Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21087 | 1 Adobe | 1 Coldfusion | 2022-06-03 | 3.5 LOW | 5.4 MEDIUM |
| Adobe Coldfusion versions 2016 (update 16 and earlier), 2018 (update 10 and earlier) and 2021.0.0.323925 are affected by an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. An attacker could abuse this vulnerability to execute arbitrary JavaScript code in context of the current user. Exploitation of this issue requires user interaction. | |||||
| CVE-2021-26919 | 1 Apache | 1 Druid | 2022-06-03 | 6.5 MEDIUM | 8.8 HIGH |
| Apache Druid allows users to read data from other database systems using JDBC. This functionality is to allow trusted users with the proper permissions to set up lookups or submit ingestion tasks. The MySQL JDBC driver supports certain properties, which, if left unmitigated, can allow an attacker to execute arbitrary code from a hacker-controlled malicious MySQL server within Druid server processes. This issue was addressed in Apache Druid 0.20.2 | |||||
| CVE-2021-43300 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. | |||||
| CVE-2022-30494 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-06-03 | 3.5 LOW | 5.4 MEDIUM |
| In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs. | |||||
| CVE-2022-30493 | 1 Automotive Shop Management System Project | 1 Automotive Shop Management System | 2022-06-03 | 10.0 HIGH | 9.8 CRITICAL |
| In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation). | |||||
| CVE-2021-21465 | 1 Sap | 1 Business Warehouse | 2022-06-03 | 6.5 MEDIUM | 9.9 CRITICAL |
| The BW Database Interface allows an attacker with low privileges to execute any crafted database queries, exposing the backend database. An attacker can include their own SQL commands which the database will execute without properly sanitizing the untrusted data leading to SQL injection vulnerability which can fully compromise the affected SAP system. | |||||
| CVE-2021-20190 | 5 Apache, Debian, Fasterxml and 2 more | 8 Nifi, Debian Linux, Jackson-databind and 5 more | 2022-06-03 | 8.3 HIGH | 8.1 HIGH |
| A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2022-29650 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. | |||||
| CVE-2022-30516 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks. | |||||
| CVE-2022-29651 | 1 Online Food Ordering System Project | 1 Online Food Ordering System | 2022-06-03 | 6.5 MEDIUM | 7.2 HIGH |
| An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | |||||
| CVE-2021-21336 | 2 Plone, Zope | 2 Plone, Products.pluggableauthservice | 2022-06-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Products.PluggableAuthService is a pluggable Zope authentication and authorization framework. In Products.PluggableAuthService before version 2.6.0 there is an information disclosure vulnerability - everyone can list the names of roles defined in the ZODB Role Manager plugin if the site uses this plugin. The problem has been fixed in version 2.6.0. Depending on how you have installed Products.PluggableAuthService, you should change the buildout version pin to 2.6.0 and re-run the buildout, or if you used pip simply do `pip install "Products.PluggableAuthService>=2.6.0"`. | |||||
| CVE-2021-20255 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2022-06-03 | 2.1 LOW | 5.5 MEDIUM |
| A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-21334 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Containerd | 2022-06-03 | 4.3 MEDIUM | 6.3 MEDIUM |
| In containerd (an industry-standard container runtime) before versions 1.3.10 and 1.4.4, containers launched through containerd's CRI implementation (through Kubernetes, crictl, or any other pod/container client that uses the containerd CRI service) that share the same image may receive incorrect environment variables, including values that are defined for other containers. If the affected containers have different security contexts, this may allow sensitive information to be unintentionally shared. If you are not using containerd's CRI implementation (through one of the mechanisms described above), you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image which have different environment variables, you are not vulnerable to this issue. If you are not launching multiple containers or Kubernetes pods from the same image in rapid succession, you have reduced likelihood of being vulnerable to this issue This vulnerability has been fixed in containerd 1.3.10 and containerd 1.4.4. Users should update to these versions. | |||||
| CVE-2022-1899 | 1 Radare | 1 Radare2 | 2022-06-03 | 6.4 MEDIUM | 9.1 CRITICAL |
| Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0. | |||||
| CVE-2021-46669 | 1 Mariadb | 1 Mariadb | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. | |||||
| CVE-2022-30476 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request. | |||||
| CVE-2022-30475 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request. | |||||
| CVE-2022-30474 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request. | |||||
| CVE-2022-30473 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set | |||||
| CVE-2022-30472 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat | |||||
| CVE-2022-30477 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request. | |||||
| CVE-2022-30500 | 1 Jflyfox | 1 Jfinal Cms | 2022-06-03 | 7.5 HIGH | 9.8 CRITICAL |
| Jfinal cms 5.1.0 is vulnerable to SQL Injection. | |||||
| CVE-2022-29720 | 1 74cms | 1 74cmsse | 2022-06-03 | 5.0 MEDIUM | 7.5 HIGH |
| 74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php. | |||||
| CVE-2021-42692 | 1 Tinytoml Project | 1 Tinytoml | 2022-06-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS. | |||||
| CVE-2022-29216 | 1 Google | 1 Tensorflow | 2022-06-03 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4. | |||||
