Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30717 | 1 Google | 1 Android | 2022-06-11 | 5.0 MEDIUM | 7.5 HIGH |
| Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. | |||||
| CVE-2022-30716 | 1 Google | 1 Android | 2022-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. | |||||
| CVE-2022-30715 | 1 Google | 1 Android | 2022-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. | |||||
| CVE-2022-30714 | 1 Google | 1 Android | 2022-06-11 | 2.1 LOW | 3.3 LOW |
| Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | |||||
| CVE-2022-30713 | 1 Google | 1 Android | 2022-06-11 | 9.4 HIGH | 9.1 CRITICAL |
| Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-30712 | 1 Google | 1 Android | 2022-06-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-30711 | 1 Google | 1 Android | 2022-06-11 | 9.4 HIGH | 9.1 CRITICAL |
| Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-30710 | 1 Google | 1 Android | 2022-06-11 | 9.4 HIGH | 9.1 CRITICAL |
| Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||||
| CVE-2022-30709 | 1 Google | 1 Android | 2022-06-11 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||||
| CVE-2022-28794 | 1 Google | 1 Android | 2022-06-11 | 2.1 LOW | 3.3 LOW |
| Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. | |||||
| CVE-2022-22556 | 1 Dell | 3 Powerstore T, Powerstore X, Powerstoreos | 2022-06-11 | 7.8 HIGH | 7.5 HIGH |
| Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service. | |||||
| CVE-2021-42877 | 1 Totolink | 2 Ex1200t, Ex1200t Firmware | 2022-06-11 | 7.8 HIGH | 7.5 HIGH |
| TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. | |||||
| CVE-2022-31023 | 1 Lightbend | 1 Play Framework | 2022-06-11 | 5.0 MEDIUM | 7.5 HIGH |
| Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors displaying to users in a production application, which could expose sensitive information from the application. In particular, the constructor for `CORSFilter` and `apply` method for `CORSActionBuilder` use the static object `DefaultHttpErrorHandler` as a default value. This is patched in Play Framework 2.8.16. The `DefaultHttpErrorHandler` object has been changed to use the prod-mode behavior, and `DevHttpErrorHandler` has been introduced for the dev-mode behavior. A workaround is available. When constructing a `CORSFilter` or `CORSActionBuilder`, ensure that a properly-configured error handler is passed. Generally this should be done by using the `HttpErrorHandler` instance provided through dependency injection or through Play's `BuiltInComponents`. Ensure that the application is not using the `DefaultHttpErrorHandler` static object in any code that may be run in production. | |||||
| CVE-2021-38221 | 1 Bbs-go Project | 1 Bbs-go | 2022-06-10 | 3.5 LOW | 5.4 MEDIUM |
| bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS. | |||||
| CVE-2022-29695 | 1 Unicorn-engine | 1 Unicorn Engine | 2022-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. | |||||
| CVE-2022-30799 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php. | |||||
| CVE-2022-0004 | 1 Intel | 796 Atom P5921b, Atom P5921b Firmware, Atom P5931b and 793 more | 2022-06-10 | 7.2 HIGH | 6.8 MEDIUM |
| Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in Intel(R) Boot Guard and Intel(R) TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | |||||
| CVE-2022-1669 | 1 Circutor | 2 Compact Dc-s Basic, Compact Dc-s Basic Firmware | 2022-06-10 | 5.5 MEDIUM | 8.1 HIGH |
| A buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a "strcpy" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address. | |||||
| CVE-2022-30798 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php. | |||||
| CVE-2022-30797 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. | |||||
| CVE-2022-30795 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php. | |||||
| CVE-2022-30794 | 1 Online Ordering System Project | 1 Online Ordering System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. | |||||
| CVE-2022-30514 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. | |||||
| CVE-2022-30513 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 | |||||
| CVE-2022-30512 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. | |||||
| CVE-2022-30496 | 1 Mv | 1 Idce | 2022-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection in Logon Page of IDCE MV's application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise's private and sensitive information. | |||||
| CVE-2022-30506 | 1 Mingsoft | 1 Mcms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. | |||||
| CVE-2020-26664 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2022-06-10 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. | |||||
| CVE-2022-30511 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. | |||||
| CVE-2022-30510 | 1 School Dormitory Management System Project | 1 School Dormitory Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. | |||||
| CVE-2022-32020 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=save_settings. | |||||
| CVE-2022-32026 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=. | |||||
| CVE-2022-32021 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=. | |||||
| CVE-2022-32024 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=. | |||||
| CVE-2022-32022 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login. | |||||
| CVE-2022-30503 | 1 Nginx | 1 Njs | 2022-06-10 | 2.1 LOW | 5.5 MEDIUM |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. | |||||
| CVE-2022-32025 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=. | |||||
| CVE-2022-32027 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=. | |||||
| CVE-2022-32028 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=. | |||||
| CVE-2022-30490 | 1 Badminton Center Management System Project | 1 Badminton Center Management System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter 'id' in /bcms/admin/court_rentals/update_status.php. | |||||
| CVE-2022-24700 | 1 Winaprs | 1 Winaprs | 2022-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-24701 | 1 Winaprs | 1 Winaprs | 2022-06-10 | 4.6 MEDIUM | 7.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-28690 | 1 Hornerautomation | 1 Cscape | 2022-06-10 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-30482 | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar Project | 1 Ecommerce-project-with-php-and-mysqli-fruits-bazar | 2022-06-10 | 3.5 LOW | 4.8 MEDIUM |
| Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in \admin\add_cata.php via the ctg_name parameters. | |||||
| CVE-2022-24702 | 1 Winaprs | 1 Winaprs | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2022-31500 | 1 Knime | 1 Analytics Platform | 2022-06-10 | 4.6 MEDIUM | 7.8 HIGH |
| In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. | |||||
| CVE-2022-30481 | 1 Food-order-and-table-reservation-system Project | 1 Food-order-and-table-reservation-system | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. | |||||
| CVE-2022-27782 | 1 Haxx | 1 Curl | 2022-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. | |||||
| CVE-2022-22361 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2022-06-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | |||||
| CVE-2022-29729 | 1 Verizon | 2 4g Lte Network Extender, 4g Lte Network Extender Firmware | 2022-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| Verizon 4G LTE Network Extender GA4.38 - V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. | |||||