Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20240 | 2022-09-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none. | |||||
| CVE-2019-20238 | 2022-09-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none. | |||||
| CVE-2019-20233 | 2022-09-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none. | |||||
| CVE-2019-20232 | 2022-09-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none. | |||||
| CVE-2019-20231 | 2022-09-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none. | |||||
| CVE-2019-20229 | 2022-09-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none. | |||||
| CVE-2019-20228 | 2022-09-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none. | |||||
| CVE-2021-43362 | 1 Meddata | 1 Hbys | 2022-09-28 | 7.5 HIGH | 9.8 CRITICAL |
| Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. | |||||
| CVE-2021-43361 | 1 Meddata | 1 Hbys | 2022-09-28 | 7.5 HIGH | 9.8 CRITICAL |
| Due to improper sanitization MedData HBYS software suffers from a remote SQL injection vulnerability. An unauthenticated attacker with the web access is able to extract critical information from the system. | |||||
| CVE-2020-11015 | 1 Thinx-device-api Project | 1 Thinx-device-api | 2022-09-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0. Device MAC address can be spoofed. This means initial registration requests without UDID and spoofed MAC address may pass to create new UDID with same MAC address. Full impact needs to be reviewed further. Applies to all (mostly ESP8266/ESP32) users. This has been fixed in firmware version 2.5.0. | |||||
| CVE-2009-5047 | 2022-09-28 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2019-5747 | 2 Busybox, Canonical | 2 Busybox, Ubuntu Linux | 2022-09-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components (consumed by the DHCP client, server, and/or relay) might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte length when decoding DHCP_SUBNET. NOTE: this issue exists because of an incomplete fix for CVE-2018-20679. | |||||
| CVE-2022-29599 | 1 Apache | 1 Maven Shared Utils | 2022-09-28 | 7.5 HIGH | 9.8 CRITICAL |
| In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | |||||
| CVE-2022-39031 | 1 Lcnet | 1 Smart Evision | 2022-09-28 | N/A | 5.3 MEDIUM |
| Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only. | |||||
| CVE-2022-39032 | 1 Lcnet | 1 Smart Evision | 2022-09-28 | N/A | 8.8 HIGH |
| Smart eVision has an improper privilege management vulnerability. A remote attacker with general user privilege can exploit this vulnerability to escalate to administrator privilege, and then perform arbitrary system command or disrupt service. | |||||
| CVE-2022-39033 | 1 Lcnet | 1 Smart Evision | 2022-09-28 | N/A | 9.8 CRITICAL |
| Smart eVision’s file acquisition function has a path traversal vulnerability due to insufficient filtering for special characters in the URL parameter. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication, access restricted paths to download and delete arbitrary system files to disrupt service. | |||||
| CVE-2022-39034 | 1 Lcnet | 1 Smart Evision | 2022-09-28 | N/A | 6.5 MEDIUM |
| Smart eVision has a path traversal vulnerability in the Report API function due to insufficient filtering for special characters in URLs. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication, access restricted paths and download system files. | |||||
| CVE-2022-3332 | 1 Food Ordering Management System Project | 1 Food Ordering Management System | 2022-09-28 | N/A | 9.8 CRITICAL |
| A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583. | |||||
| CVE-2022-39053 | 1 Heimavista | 1 Dark Horse Rpage | 2022-09-28 | N/A | 6.1 MEDIUM |
| Heimavista Rpage has insufficient filtering for platform web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | |||||
| CVE-2022-39054 | 1 Cowell Enterprise Travel Management System Project | 1 Cowell Enterprise Travel Management System | 2022-09-28 | N/A | 6.1 MEDIUM |
| Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack. | |||||