Total
1059 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0675 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-05-26 | 8.3 HIGH | N/A |
| The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069. | |||||
| CVE-2019-25060 | 1 Wpgraphql | 1 Wpgraphql | 2022-05-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site. | |||||
| CVE-2016-5556 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 9.3 HIGH | 9.6 CRITICAL |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. | |||||
| CVE-2016-5568 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 9.3 HIGH | 9.6 CRITICAL |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. | |||||
| CVE-2016-5582 | 1 Oracle | 2 Jdk, Jre | 2022-05-13 | 9.3 HIGH | 9.6 CRITICAL |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573. | |||||
| CVE-2022-0541 | 1 Flothemes | 1 Flo-launch | 2022-05-04 | 7.5 HIGH | 9.8 CRITICAL |
| The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a cloned site, allowing any attacker to initiate a new site install by setting the flo_custom_table_prefix cookie to an arbitrary value. | |||||
| CVE-2022-29417 | 1 Shortpixel | 1 Shortpixel Adaptive Images | 2022-05-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1 at WordPress allows an attacker with a low user role like a subscriber or higher to change the plugin settings. | |||||
| CVE-2022-22183 | 1 Juniper | 1 Junos Os Evolved | 2022-04-22 | 7.8 HIGH | 7.5 HIGH |
| An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS. | |||||
| CVE-2022-21947 | 1 Suse | 1 Rancher Desktop | 2022-04-11 | 5.8 MEDIUM | 8.8 HIGH |
| A Improper Access Control vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V. | |||||
| CVE-2022-1223 | 1 Phpipam | 1 Phpipam | 2022-04-11 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6. | |||||
| CVE-2022-0405 | 1 Calibre-web Project | 1 Calibre-web | 2022-04-11 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16. | |||||
| CVE-2022-0273 | 1 Calibre-web Project | 1 Calibre-web | 2022-03-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Pypi calibreweb prior to 0.6.16. | |||||
| CVE-2016-9877 | 2 Pivotal Software, Vmware | 2 Rabbitmq, Rabbitmq | 2022-03-17 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected. | |||||
| CVE-2022-0580 | 1 Librenms | 1 Librenms | 2022-02-22 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Access Control in Packagist librenms/librenms prior to 22.2.0. | |||||
| CVE-2016-2788 | 1 Puppet | 2 Marionette Collective, Puppet Enterprise | 2022-01-24 | 7.5 HIGH | 9.8 CRITICAL |
| MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet Enterprise, allows remote attackers to execute arbitrary code via vectors related to the mco ping command. | |||||
| CVE-2016-5714 | 1 Puppet | 2 Puppet Agent, Puppet Enterprise | 2022-01-24 | 6.5 MEDIUM | 7.2 HIGH |
| Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow remote attackers to bypass a host whitelist protection mechanism and execute arbitrary code on Puppet nodes via vectors related to command validation, aka "Puppet Execution Protocol (PXP) Command Whitelist Validation Vulnerability." | |||||
| CVE-2022-0178 | 1 Snipeitapp | 1 Snipe-it | 2022-01-20 | 5.5 MEDIUM | 5.4 MEDIUM |
| snipe-it is vulnerable to Improper Access Control | |||||
| CVE-2022-0170 | 1 Framasoft | 1 Peertube | 2022-01-19 | 4.0 MEDIUM | 4.3 MEDIUM |
| peertube is vulnerable to Improper Access Control | |||||
| CVE-2022-0133 | 1 Framasoft | 1 Peertube | 2022-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| peertube is vulnerable to Improper Access Control | |||||
| CVE-2019-10128 | 2 Microsoft, Postgresql | 2 Windows, Postgresql | 2022-01-01 | 4.1 MEDIUM | 7.8 HIGH |
| A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code. | |||||