Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29173 | 1 Theupdateframework | 1 Go-tuf | 2022-05-17 | 4.3 MEDIUM | 8.8 HIGH |
| go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading. | |||||
| CVE-2021-43010 | 1 Safedog | 1 Safedog Apache | 2022-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| In Safedog Apache v4.0.30255, attackers can bypass this product for SQL injection. Attackers can bypass access to sensitive data. | |||||
| CVE-2022-1567 | 1 Wp-js Project | 1 Wp-js | 2022-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.6. | |||||
| CVE-2021-43712 | 1 Employee Daily Task Management System Project | 1 Employee Daily Task Management System | 2022-05-17 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. | |||||
| CVE-2022-30335 | 1 Wealth | 1 Bonanza Wealth Management System | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component. | |||||
| CVE-2021-43094 | 1 Openmrs | 2 Openmrs, Reference Application | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page. | |||||
| CVE-2022-28110 | 1 Hotel Management System Project | 1 Hotel Management System | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page. | |||||
| CVE-2022-28161 | 1 Brocade | 1 Sannav | 2022-05-17 | 1.9 LOW | 5.5 MEDIUM |
| An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode. | |||||
| CVE-2022-28162 | 1 Broadcom | 1 Sannav | 2022-05-17 | 2.1 LOW | 3.3 LOW |
| Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. | |||||
| CVE-2022-28470 | 1 Python | 1 Pypi | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor. | |||||
| CVE-2022-24681 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2022-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADSelfService Plus before 6121 allows XSS via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password screen. | |||||
| CVE-2022-28463 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2022-05-17 | 6.8 MEDIUM | 7.8 HIGH |
| ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. | |||||
| CVE-2022-27412 | 1 Exploreit | 1 Explore Cms | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request. | |||||
| CVE-2022-27308 | 1 Phprojekt Phpsimplygest Project | 1 Phprojekt Phpsimplygest | 2022-05-17 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title. | |||||
| CVE-2021-42743 | 2 Microsoft, Splunk | 2 Windows, Splunk | 2022-05-17 | 4.6 MEDIUM | 7.8 HIGH |
| A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. | |||||
| CVE-2021-23792 | 1 Twelvemonkeys Project | 1 Twelvemonkeys | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered. | |||||
| CVE-2021-26253 | 1 Splunk | 1 Splunk | 2022-05-17 | 6.8 MEDIUM | 8.1 HIGH |
| A potential vulnerability in Splunk Enterprise's implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service. | |||||
| CVE-2022-26070 | 1 Splunk | 1 Splunk | 2022-05-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0. | |||||
| CVE-2021-33845 | 1 Splunk | 1 Splunk | 2022-05-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors. | |||||
| CVE-2022-25324 | 1 Bignum Project | 1 Bignum | 2022-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks. | |||||
| CVE-2021-31559 | 1 Splunk | 1 Splunk | 2022-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders. | |||||
| CVE-2022-27114 | 2 Debian, Htmldoc Project | 2 Debian Linux, Htmldoc | 2022-05-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,'img->width' and 'img->height' they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. | |||||
| CVE-2021-27759 | 1 Hcltech | 1 Bigfix Inventory | 2022-05-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim's browser to emit an HTTP request to an arbitrary URL in the application. | |||||
| CVE-2019-25060 | 1 Wpgraphql | 1 Wpgraphql | 2022-05-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site. | |||||
| CVE-2021-27758 | 1 Hcltech | 1 Bigfix Inventory | 2022-05-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim's account. | |||||
| CVE-2022-1047 | 1 Themify | 1 Post Type Builder Search Addon | 2022-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. | |||||
| CVE-2022-25989 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase Firmware 2 | 2022-05-17 | 5.8 MEDIUM | 8.8 HIGH |
| An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability. | |||||
| CVE-2022-26073 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-05-17 | 6.1 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2022-29535 | 1 Zohocorp | 1 Manageengine Opmanager | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. | |||||
