Total
187221 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-1809 | 2022-05-21 | N/A | N/A | ||
Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0. | |||||
CVE-2022-31268 | 2022-05-21 | N/A | N/A | ||
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). | |||||
CVE-2022-31267 | 2022-05-21 | N/A | N/A | ||
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value. | |||||
CVE-2022-31264 | 2022-05-21 | N/A | N/A | ||
Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. | |||||
CVE-2022-31259 | 2022-05-21 | N/A | N/A | ||
The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1). | |||||
CVE-2022-29538 | 1 Resi | 1 Gemini-net | 2022-05-20 | 5.0 MEDIUM | 5.3 MEDIUM |
RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic. An unauthenticated user is able to access some critical resources. | |||||
CVE-2022-1769 | 2022-05-20 | N/A | N/A | ||
Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. | |||||
CVE-2022-1733 | 2022-05-20 | N/A | N/A | ||
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. | |||||
CVE-2022-1698 | 1 Organizr Project | 1 Organizr | 2022-05-20 | 5.0 MEDIUM | 7.5 HIGH |
Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | |||||
CVE-2022-1674 | 2022-05-20 | N/A | N/A | ||
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. | |||||
CVE-2022-29145 | 1 Microsoft | 4 .net, .net Core, Visual Studio 2019 and 1 more | 2022-05-20 | 5.0 MEDIUM | 7.5 HIGH |
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117. | |||||
CVE-2022-29117 | 2022-05-20 | N/A | 7.5 HIGH | ||
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145. | |||||
CVE-2022-23267 | 1 Microsoft | 5 .net, .net Core, Powershell and 2 more | 2022-05-20 | 5.0 MEDIUM | 7.5 HIGH |
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145. | |||||
CVE-2022-1699 | 1 Organizr Project | 1 Organizr | 2022-05-20 | 5.0 MEDIUM | 7.5 HIGH |
Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000. This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications. | |||||
CVE-2022-22413 | 1 Ibm | 1 Robotic Process Automation | 2022-05-20 | 7.5 HIGH | 9.8 CRITICAL |
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 223022. | |||||
CVE-2022-1682 | 1 Facturascripts | 1 Facturascripts | 2022-05-20 | 4.3 MEDIUM | 6.1 MEDIUM |
Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07. Xss can use to steal user's cookies which lead to Account takeover or do any malicious activity in victim's browser | |||||
CVE-2022-1752 | 2022-05-20 | N/A | N/A | ||
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. | |||||
CVE-2022-29222 | 2022-05-20 | N/A | N/A | ||
Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using Client certificates only. The connection itself is still secure. The Certificate provided by clients can't be trusted when using a Pion DTLS server prior to version 2.1.5. Users should upgrade to version 2.1.5 to receive a patch. There are currently no known workarounds. | |||||
CVE-2022-29216 | 2022-05-20 | N/A | N/A | ||
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained for compatibility reasons as the maintainers had several test cases where numpy expressions were used as arguments. However, given that the tool is always run manually, the impact of this is still not severe. The maintainers have now removed the `safe=False` argument, so all parsing is done without calling `eval`. The patch is available in versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4. | |||||
CVE-2022-29215 | 2022-05-20 | N/A | N/A | ||
RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash. |