| CVE-2022-29210 | 1 Google | 1 Tensorflow | 2022-06-03 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). It also tried to access individual tensor bytes through `tensor.data()` of size `AllocatedBytes()`. This led to ASAN failures because the `AllocatedBytes()` is an estimate of total bytes allocated by a tensor, including any pointed-to constructs (e.g. strings), and does not refer to contiguous bytes in the `.data()` buffer. The discoverers could not use this byte vector anyway because types such as `tstring` include pointers, whereas they needed to hash the string values themselves. This issue is patched in Tensorflow versions 2.9.0 and 2.8.1. | |||||
| CVE-2022-29209 | 1 Google | 1 Tensorflow | 2022-06-03 | 2.1 LOW | 5.5 MEDIUM |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and `int` values. Due to type conversion rules, several of the macros would trigger incorrectly. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29208 | 1 Google | 1 Tensorflow | 2022-06-03 | 3.6 LOW | 7.1 HIGH |
| TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based denial of service. In multiple places throughout the code, one may compute an index for a write operation. However, the existing validation only checks against the upper bound of the array. Hence, it is possible to write before the array by massaging the input to generate negative values for `loc`. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. | |||||
| CVE-2022-29189 | 1 Pion | 1 Dtls | 2022-06-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could exploit this to cause excessive memory usage. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available. | |||||
| CVE-2022-0900 | 1 Netdatasoft | 1 Divvy Drive | 2022-06-02 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aciklama" parameter could allow anyone to gain users' session informations. | |||||
| CVE-2022-28932 | 1 Dlink | 2 Dsl-g2452dg, Dsl-g2452dg Firmware | 2022-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions. | |||||
| CVE-2022-1811 | 1 Publify Project | 1 Publify | 2022-06-02 | 3.5 LOW | 5.4 MEDIUM |
| Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9. | |||||
| CVE-2022-1819 | 1 Student Information System Project | 1 Student Information System | 2022-06-02 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input <script>alert(1)</script> leads to authenticated cross site scripting. Exploit details have been disclosed to the public. | |||||
| CVE-2022-31467 | 1 Quickheal | 1 Total Security | 2022-06-02 | 4.4 MEDIUM | 7.3 HIGH |
| A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load. | |||||
| CVE-2020-8620 | 4 Canonical, Isc, Netapp and 1 more | 4 Ubuntu Linux, Bind, Steelstore Cloud Integrated Storage and 1 more | 2022-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit. | |||||
| CVE-2020-8605 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2022-06-02 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability. | |||||
| CVE-2020-8606 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2022-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance. | |||||
| CVE-2020-7263 | 1 Mcafee | 1 Endpoint Security | 2022-06-02 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import. | |||||
| CVE-2020-7279 | 1 Mcafee | 1 Host Intrusion Prevention | 2022-06-02 | 4.4 MEDIUM | 7.8 HIGH |
| DLL Search Order Hijacking Vulnerability in the installer component of McAfee Host Intrusion Prevention System (Host IPS) for Windows prior to 8.0.0 Patch 15 Update allows attackers with local access to execute arbitrary code via execution from a compromised folder. | |||||
| CVE-2022-1160 | 2 Fedoraproject, Vim | 2 Fedora, Vim | 2022-06-02 | 6.8 MEDIUM | 7.8 HIGH |
| heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. | |||||
| CVE-2022-1434 | 1 Openssl | 1 Openssl | 2022-06-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite - they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | |||||
| CVE-2022-1343 | 1 Openssl | 1 Openssl | 2022-06-02 | 4.3 MEDIUM | 5.3 MEDIUM |
| The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). | |||||
| CVE-2021-38946 | 1 Ibm | 1 Cognos Analytics | 2022-06-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. | |||||
| CVE-2022-29153 | 1 Hashicorp | 1 Consul | 2022-06-02 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Consul and Consul Enterprise through 2022-04-12 allow SSRF. | |||||
| CVE-2022-29156 | 1 Linux | 1 Linux Kernel | 2022-06-02 | 7.2 HIGH | 7.8 HIGH |
| drivers/infiniband/ulp/rtrs/rtrs-clt.c in the Linux kernel before 5.16.12 has a double free related to rtrs_clt_dev_release. | |||||
| CVE-2022-0435 | 4 Fedoraproject, Linux, Ovirt and 1 more | 23 Fedora, Linux Kernel, Node and 20 more | 2022-06-02 | 9.0 HIGH | 8.8 HIGH |
| A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. | |||||
| CVE-2022-1163 | 1 Mineweb | 1 Minewebcms | 2022-06-02 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository mineweb/minewebcms prior to next. | |||||
| CVE-2022-25611 | 1 Presstigers | 1 Simple Event Planner | 2022-06-02 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated Stored Cross-Site Scripting (XSS) in Simple Event Planner plugin <= 1.5.4 allows attackers with contributor or higher user roles to inject the malicious script by using vulnerable parameter &custom[add_seg][]. | |||||
| CVE-2020-7315 | 1 Mcafee | 1 Mcafee Agent | 2022-06-02 | 4.6 MEDIUM | 6.7 MEDIUM |
| DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.6.6 allows local users to execute arbitrary code via careful placement of a malicious DLL. | |||||
| CVE-2020-7327 | 1 Mcafee | 1 Mvision Endpoint Detection And Response | 2022-06-02 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improperly implemented security check in McAfee MVISION Endpoint Detection and Response Client (MVEDR) prior to 3.2.0 may allow local administrators to execute malicious code via stopping a core Windows service leaving McAfee core trust component in an inconsistent state resulting in MVEDR failing open rather than closed | |||||