019-5083 | 1 Accusoft | 1 Imagegear | 2022-06-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll TIFdecodethunderscan function of Accusoft ImageGear 19.3.0 library. A specially crafted TIFF file can cause an out of bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | |||||
| CVE-2019-5076 | 1 Accusoft | 1 Imagegear | 2022-06-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable out-of-bounds write vulnerability exists in the igcore19d.dll PNG header-parser of the Accusoft ImageGear 19.3.0 library. A specially crafted PNG file can cause an out-of-bounds write, resulting in a remote code execution. An attacker needs to provide a malformed file to the viction to trigger the vulnerability. | |||||
| CVE-2019-5072 | 1 Tendacn | 2 Ac1200 Smart Dual-band Gigabit Wifi, Ac9v1.0 Firmware | 2022-06-21 | 4.6 MEDIUM | 7.8 HIGH |
| An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS2 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability. | |||||
| CVE-2019-5071 | 1 Tendacn | 2 Ac1200 Smart Dual-band Gigabit Wifi, Ac9v1.0 Firmware | 2022-06-21 | 7.2 HIGH | 7.8 HIGH |
| An exploitable command injection vulnerability exists in the /goform/WanParameterSetting functionality of Tenda AC9 Router AC1200 Smart Dual-Band Gigabit WiFi Route (AC9V1.0 Firmware V15.03.05.16multiTRU). A specially crafted HTTP POST request can cause a command injection in the DNS1 post parameters, resulting in code execution. An attacker can send HTTP POST request with command to trigger this vulnerability. | |||||
| CVE-2022-32348 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_doctor. | |||||
| CVE-2022-32347 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room. | |||||
| CVE-2022-32345 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/manage_room.php?id=. | |||||
| CVE-2022-32346 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/view_room.php?id=. | |||||
| CVE-2022-32338 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/manage_doctor.php?id=. | |||||
| CVE-2021-35083 | 1 Qualcomm | 348 Apq8009, Apq8009 Firmware, Apq8009w and 345 more | 2022-06-21 | 9.4 HIGH | 9.1 CRITICAL |
| Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2022-32351 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message. | |||||
| CVE-2021-35082 | 1 Qualcomm | 6 Mdm9206, Mdm9206 Firmware, Qca9367 and 3 more | 2022-06-21 | 9.3 HIGH | 8.1 HIGH |
| Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command packet has been received in Snapdragon Industrial IOT | |||||
| CVE-2022-32350 | 1 Hospital\'s Patient Records Management System Project | 1 Hospital\'s Patient Records Management System | 2022-06-21 | 6.5 MEDIUM | 7.2 HIGH |
| Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room_type. | |||||
| CVE-2022-1961 | 1 Gtm4wp | 1 Gtm4wp | 2022-06-21 | 3.5 LOW | 4.8 MEDIUM |
| The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2022-1764 | 1 Wp-chgfontsize Project | 1 Wp-chgfontsize | 2022-06-21 | 3.5 LOW | 5.4 MEDIUM |
| The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | |||||
| CVE-2022-1763 | 1 Static Page Extended Project | 1 Static Page Extended | 2022-06-21 | 3.5 LOW | 5.4 MEDIUM |
| Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features. This could also lead to Stored Cross-Site Scripting due to the lack of escaping in some of the settings | |||||
| CVE-2022-1762 | 1 Webence | 1 Iq Block Country | 2022-06-21 | 5.0 MEDIUM | 7.5 HIGH |
| The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. | |||||
| CVE-2022-1761 | 1 Peter\'s Collaboration E-mails Project | 1 Peter\'s Collaboration E-mails | 2022-06-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more. | |||||
| CVE-2022-29524 | 1 Fujielectric | 1 V-server | 2022-06-21 | 6.8 MEDIUM | 7.8 HIGH |
| Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | |||||
| CVE-2022-31053 | 2 Biscuitsec, Clever-cloud | 4 Biscuit-auth, Biscuit-go, Biscuit-haskell and 1 more | 2022-06-21 | 7.5 HIGH | 9.8 CRITICAL |
| Biscuit is an authentication and authorization token for microservices architectures. The Biscuit specification version 1 contains a vulnerable algorithm that allows malicious actors to forge valid ?-signatures. Such an attack would allow an attacker to create a token with any access level. The version 2 of the specification mandates a different algorithm than gamma signatures and as such is not affected by this vulnerability. The Biscuit implementations in Rust, Haskell, Go, Java and Javascript all have published versions following the v2 specification. There are no known workarounds for this issue. | |||||
| CVE-2022-1900 | 1 Copify | 1 Copify | 2022-06-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2022-31758 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2022-06-21 | 1.9 LOW | 4.7 MEDIUM |
| The kernel module has the race condition vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2022-24077 | 1 Naver | 1 Cloud Explorer | 2022-06-21 | 6.9 MEDIUM | 7.8 HIGH |
| Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection. | |||||