Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33678 | 1 Sap | 1 Netweaver As Abap | 2022-05-19 | 7.5 HIGH | 6.5 MEDIUM |
| A function module of SAP NetWeaver AS ABAP (Reconciliation Framework), versions - 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 75A, 75B, 75B, 75C, 75D, 75E, 75F, allows a high privileged attacker to inject code that can be executed by the application. An attacker could thereby delete some critical information and could make the SAP system completely unavailable. | |||||
| CVE-2021-21473 | 1 Sap | 1 Netweaver As Abap | 2022-05-19 | 6.5 MEDIUM | 6.3 MEDIUM |
| SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, contains function module SRM_RFC_SUBMIT_REPORT which fails to validate authorization of an authenticated user thus allowing an unauthorized user to execute reports in SAP NetWeaver ABAP Platform. | |||||
| CVE-2021-30140 | 1 Liquidfiles | 1 Liquidfiles | 2022-05-19 | 3.5 LOW | 5.4 MEDIUM |
| LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5. | |||||
| CVE-2021-21468 | 1 Sap | 1 Business Warehouse | 2022-05-19 | 4.0 MEDIUM | 6.5 MEDIUM |
| The BW Database Interface does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges that allows the user to practically read out any database table. | |||||
| CVE-2021-21466 | 1 Sap | 2 Business Warehouse, Bw\/4hana | 2022-05-19 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Business Warehouse, versions 700, 701, 702, 711, 730, 731, 740, 750, 782 and SAP BW/4HANA, versions 100, 200, allow a low privileged attacker to inject code using a remote enabled function module over the network. Via the function module an attacker can create a malicious ABAP report which could be used to get access to sensitive data, to inject malicious UPDATE statements that could have also impact on the operating system, to disrupt the functionality of the SAP system which can thereby lead to a Denial of Service. | |||||
| CVE-2020-26832 | 1 Sap | 2 Netweaver As Abap, S\/4 Hana | 2022-05-19 | 7.5 HIGH | 7.6 HIGH |
| SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable. | |||||
| CVE-2022-22320 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2022-05-19 | 3.5 LOW | 4.8 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218367. | |||||
| CVE-2022-30130 | 1 Microsoft | 11 .net Framework, Windows 10, Windows 11 and 8 more | 2022-05-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| .NET Framework Denial of Service Vulnerability. | |||||
| CVE-2022-27656 | 1 Sap | 3 Netweaver As Abap Kernel, Netweaver As Abap Krnl64uc, Webdispatcher | 2022-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2021-34606 | 1 Xinje | 1 Xd\/e Series Plc Program Tool | 2022-05-19 | 6.9 MEDIUM | 7.3 HIGH |
| A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL. Local access is required to successfully exploit this vulnerability. This means the potential attacker must have access to the system and sufficient file-write privileges. If exploited, the attacker could place a malicious DLL file on the system, that when running XINJE XD/E Series PLC Program Tool will allow the attacker to execute arbitrary code with the privileges of another user's account. | |||||
| CVE-2022-22774 | 1 Tibco | 2 Managed File Transfer Command Center, Managed File Transfer Internet Server | 2022-05-19 | 6.4 MEDIUM | 9.1 CRITICAL |
| The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.3.1 and below, TIBCO Managed File Transfer Command Center: versions 8.4.0 and 8.4.1, TIBCO Managed File Transfer Internet Server: versions 8.3.1 and below, and TIBCO Managed File Transfer Internet Server: versions 8.4.0 and 8.4.1. | |||||
| CVE-2021-37851 | 1 Eset | 9 Endpoint Antivirus, Endpoint Security, File Security and 6 more | 2022-05-19 | 7.2 HIGH | 7.8 HIGH |
| Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0; 6.0 versions prior to 8.1.2050.0; 6.0 versions prior to 8.0.2053.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0; 6.0 versions prior to 8.1.2050.0; 6.0 versions prior to 8.0.2053.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0. | |||||
| CVE-2021-41545 | 1 Siemens | 8 Desigo Dxr2, Desigo Dxr2 Firmware, Desigo Pxc3 and 5 more | 2022-05-19 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). When the controller receives a specific BACnet protocol packet, an exception causes the BACnet communication function to go into a “out of work” state and could result in the controller going into a “factory reset” state. | |||||
| CVE-2021-34605 | 1 Xinje | 1 Xd\/e Series Plc Program Tool | 2022-05-19 | 6.0 MEDIUM | 7.3 HIGH |
| A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file. This vulnerability can be triggered by manually opening an infected project file, or by initiating an upload program request from an infected Xinje PLC. This can result in remote code execution, information disclosure and denial of service of the system running the XINJE XD/E Series PLC Program Tool. | |||||
| CVE-2021-39059 | 1 Ibm | 1 Jazz Foundation | 2022-05-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214619. | |||||
| CVE-2021-38969 | 1 Ibm | 1 Spectrum Virtualize | 2022-05-19 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials. IBM X-Force ID: 212609. | |||||
