Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-24611 | 1 Silabs | 10 Sd3502, Sd3502 Firmware, Sd3503 and 7 more | 2022-05-26 | 6.1 MEDIUM | 6.5 MEDIUM |
| Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specification in Silicon Labs Z-Wave 500 series allows local attackers to block S0/S2 protected Z-Wave network via crafted S0 NonceGet Z-Wave packages, utilizing included but absent NodeIDs. | |||||
| CVE-2019-5429 | 1 Filezilla-project | 1 Filezilla Client | 2022-05-26 | 6.8 MEDIUM | 7.8 HIGH |
| Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory. | |||||
| CVE-2020-3585 | 1 Cisco | 7 Adaptive Security Appliance Software, Firepower 1000, Firepower 1010 and 4 more | 2022-05-26 | 4.3 MEDIUM | 3.7 LOW |
| A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper implementation of countermeasures against the Bleichenbacher attack for cipher suites that rely on RSA for key exchange. An attacker could exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack. A successful exploit could allow the attacker to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions to the affected device. To exploit this vulnerability, an attacker must be able to perform both of the following actions: Capture TLS traffic that is in transit between clients and the affected device Actively establish a considerable number of TLS connections to the affected device | |||||
| CVE-2020-3583 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2022-05-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | |||||
| CVE-2020-3582 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2022-05-26 | 2.6 LOW | 6.1 MEDIUM |
| Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | |||||
| CVE-2020-3581 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2022-05-26 | 2.6 LOW | 6.1 MEDIUM |
| Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | |||||
| CVE-2020-3580 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2022-05-26 | 2.6 LOW | 6.1 MEDIUM |
| Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device. The vulnerabilities are due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information. Note: These vulnerabilities affect only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section. | |||||
| CVE-2020-3578 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2022-05-26 | 5.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked. The vulnerability is due to insufficient validation of URLs when portal access rules are configured. An attacker could exploit this vulnerability by accessing certain URLs on the affected device. | |||||
| CVE-2015-0675 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-05-26 | 8.3 HIGH | N/A |
| The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069. | |||||
| CVE-2022-30948 | 1 Jenkins | 3 Git, Mercurial, Repo | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents. | |||||
| CVE-2022-28105 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php. | |||||
| CVE-2022-29586 | 1 Konicaminolta | 90 Bizhub 226i, Bizhub 226i Firmware, Bizhub 227 and 87 more | 2022-05-26 | 6.9 MEDIUM | 7.4 HIGH |
| Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode. | |||||
| CVE-2022-30110 | 1 Jirafeau | 1 Jirafeau | 2022-05-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The file preview functionality in Jirafeau < 4.4.0, which is enabled by default, could be exploited for cross site scripting. An attacker could upload image/svg+xml files containing JavaScript. When someone visits the File Preview URL for this file, the JavaScript inside of this image/svg+xml file will be executed in the users' browser. | |||||
| CVE-2022-29332 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| D-LINK DIR-825 AC1200 R2 is vulnerable to Directory Traversal. An attacker could use the "../../../../" setting of the FTP server folder to set the router's root folder for FTP access. This allows you to access the entire router file system via the FTP server. | |||||
| CVE-2021-42644 | 1 Cmseasy | 1 Cmseasy | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability. | |||||
| CVE-2021-42643 | 1 Cmseasy | 1 Cmseasy | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability. | |||||
| CVE-2022-28106 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request. | |||||
| CVE-2022-1774 | 1 Diagrams | 1 Draw.io | 2022-05-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.0.7. | |||||
| CVE-2022-28992 | 1 Online Banquet Booking System Project | 1 Online Banquet Booking System | 2022-05-26 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. | |||||
| CVE-2022-29022 | 1 Openrazer Project | 1 Openrazer | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow in the razeraccessory driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. | |||||
| CVE-2022-29021 | 1 Openrazer Project | 1 Openrazer | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. | |||||
| CVE-2021-41938 | 1 Shopxo | 1 Shopxo | 2022-05-26 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in ShopXO CMS 2.2.0. After entering the management page, there is an arbitrary file upload vulnerability in three locations. | |||||
| CVE-2022-1785 | 1 Vim | 1 Vim | 2022-05-26 | 4.6 MEDIUM | 7.8 HIGH |
| Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. | |||||
| CVE-2022-1771 | 1 Vim | 1 Vim | 2022-05-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. | |||||
| CVE-2022-0873 | 1 Codeasily | 1 Gmedia Gallery | 2022-05-26 | 3.5 LOW | 4.8 MEDIUM |
| The Gmedia Photo Gallery WordPress plugin before 1.20.0 does not sanitise and escape the Album's name before outputting it in pages/posts with a media embed, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered-html capability is disallowed | |||||
| CVE-2020-9402 | 3 Debian, Djangoproject, Fedoraproject | 3 Debian Linux, Django, Fedora | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 allows SQL Injection if untrusted data is used as a tolerance parameter in GIS functions and aggregates on Oracle. By passing a suitably crafted tolerance to GIS functions and aggregates on Oracle, it was possible to break escaping and inject malicious SQL. | |||||
| CVE-2022-29304 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /classes/master.php?f=delete_ Facility. | |||||
| CVE-2022-28962 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-26 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/classes/Users.php?f=delete_client. | |||||
| CVE-2022-28921 | 1 Blogengine | 1 Blogengine.net | 2022-05-26 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) vulnerability discovered in BlogEngine.Net v3.3.8.0 allows unauthenticated attackers to read arbitrary files on the hosting web server. | |||||
| CVE-2022-29445 | 1 Wow-estore | 1 Popup Box | 2022-05-26 | 6.5 MEDIUM | 7.2 HIGH |
| Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow-Company's Popup Box plugin <= 2.1.2 at WordPress. | |||||
| CVE-2022-28924 | 1 Universis | 1 Universis-students | 2022-05-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in UniverSIS-Students before v1.5.0 allows attackers to obtain sensitive information via a crafted GET request to the endpoint /api/students/me/courses/. | |||||
| CVE-2022-27458 | 1 Mariadb | 1 Mariadb | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. | |||||
| CVE-2022-27456 | 1 Mariadb | 1 Mariadb | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component VDec::VDec at /sql/sql_type.cc. | |||||
| CVE-2022-27448 | 1 Mariadb | 1 Mariadb | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion failure in MariaDB Server v10.9 and below via 'node->pcur->rel_pos == BTR_PCUR_ON' at /row/row0mysql.cc. | |||||
| CVE-2022-27447 | 1 Mariadb | 1 Mariadb | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB Server v10.9 and below was discovered to contain a use-after-free via the component Binary_string::free_buffer() at /sql/sql_string.h. | |||||
| CVE-2022-27379 | 1 Mariadb | 1 Mariadb | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Arg_comparator::compare_real_fixed of MariaDB Server v10.6.2 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-27378 | 1 Mariadb | 1 Mariadb | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| An issue in the component Create_tmp_table::finalize of MariaDB Server v10.7 and below was discovered to allow attackers to cause a Denial of Service (DoS) via specially crafted SQL statements. | |||||
| CVE-2022-27377 | 1 Mariadb | 1 Mariadb | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component Item_func_in::cleanup(), which is exploited via specially crafted SQL statements. | |||||
| CVE-2022-0330 | 3 Fedoraproject, Linux, Redhat | 30 Fedora, Linux Kernel, 3scale Api Management and 27 more | 2022-05-26 | 4.6 MEDIUM | 7.8 HIGH |
| A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. | |||||
| CVE-2021-29752 | 1 Ibm | 1 Db2 | 2022-05-26 | 3.5 LOW | 4.4 MEDIUM |
| IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780. | |||||
| CVE-2022-22651 | 1 Apple | 1 Macos | 2022-05-26 | 7.8 HIGH | 7.5 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2021-30833 | 1 Apple | 1 Macos | 2022-05-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files. | |||||
| CVE-2021-30844 | 1 Apple | 2 Mac Os X, Macos | 2022-05-26 | 5.0 MEDIUM | 7.5 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory. | |||||
| CVE-2021-30972 | 1 Apple | 2 Mac Os X, Macos | 2022-05-26 | 2.1 LOW | 5.5 MEDIUM |
| This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences. | |||||
| CVE-2021-30957 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-05-26 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2021-30935 | 1 Apple | 2 Mac Os X, Macos | 2022-05-26 | 8.3 HIGH | 8.8 HIGH |
| A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-30926 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2022-05-26 | 6.8 MEDIUM | 7.8 HIGH |
| Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2021-30922 | 1 Apple | 1 Macos | 2022-05-26 | 7.2 HIGH | 7.8 HIGH |
| Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2021-30913 | 1 Apple | 1 Macos | 2022-05-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. An unprivileged application may be able to edit NVRAM variables. | |||||
| CVE-2021-30906 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2022-05-26 | 4.6 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. A local attacker may be able to elevate their privileges. | |||||