| CVE-2022-0814 | 1 Ubigeo De Peru Para Woocommerce Project | 1 Ubigeo De Peru Para Woocommerce | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections | |||||
| CVE-2022-1104 | 1 Code-atlantic | 1 Popup Maker | 2022-05-17 | 3.5 LOW | 4.8 MEDIUM |
| The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-29161 | 1 Xwiki | 1 Xwiki | 2022-05-17 | 6.8 MEDIUM | 9.8 CRITICAL |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module. | |||||
| CVE-2022-1013 | 1 Ays-pro | 1 Personal Dictionary | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. | |||||
| CVE-2022-0948 | 1 Pluginbazaar | 1 Order Listener For Woocommerce | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection | |||||
| CVE-2022-29164 | 1 Argo Workflows Project | 1 Argo Workflows | 2022-05-17 | 4.6 MEDIUM | 7.1 HIGH |
| Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running. As the script has access to the Argo Server API (as the victim), so may read information about the victim’s workflows, or create and delete workflows. Note the attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows. The attacker must have an understanding of the victim’s system. We have seen no evidence of this in the wild. We urge all users to upgrade to the fixed versions. | |||||
| CVE-2022-29171 | 1 Sourcegraph | 1 Sourcegraph | 2022-05-17 | 6.0 MEDIUM | 7.2 HIGH |
| Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a `callsignCommand`, which is used to obtain the Phabricator metadata for a Gitolite repository. An administrator who is able to edit or add a Gitolite code host and has administrative access to Sourcegraph’s bundled Grafana instance can change this command arbitrarily and run it remotely. This grants direct access to the infrastructure underlying the Sourcegraph installation. The attack requires: site-admin privileges on the instance of Sourcegraph, Administrative privileges on the bundled Grafana monitoring instance, Knowledge of the gitserver IP address or DNS name (if running in Kubernetes). This can be found through Grafana. The issue is patched in version 3.38.0. You may disable Gitolite code hosts. We still highly encourage upgrading regardless of workarounds. | |||||
| CVE-2022-20117 | 1 Google | 1 Android | 2022-05-17 | 2.1 LOW | 5.5 MEDIUM |
| In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-217475903References: N/A | |||||
| CVE-2022-20118 | 1 Google | 1 Android | 2022-05-17 | 6.9 MEDIUM | 7.0 HIGH |
| In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205707793References: N/A | |||||
| CVE-2022-20119 | 1 Google | 1 Android | 2022-05-17 | 2.1 LOW | 5.5 MEDIUM |
| In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213170715References: N/A | |||||
| CVE-2022-20120 | 1 Google | 1 Android | 2022-05-17 | 10.0 HIGH | 9.8 CRITICAL |
| Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A | |||||
| CVE-2022-28973 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-05-17 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS). | |||||
| CVE-2022-28972 | 1 Tenda | 2 Ax1806, Ax1806 Firmware | 2022-05-17 | 7.8 HIGH | 7.5 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS). | |||||
| CVE-2022-20121 | 1 Google | 1 Android | 2022-05-17 | 2.1 LOW | 5.5 MEDIUM |
| In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212573046References: N/A | |||||
| CVE-2021-39738 | 1 Google | 1 Android | 2022-05-17 | 7.2 HIGH | 7.8 HIGH |
| In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216190509 | |||||
| CVE-2022-22719 | 3 Apache, Debian, Fedoraproject | 3 Http Server, Debian Linux, Fedora | 2022-05-17 | 5.0 MEDIUM | 7.5 HIGH |
| A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | |||||
| CVE-2021-45444 | 3 Debian, Fedoraproject, Zsh | 3 Debian Linux, Fedora, Zsh | 2022-05-17 | 5.1 MEDIUM | 7.8 HIGH |
| In zsh before 5.8.1, an attacker can achieve code execution if they control a command output inside the prompt, as demonstrated by a %F argument. This occurs because of recursive PROMPT_SUBST expansion. | |||||
| CVE-2021-44790 | 6 Apache, Debian, Fedoraproject and 3 more | 6 Http Server, Debian Linux, Fedora and 3 more | 2022-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier. | |||||
| CVE-2015-4142 | 3 Opensuse, Redhat, W1.fi | 7 Opensuse, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more | 2022-05-17 | 4.3 MEDIUM | N/A |
| Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. | |||||
| CVE-2022-29413 | 1 Hermit Project | 1 Hermit | 2022-05-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter. | |||||
| CVE-2022-29412 | 1 Hermit Project | 1 Hermit | 2022-05-16 | 5.8 MEDIUM | 5.4 MEDIUM |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. | |||||