Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44266 | 1 Gunet | 1 Open Eclass Platform | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. | |||||
| CVE-2022-1692 | 1 Dwbooster | 1 Cp Image Store With Slideshow | 2022-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack | |||||
| CVE-2022-29859 | 1 Amb1 Sdk Project | 1 Amb1 Sdk | 2022-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| component/common/network/dhcp/dhcps.c in ambiot amb1_sdk (aka SDK for Ameba1) before 2022-03-11 mishandles data structures for DHCP packet data. | |||||
| CVE-2019-9564 | 1 Wyze | 6 Cam Pan V2, Cam Pan V2 Firmware, Cam V2 and 3 more | 2022-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. | |||||
| CVE-2022-1690 | 1 Datainterlock | 1 Note Press | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection | |||||
| CVE-2022-1689 | 1 Datainterlock | 1 Note Press | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection | |||||
| CVE-2022-1688 | 1 Datainterlock | 1 Note Press | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections | |||||
| CVE-2022-24969 | 1 Apache | 1 Dubbo | 2022-06-15 | 5.8 MEDIUM | 6.1 MEDIUM |
| bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability. | |||||
| CVE-2022-31386 | 1 Nbnbk Project | 1 Nbnbk | 2022-06-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter. | |||||
| CVE-2022-31390 | 1 Jizhicms | 1 Jizhicms | 2022-06-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php. | |||||
| CVE-2022-29220 | 1 Fastify | 1 Github Action Merge Dependabot | 2022-06-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set to `dependabot[bot]` to determine if the PR is a legit PR. Theoretically, an owner of a seemingly valid and legit action in the pipeline can check if the PR is created by dependabot and if their own action has enough permissions to modify the PR in the pipeline. If so, they can modify the PR by adding a second seemingly valid and legit commit to the PR, as they can set arbitrarily the username and email in for commits in git. Because the bot only checks if the actor is valid, it would pass the malicious changes through and merge the PR automatically, without getting noticed by project maintainers. It would probably not be possible to determine where the malicious commit came from, as it would only say `dependabot[bot]` and the corresponding email-address. Version 3.2.0 contains a patch for this issue. | |||||
| CVE-2022-31398 | 1 Helpdeskz | 1 Helpdeskz | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field. | |||||
| CVE-2022-2036 | 1 Rosariosis | 1 Rosariosis | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1. | |||||
| CVE-2022-2029 | 1 Kromit | 1 Titra | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-2028 | 1 Kromit | 1 Titra | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0. | |||||
| CVE-2022-31026 | 1 Trilogy Project | 1 Trilogy | 2022-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| Trilogy is a client library for MySQL. When authenticating, a malicious server could return a specially crafted authentication packet, causing the client to read and return up to 12 bytes of data from an uninitialized variable in stack memory. Users of the trilogy gem should upgrade to version 2.1.1 This issue can be avoided by only connecting to trusted servers. | |||||
| CVE-2016-15002 | 1 Ideracorp | 1 Webyog Monyog Ultimate | 2022-06-15 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63. This affects an unknown part of the component Cookie Handler. The manipulation of the argument HasServerEdit/IsAdmin leads to privilege escalation. It is possible to initiate the attack remotely. | |||||
| CVE-2021-40961 | 1 Cmsmadesimple | 1 Cms Made Simple | 2022-06-15 | 6.5 MEDIUM | 8.8 HIGH |
| CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php. The $sortby variable is concatenated with $query1, but it is possible to inject arbitrary SQL language without using the '. | |||||
| CVE-2019-25064 | 1 Theaccessgroup | 1 Corehr Core Portal | 2022-06-15 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability was found in CoreHR Core Portal up to 27.0.7. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site request forgery. It is possible to launch the attack remotely. Upgrading to version 27.0.8 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-31830 | 1 Baidu | 1 Kity Minder | 2022-06-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php. | |||||
| CVE-2019-25065 | 1 Opennetadmin | 1 Opennetadmin | 2022-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in OpenNetAdmin 18.1.1. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-31827 | 1 Monstaftp | 1 Monstaftp | 2022-06-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php. | |||||
| CVE-2022-1687 | 1 Logo Slider Project | 1 Logo Slider | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection | |||||
