Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21705 | 3 Netapp, Oracle, Php | 3 Clustered Data Ontap, Sd-wan Aware, Php | 2022-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| In PHP versions 7.3.x below 7.3.29, 7.4.x below 7.4.21 and 8.0.x below 8.0.8, when using URL validation functionality via filter_var() function with FILTER_VALIDATE_URL parameter, an URL with invalid password field can be accepted as valid. This can lead to the code incorrectly parsing the URL and potentially leading to other security implications - like contacting a wrong server or making a wrong access decision. | |||||
| CVE-2021-3588 | 1 Bluez | 1 Bluez | 2022-09-29 | 2.1 LOW | 3.3 LOW |
| The cli_feat_read_cb() function in src/gatt-database.c does not perform bounds checks on the 'offset' variable before using it as an index into an array for reading. | |||||
| CVE-2021-0129 | 4 Bluez, Debian, Linux and 1 more | 4 Bluez, Debian Linux, Linux Kernel and 1 more | 2022-09-29 | 2.7 LOW | 5.7 MEDIUM |
| Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. | |||||
| CVE-2022-37209 | 1 Jflyfox | 1 Jfinal Cms | 2022-09-29 | N/A | 8.8 HIGH |
| JFinal CMS 5.1.0 is affected by: SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection. | |||||
| CVE-2022-38335 | 1 Vtiger | 1 Vtiger Crm | 2022-09-29 | N/A | 5.4 MEDIUM |
| Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules. | |||||
| CVE-2022-38932 | 1 Toaruos | 1 Toaruos | 2022-09-29 | N/A | 7.8 HIGH |
| readelf in ToaruOS 2.0.1 has a global overflow allowing RCE when parsing a crafted ELF file. | |||||
| CVE-2010-1281 | 3 Adobe, Apple, Microsoft | 3 Shockwave Player, Macos, Windows | 2022-09-29 | 9.3 HIGH | 8.8 HIGH |
| iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not validate a certain value from a file before using it in file-pointer calculations, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .dir (aka Director) file. | |||||
| CVE-2020-20470 | 1 White Shark Systems Project | 1 White Shark Systems | 2022-09-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability. | |||||
| CVE-2020-20467 | 1 White Shark Systems Project | 1 White Shark Systems | 2022-09-29 | 6.4 MEDIUM | 6.5 MEDIUM |
| White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task. | |||||
| CVE-2020-21784 | 1 Phpwcms | 1 Phpwcms | 2022-09-29 | 7.5 HIGH | 9.8 CRITICAL |
| phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. | |||||
| CVE-2020-22201 | 1 Phpcms | 1 Phpcms | 2022-09-29 | 6.5 MEDIUM | 8.8 HIGH |
| phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. | |||||
| CVE-2020-20444 | 1 Openclinic Project | 1 Openclinic | 2022-09-29 | 6.5 MEDIUM | 7.2 HIGH |
| Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability . | |||||
| CVE-2017-10268 | 5 Debian, Mariadb, Netapp and 2 more | 17 Debian Linux, Mariadb, Active Iq Unified Manager and 14 more | 2022-09-29 | 1.5 LOW | 4.1 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2017-3317 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2022-09-29 | 1.5 LOW | 4.0 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 4.0 (Availability impacts). | |||||
| CVE-2017-3318 | 4 Debian, Mariadb, Oracle and 1 more | 9 Debian Linux, Mariadb, Mysql and 6 more | 2022-09-29 | 1.0 LOW | 4.0 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling). Supported versions that are affected are 5.5.53 and earlier, 5.6.34 and earlier and 5.7.16 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS v3.0 Base Score 4.0 (Confidentiality impacts). | |||||
| CVE-2015-4836 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2022-09-29 | 2.8 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. | |||||
| CVE-2014-2431 | 3 Mariadb, Oracle, Redhat | 9 Mariadb, Mysql, Solaris and 6 more | 2022-09-29 | 2.6 LOW | N/A |
| Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote attackers to affect availability via unknown vectors related to Options. | |||||
| CVE-2022-3323 | 1 Advantech | 1 Iview | 2022-09-29 | N/A | 7.5 HIGH |
| An SQL injection vulnerability in Advantech iView 5.7.04.6469. The specific flaw exists within the ConfigurationServlet endpoint, which listens on TCP port 8080 by default. An unauthenticated remote attacker can craft a special column_value parameter in the setConfiguration action to bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform SQL injection. For example, the attacker can exploit the vulnerability to retrieve the iView admin password. | |||||
| CVE-2013-5908 | 5 Canonical, Debian, Mariadb and 2 more | 10 Ubuntu Linux, Debian Linux, Mariadb and 7 more | 2022-09-29 | 2.6 LOW | N/A |
| Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling. | |||||
| CVE-2022-2760 | 1 Octopus | 1 Octopus Server | 2022-09-29 | N/A | 4.3 MEDIUM |
| In affected versions of Octopus Deploy it is possible to reveal the Space ID of spaces that the user does not have access to view in an error message when a resource is part of another Space. | |||||