Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13886 | 1 Intelbras | 6 Tip200, Tip200 Firmware, Tip200lite and 3 more | 2022-08-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal. | |||||
| CVE-2020-26275 | 1 Jupyter | 1 Jupyter Server | 2022-08-05 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a different malicious website. All jupyter servers running without a base_url prefix are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may *appear* safe, but ultimately redirect to a spoofed server on the public internet. This same vulnerability was patched in upstream notebook v5.7.8. This is fixed in jupyter_server 1.1.1. If upgrade is not available, a workaround can be to run your server on a url prefix: "jupyter server --ServerApp.base_url=/jupyter/". | |||||
| CVE-2020-13944 | 1 Apache | 1 Airflow | 2022-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Apache Airflow < 1.10.12, the "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. | |||||
| CVE-2018-7580 | 1 Philips | 2 Hue, Hue Firmware | 2022-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue's hub and it will stop responding. The "hub" will stop operating and be frozen until the flood stops. During the flood, the user won't be able to turn on/off the lights, and all of the hub's functionality will be unresponsive. The cloud service also won't work with the hub. | |||||
| CVE-2020-13566 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2022-08-05 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection. | |||||
| CVE-2020-35964 | 2 Ffmpeg, Linux | 2 Ffmpeg, Linux Kernel | 2022-08-05 | 4.3 MEDIUM | 6.5 MEDIUM |
| track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing. | |||||
| CVE-2020-13568 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2022-08-05 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection. | |||||
| CVE-2022-0419 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2022-08-05 | 4.3 MEDIUM | 5.5 MEDIUM |
| NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.0. | |||||
| CVE-2021-43742 | 1 Cmsimple | 1 Cmsimple | 2022-08-05 | 3.5 LOW | 5.4 MEDIUM |
| CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature. | |||||
| CVE-2022-28572 | 1 Tenda | 4 Ax1803, Ax1803 Firmware, Ax1806 and 1 more | 2022-08-05 | 6.5 MEDIUM | 8.8 HIGH |
| Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function | |||||
| CVE-2021-27777 | 1 Hcltech | 1 Unica | 2022-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation. Attackers can exploit this vulnerability to manipulate XML content and inject malicious external entity references. | |||||
| CVE-2022-1379 | 2 Fedoraproject, Plantuml | 2 Fedora, Plantuml | 2022-08-05 | 6.4 MEDIUM | 9.1 CRITICAL |
| URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows accessing restricted internal resources/servers or sending requests to third party servers. | |||||
| CVE-2022-34928 | 1 Jflyfox | 1 Jfinal Cms | 2022-08-05 | N/A | 8.8 HIGH |
| JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. | |||||
| CVE-2022-2631 | 1 Tooljet | 1 Tooljet | 2022-08-05 | N/A | 8.8 HIGH |
| Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. | |||||
| CVE-2022-23733 | 1 Github | 1 Enterprise Server | 2022-08-05 | N/A | 5.4 MEDIUM |
| A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2022-34618 | 1 Mealie Project | 1 Mealie | 2022-08-05 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field. | |||||
| CVE-2022-34619 | 1 Mealie Project | 1 Mealie | 2022-08-05 | N/A | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field. | |||||
| CVE-2020-28451 | 1 Image-tiler Project | 1 Image-tiler | 2022-08-05 | N/A | 9.8 CRITICAL |
| This affects the package image-tiler before 2.0.2. | |||||
| CVE-2022-2245 | 1 Wow-company | 1 Counter Box | 2022-08-05 | N/A | 8.8 HIGH |
| The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks | |||||
| CVE-2022-31178 | 1 Elabftw | 1 Elabftw | 2022-08-05 | N/A | 4.3 MEDIUM |
| eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue. | |||||