Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30827 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\package_edit.php. | |||||
| CVE-2022-30826 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via admin\client_assign.php. | |||||
| CVE-2022-30820 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_edit.php" file. | |||||
| CVE-2022-30819 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "photos_edit.php" file. | |||||
| CVE-2022-30818 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31. | |||||
| CVE-2022-1462 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2022-06-10 | 3.3 LOW | 6.3 MEDIUM |
| An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. | |||||
| CVE-2022-30821 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management System v1.0, the editing function of the "Services" module in the background management system has an arbitrary file upload vulnerability in the picture upload point of "package_edit.php" file. | |||||
| CVE-2022-30822 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 8.8 HIGH |
| In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of "users_profile.php" file. | |||||
| CVE-2021-43941 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2022-06-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify several resources (including CsvFieldMappingsPage.jspa and ImporterValueMappingsPage.jspa) via a Cross-Site Request Forgery (CSRF) vulnerability in the jira-importers-plugin. The affected versions are before version 8.13.15, and from version 8.14.0 before 8.20.3. | |||||
| CVE-2022-30808 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. | |||||
| CVE-2022-30825 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\client_edit.php. | |||||
| CVE-2022-30823 | 1 Wedding Management System Project | 1 Wedding Management System | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| Wedding Management System v1.0 is vulnerable to SQL Injection via \admin\blog_events_edit.php. | |||||
| CVE-2022-30809 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. | |||||
| CVE-2022-30817 | 1 Simple Bus Ticket Booking System Project | 1 Simple Bus Ticket Booking System | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php. | |||||
| CVE-2022-30816 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. | |||||
| CVE-2022-29725 | 1 Creatiwity | 1 Witycms | 2022-06-10 | 6.5 MEDIUM | 8.8 HIGH |
| An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2022-31005 | 1 Vapor | 1 Vapor | 2022-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network. | |||||
| CVE-2022-29730 | 1 Usr | 10 Usr-g800v2, Usr-g800v2 Firmware, Usr-g806 and 7 more | 2022-06-10 | 10.0 HIGH | 9.8 CRITICAL |
| USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device. | |||||
| CVE-2016-1000027 | 1 Vmware | 1 Spring Framework | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Pivotal Spring Framework through 5.3.16 suffers from a potential remote code execution (RCE) issue if used for Java deserialization of untrusted data. Depending on how the library is implemented within a product, this issue may or not occur, and authentication may be required. NOTE: the vendor's position is that untrusted data is not an intended use case. The product's behavior will not be changed because some users rely on deserialization of trusted data. | |||||
| CVE-2022-30815 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar= | |||||
| CVE-2022-29732 | 1 Deltacontrols | 2 Entelitouch, Entelitouch Firmware | 2022-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-30814 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. | |||||
| CVE-2022-30813 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. | |||||
| CVE-2022-30810 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. | |||||
| CVE-2022-31007 | 1 Elabftw | 1 Elabftw | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts. | |||||
| CVE-2022-31011 | 1 Pingcap | 1 Tidb | 2022-06-10 | 4.6 MEDIUM | 7.8 HIGH |
| TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time. | |||||
| CVE-2022-30540 | 1 Hornerautomation | 1 Cscape | 2022-06-10 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code | |||||
| CVE-2020-36403 | 2 Htslib, Linux | 2 Htslib, Linux Kernel | 2022-06-10 | 6.8 MEDIUM | 8.8 HIGH |
| HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read). | |||||
| CVE-2022-30425 | 1 Tenda | 2 Hg6, Hg6 Firmware | 2022-06-10 | 9.0 HIGH | 8.8 HIGH |
| Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request. | |||||
| CVE-2022-30423 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | |||||
| CVE-2022-30352 | 1 Phpabook Project | 1 Phpabook | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. | |||||
| CVE-2022-30349 | 1 Sscms | 1 Siteserver Cms | 2022-06-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-30324 | 1 Hashicorp | 1 Nomad | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. | |||||
| CVE-2022-30277 | 1 Bd | 1 Synapsys | 2022-06-10 | 3.6 LOW | 5.7 MEDIUM |
| BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). | |||||
| CVE-2022-29788 | 1 Libmobi Project | 1 Libmobi | 2022-06-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. | |||||
| CVE-2022-29733 | 1 Deltacontrols | 2 Entelitouch, Entelitouch Firmware | 2022-06-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack. | |||||
| CVE-2022-29735 | 1 Deltacontrols | 2 Entelitouch, Entelitouch Firmware | 2022-06-10 | 6.8 MEDIUM | 8.8 HIGH |
| Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. | |||||
| CVE-2022-23082 | 1 Mend | 1 Curekit | 2022-06-10 | 5.0 MEDIUM | 7.5 HIGH |
| In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal. | |||||
| CVE-2022-1808 | 1 Trudesk Project | 1 Trudesk | 2022-06-10 | 6.5 MEDIUM | 8.8 HIGH |
| Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
| CVE-2022-29780 | 1 Nginx | 1 Njs | 2022-06-09 | 2.1 LOW | 5.5 MEDIUM |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. | |||||
| CVE-2022-29779 | 1 Nginx | 1 Njs | 2022-06-09 | 2.1 LOW | 5.5 MEDIUM |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | |||||
| CVE-2022-29734 | 1 Ict | 2 Protege Gx, Protege Wx | 2022-06-09 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | |||||
| CVE-2022-29692 | 1 Unicorn-engine | 1 Unicorn Engine | 2022-06-09 | 6.8 MEDIUM | 7.8 HIGH |
| Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. | |||||
| CVE-2022-29693 | 1 Unicorn-engine | 1 Unicorn Engine | 2022-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. | |||||
| CVE-2022-29659 | 1 Responsive Online Blog Project | 1 Responsive Online Blog | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. | |||||
| CVE-2022-29711 | 1 Librenms | 1 Librenms | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. | |||||
| CVE-2022-29712 | 1 Librenms | 1 Librenms | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. | |||||
| CVE-2022-27184 | 1 Hornerautomation | 1 Cscape | 2022-06-09 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2022-29628 | 1 Online Market Place Site Project | 1 Online Market Place Site | 2022-06-09 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter. | |||||
| CVE-2022-29598 | 1 Solutions-atlantic | 1 Regulatory Reporting System | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . | |||||