| CVE-2022-29613 | 1 Sap | 1 Employee Self Service | 2022-05-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number. On successful exploitation, the attacker can view personal details of other users causing a limited impact on confidentiality of the application. | |||||
| CVE-2022-29611 | 1 Sap | 1 Netweaver Application Server For Abap | 2022-05-19 | 6.5 MEDIUM | 8.8 HIGH |
| SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2021-33078 | 1 Intel | 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more | 2022-05-19 | 4.7 MEDIUM | 4.7 MEDIUM |
| Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2021-33075 | 1 Intel | 14 Optane Memory H10 With Solid State Storage, Optane Memory H10 With Solid State Storage Firmware, Optane Memory H20 With Solid State Storage and 11 more | 2022-05-19 | 4.7 MEDIUM | 4.7 MEDIUM |
| Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2021-0193 | 1 Ibm | 1 In-band Manageability | 2022-05-19 | 6.5 MEDIUM | 7.2 HIGH |
| Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access. | |||||
| CVE-2021-0190 | 1 Intel | 106 Core I9-10900x, Core I9-10900x Firmware, Core I9-10920x and 103 more | 2022-05-19 | 7.2 HIGH | 7.8 HIGH |
| Uncaught exception in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2021-0189 | 1 Intel | 336 Xeon Bronze 3204, Xeon Bronze 3204 Firmware, Xeon Bronze 3206r and 333 more | 2022-05-19 | 7.2 HIGH | 7.8 HIGH |
| Use of out-of-range pointer offset in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2021-0188 | 1 Intel | 74 Xeon E3-1220 V5, Xeon E3-1220 V5 Firmware, Xeon E3-1220 V6 and 71 more | 2022-05-19 | 7.2 HIGH | 7.8 HIGH |
| Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2022-23704 | 2 Hp, Hpe | 59 Integrated Lights-out 4, Apollo 4200 Gen9 Server, Proliant Bl420c Gen8 Server and 56 more | 2022-05-19 | 5.0 MEDIUM | 7.5 HIGH |
| A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 (iLO 4) 2.80 and later. | |||||
| CVE-2021-26348 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2022-05-19 | 2.1 LOW | 5.5 MEDIUM |
| Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity. | |||||
| CVE-2021-0159 | 1 Intel | 258 Xeon Bronze 3204, Xeon Bronze 3204 Firmware, Xeon Bronze 3206r and 255 more | 2022-05-19 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2021-0154 | 1 Intel | 506 Core I5-7640x, Core I5-7640x Firmware, Core I7-3820 and 503 more | 2022-05-19 | 7.2 HIGH | 7.8 HIGH |
| Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2021-42651 | 1 Pentest Collaboration Framework Project | 1 Pentest Collaboration Framework | 2022-05-19 | 6.5 MEDIUM | 8.8 HIGH |
| A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/. | |||||
| CVE-2022-29978 | 1 Libsixel Project | 1 Libsixel | 2022-05-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file. | |||||
| CVE-2022-29977 | 1 Libsixel Project | 1 Libsixel | 2022-05-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file. | |||||
| CVE-2021-0153 | 1 Intel | 106 Core I9-10900x, Core I9-10900x Firmware, Core I9-10920x and 103 more | 2022-05-19 | 7.2 HIGH | 7.8 HIGH |
| Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access. | |||||
| CVE-2021-20771 | 1 Cybozu | 1 Garoon | 2022-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2022-29610 | 1 Sap | 1 Netweaver Application Server Abap | 2022-05-19 | 3.5 LOW | 5.4 MEDIUM |
| SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack. | |||||
| CVE-2022-28214 | 1 Sap | 2 Businessobjects, Businessobjects Business Intelligence | 2022-05-19 | 4.6 MEDIUM | 7.8 HIGH |
| During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs. This Information Disclosure could cause a high impact on systems’ Confidentiality, Integrity, and Availability. | |||||
| CVE-2021-44167 | 1 Fortinet | 1 Forticlient | 2022-05-19 | 5.0 MEDIUM | 7.5 HIGH |
| An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links. | |||||
| CVE-2022-29932 | 1 Primeur | 1 Spazio | 2022-05-19 | 5.0 MEDIUM | 7.5 HIGH |
| The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request. | |||||
| CVE-2021-43081 | 1 Fortinet | 2 Fortios, Fortiproxy | 2022-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests. | |||||
| CVE-2022-29751 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client. | |||||
| CVE-2022-29750 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service. | |||||
| CVE-2022-29749 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice. | |||||
| CVE-2022-29748 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=. | |||||
| CVE-2022-29747 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id. | |||||
| CVE-2022-29986 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility. | |||||
| CVE-2022-29985 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_category. | |||||
| CVE-2022-29984 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=. | |||||
| CVE-2022-29982 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=. | |||||
| CVE-2022-29981 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete. | |||||
| CVE-2022-29979 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation. | |||||
| CVE-2022-29992 | 1 Online Sports Complex Booking System Project | 1 Online Sports Complex Booking System | 2022-05-19 | 7.5 HIGH | 9.8 CRITICAL |
| Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?id=. | |||||