Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35123 | 1 Qualcomm | 64 Aqt1000, Aqt1000 Firmware, Qca6390 and 61 more | 2022-06-22 | 8.3 HIGH | 8.8 HIGH |
| Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon Industrial IOT | |||||
| CVE-2002-0059 | 1 Zlib | 1 Zlib | 2022-06-22 | 7.5 HIGH | N/A |
| The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. | |||||
| CVE-2003-0107 | 1 Zlib | 1 Zlib | 2022-06-22 | 7.5 HIGH | N/A |
| Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. | |||||
| CVE-2004-0797 | 1 Zlib | 1 Zlib | 2022-06-22 | 2.1 LOW | N/A |
| The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash). | |||||
| CVE-2005-2096 | 1 Zlib | 1 Zlib | 2022-06-22 | 7.5 HIGH | N/A |
| zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | |||||
| CVE-2005-1849 | 1 Zlib | 1 Zlib | 2022-06-22 | 5.0 MEDIUM | N/A |
| inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. | |||||
| CVE-2022-29948 | 1 Lepin Ep-kp001 Project | 2 Lepin Ep-kp001, Lepinep-kp001 Firmware | 2022-06-20 | 2.1 LOW | 4.6 MEDIUM |
| Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data. Normally, the encrypted disk partition with this data is unlocked by entering the correct passcode (6 to 14 digits) via the keypad and pressing the Unlock button. This authentication is performed by an unknown microcontroller. By replacing this microcontroller on a target device with one from an attacker-controlled Lepin EP-KP001 whose passcode is known, it is possible to successfully unlock the target device and read the stored data in cleartext. | |||||
| CVE-2022-2037 | 1 Tooljet | 1 Tooljet | 2022-06-15 | 6.0 MEDIUM | 8.0 HIGH |
| Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0. | |||||
| CVE-2020-10698 | 1 Redhat | 1 Ansible Tower | 2022-06-14 | 2.1 LOW | 3.3 LOW |
| A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdout of the executed jobs which are run from other organizations. Some sensible data can be disclosed. However, critical data should not be disclosed, as it should be protected by the no_log flag when debugging is enabled. This flaw affects Ansible Tower versions before 3.6.4, Ansible Tower versions before 3.5.6 and Ansible Tower versions before 3.4.6. | |||||
| CVE-2022-1947 | 1 Trudesk Project | 1 Trudesk | 2022-06-14 | 4.0 MEDIUM | 6.5 MEDIUM |
| Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
| CVE-2022-30748 | 1 Samsung | 1 Members | 2022-06-14 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. | |||||
| CVE-2019-1003005 | 1 Jenkins | 1 Script Security | 2022-06-13 | 6.5 MEDIUM | 8.8 HIGH |
| A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.50 and earlier in src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java that allows attackers with Overall/Read permission to provide a Groovy script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM. | |||||
| CVE-2019-5021 | 4 Alpinelinux, F5, Gliderlabs and 1 more | 4 Alpine Linux, Big-ip Controller, Docker-alpine and 1 more | 2022-06-13 | 10.0 HIGH | 9.8 CRITICAL |
| Versions of the Official Alpine Linux Docker images (since v3.3) contain a NULL password for the `root` user. This vulnerability appears to be the result of a regression introduced in December of 2015. Due to the nature of this issue, systems deployed using affected versions of the Alpine Linux container which utilize Linux PAM, or some other mechanism which uses the system shadow file as an authentication database, may accept a NULL password for the `root` user. | |||||
| CVE-2022-30597 | 3 Fedoraproject, Moodle, Redhat | 3 Fedora, Moodle, Enterprise Linux | 2022-06-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in moodle where the description user field was not hidden when being set as a hidden user field. | |||||
| CVE-2022-30729 | 1 Google | 1 Android | 2022-06-10 | 2.1 LOW | 4.6 MEDIUM |
| Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. | |||||
| CVE-2022-31007 | 1 Elabftw | 1 Elabftw | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts. | |||||
| CVE-2022-1808 | 1 Trudesk Project | 1 Trudesk | 2022-06-09 | 6.5 MEDIUM | 8.8 HIGH |
| Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
| CVE-2021-43308 | 1 Markdown-link-extractor Project | 1 Markdown-link-extractor | 2022-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function | |||||
| CVE-2021-43307 | 1 Semver-regex Project | 1 Semver-regex | 2022-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method | |||||
| CVE-2021-43306 | 1 Jqueryvalidation | 1 Jquery Validation | 2022-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method | |||||