| CVE-2019-25066 | 1 Ajenti | 1 Ajenti | 2022-06-15 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in ajenti 2.1.31 and classified as critical. This vulnerability affects unknown code of the component API. The manipulation leads to privilege escalation. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.1.32 is able to address this issue. The name of the patch is 7aa146b724e0e20cfee2c71ca78fafbf53a8767c. It is recommended to upgrade the affected component. | |||||
| CVE-2022-24896 | 1 Enalean | 1 Tuleap | 2022-06-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Tuleap is a Free & Open Source Suite to manage software developments and collaboration. In versions prior to 13.7.99.239 Tuleap does not properly verify authorizations when displaying the content of tracker report renderer and chart widgets. Malicious users could use this vulnerability to retrieve the name of a tracker they cannot access as well as the name of the fields used in reports. | |||||
| CVE-2022-1686 | 1 Five Minute Webshop Project | 1 Five Minute Webshop | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection | |||||
| CVE-2022-2019 | 1 Prison Management System Project | 1 Prison Management System | 2022-06-15 | 4.3 MEDIUM | 7.5 HIGH |
| A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php?f=save of the component New User Creation. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2018 | 1 Prison Management System Project | 1 Prison Management System | 2022-06-15 | 7.5 HIGH | 7.2 HIGH |
| A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0. Affected is an unknown function of the file /admin/?page=inmates/view_inmate of the component Inmate Handler. The manipulation of the argument id with the input 1%27%20and%201=2%20union%20select%201,user(),3,4,5,6,7,8,9,0,database(),2,3,4,5,6,7,8,9,0,1,2,3,4--+ leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-2017 | 1 Prison Management System Project | 1 Prison Management System | 2022-06-15 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability was found in SourceCodester Prison Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /pms/admin/visits/view_visit.php of the component Visit Handler. The manipulation of the argument id with the input 2%27and%201=2%20union%20select%201,2,3,4,5,6,7,user(),database()--+ leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-32195 | 1 Edx | 1 Open Edx | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL. | |||||
| CVE-2022-2020 | 1 Prison Management System Project | 1 Prison Management System | 2022-06-15 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=system_info of the component System Name Handler. The manipulation with the input <img src="" onerror="alert(1)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-1789 | 4 Debian, Fedoraproject, Linux and 1 more | 4 Debian Linux, Fedora, Linux Kernel and 1 more | 2022-06-15 | 6.9 MEDIUM | 6.8 MEDIUM |
| With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. | |||||
| CVE-2022-1986 | 1 Gogs | 1 Gogs | 2022-06-15 | 7.5 HIGH | 9.8 CRITICAL |
| OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9. | |||||
| CVE-2022-1992 | 2 Gogs, Microsoft | 2 Gogs, Windows | 2022-06-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | |||||
| CVE-2022-1685 | 1 Five Minute Webshop Project | 1 Five Minute Webshop | 2022-06-15 | 4.0 MEDIUM | 4.9 MEDIUM |
| The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection | |||||
| CVE-2022-1993 | 1 Gogs | 1 Gogs | 2022-06-15 | 5.5 MEDIUM | 8.1 HIGH |
| Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. | |||||
| CVE-2022-29296 | 1 Avantune | 1 Genialcloud Proj | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-1684 | 1 Webpsilon | 1 Cube Slider | 2022-06-15 | 4.0 MEDIUM | 2.7 LOW |
| The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin | |||||
| CVE-2022-31019 | 1 Vapor | 1 Vapor | 2022-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| Vapor is a server-side Swift HTTP web framework. When using automatic content decoding an attacker can craft a request body that can make the server crash with the following request: `curl -d "array[_0][0][array][_0][0][array]$(for f in $(seq 1100); do echo -n '[_0][0][array]'; done)[string][_0]=hello%20world" http://localhost:8080/foo`. The issue is unbounded, attacker controlled stack growth which will at some point lead to a stack overflow and a process crash. This issue has been fixed in version 4.61.1. | |||||
| CVE-2021-40668 | 1 Http File Server Project | 1 Http File Server | 2022-06-15 | 5.5 MEDIUM | 8.1 HIGH |
| The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write. | |||||
| CVE-2021-40610 | 1 Emlog Pro Project | 1 Emlog Pro | 2022-06-15 | 3.5 LOW | 5.4 MEDIUM |
| Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. | |||||
| CVE-2022-31393 | 1 Jizhicms | 1 Jizhicms | 2022-06-15 | 6.4 MEDIUM | 9.1 CRITICAL |
| Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php. | |||||
| CVE-2022-1683 | 1 Amtythumb Project | 1 Amtythumb | 2022-06-15 | 6.5 MEDIUM | 8.8 HIGH |
| The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action | |||||
| CVE-2022-0823 | 1 Zyxel | 8 Gs1200-5, Gs1200-5 Firmware, Gs1200-5hp and 5 more | 2022-06-15 | 2.1 LOW | 6.2 MEDIUM |
| An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack. | |||||
| CVE-2022-1673 | 1 Greenwallet | 1 Woocommerce Green Wallet Gateway | 2022-06-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability. | |||||
| CVE-2022-23138 | 1 Zte | 2 Mf297d, Mf297d Firmware | 2022-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| ZTE's MF297D product has cryptographic issues vulnerability. Due to the use of weak random values, the security of the device is reduced, and it may face the risk of attack. | |||||
| CVE-2021-32777 | 1 Envoyproxy | 1 Envoy | 2022-06-15 | 7.5 HIGH | 8.3 HIGH |
| Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions when ext-authz extension is sending request headers to the external authorization service it must merge multiple value headers according to the HTTP spec. However, only the last header value is sent. This may allow specifically crafted requests to bypass authorization. Attackers may be able to escalate privileges when using ext-authz extension or back end service that uses multiple value headers for authorization. A specifically constructed request may be delivered by an untrusted downstream peer in the presence of ext-authz extension. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to the ext-authz extension to correctly merge multiple request header values, when sending request for authorization. | |||||
| CVE-2021-32779 | 1 Envoyproxy | 1 Envoy | 2022-06-15 | 7.5 HIGH | 8.3 HIGH |
| Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy incorrectly handled a URI '#fragment' element as part of the path element. Envoy is configured with an RBAC filter for authorization or similar mechanism with an explicit case of a final "/admin" path element, or is using a negative assertion with final path element of "/admin". The client sends request to "/app1/admin#foo". In Envoy prior to 1.18.0, or 1.18.0+ configured with path_normalization=false. Envoy treats fragment as a suffix of the query string when present, or as a suffix of the path when query string is absent, so it evaluates the final path element as "/admin#foo" and mismatches with the configured "/admin" path element. In Envoy 1.18.0+ configured with path_normalization=true. Envoy transforms this to /app1/admin%23foo and mismatches with the configured /admin prefix. The resulting URI is sent to the next server-agent with the offending "#foo" fragment which violates RFC3986 or with the nonsensical "%23foo" text appended. A specifically constructed request with URI containing '#fragment' element delivered by an untrusted client in the presence of path based request authorization resulting in escalation of Privileges when path based request authorization extensions. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes that removes fragment from URI path in incoming requests. | |||||
| CVE-2021-32778 | 1 Envoyproxy | 1 Envoy | 2022-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions envoy’s procedure for resetting a HTTP/2 stream has O(N^2) complexity, leading to high CPU utilization when a large number of streams are reset. Deployments are susceptible to Denial of Service when Envoy is configured with high limit on H/2 concurrent streams. An attacker wishing to exploit this vulnerability would require a client opening and closing a large number of H/2 streams. Envoy versions 1.19.1, 1.18.4, 1.17.4, 1.16.5 contain fixes to reduce time complexity of resetting HTTP/2 streams. As a workaround users may limit the number of simultaneous HTTP/2 dreams for upstream and downstream peers to a low number, i.e. 100. | |||||
| CVE-2021-32780 | 1 Envoyproxy | 1 Envoy | 2022-06-15 | 5.0 MEDIUM | 7.5 HIGH |
| Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In affected versions Envoy transitions a H/2 connection to the CLOSED state when it receives a GOAWAY frame without any streams outstanding. The connection state is transitioned to DRAINING when it receives a SETTING frame with the SETTINGS_MAX_CONCURRENT_STREAMS parameter set to 0. Receiving these two frames in the same I/O event results in abnormal termination of the Envoy process due to invalid state transition from CLOSED to DRAINING. A sequence of H/2 frames delivered by an untrusted upstream server will result in Denial of Service in the presence of untrusted **upstream** servers. Envoy versions 1.19.1, 1.18.4 contain fixes to stop processing of pending H/2 frames after connection transition to the CLOSED state. | |||||