Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-36922 | 1 Jenkins | 1 Lucene-search | 2022-08-04 | N/A | 6.1 MEDIUM |
| Jenkins Lucene-Search Plugin 370.v62a5f618cd3a and earlier does not escape the search query parameter displayed on the 'search' result page, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2022-36915 | 1 Jenkins | 1 Android Signing | 2022-08-04 | N/A | 4.3 MEDIUM |
| Jenkins Android Signing Plugin 2.2.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Item/Read permission but without Item/Workspace or Item/Configure permission to check whether attacker-specified file patterns match workspace contents. | |||||
| CVE-2022-36378 | 1 Floating Div Project | 1 Floating Div | 2022-08-04 | N/A | 4.8 MEDIUM |
| Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress. | |||||
| CVE-2016-4991 | 1 Nodepdf Project | 1 Nodepdf | 2022-08-04 | N/A | 9.8 CRITICAL |
| Input passed to the Pdf() function is shell escaped and passed to child_process.exec() during PDF rendering. However, the shell escape does not properly encode all special characters, namely, semicolon and curly braces. This can be abused to achieve command execution. This problem affects nodepdf 1.3.0. | |||||
| CVE-2022-35632 | 1 Rapid7 | 1 Velociraptor | 2022-08-04 | N/A | 4.8 MEDIUM |
| The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2. | |||||
| CVE-2022-35631 | 3 Apple, Linux, Rapid7 | 3 Macos, Linux Kernel, Velociraptor | 2022-08-04 | N/A | 5.5 MEDIUM |
| On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2. | |||||
| CVE-2021-42535 | 1 Visam | 1 Vbase Web-remote | 2022-08-04 | N/A | 6.1 MEDIUM |
| VISAM VBASE version 11.6.0.6 does not neutralize or incorrectly neutralizes user-controllable input before the data is placed in output used as a public-facing webpage. | |||||
| CVE-2022-36752 | 1 Png2webp Project | 1 Png2webp | 2022-08-04 | N/A | 5.5 MEDIUM |
| png2webp v1.0.4 was discovered to contain an out-of-bounds write via the function w2p. This vulnerability is exploitable via a crafted png file. | |||||
| CVE-2022-35630 | 1 Rapid7 | 1 Velociraptor | 2022-08-04 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2. | |||||
| CVE-2022-36914 | 1 Jenkins | 1 Files Found Trigger | 2022-08-04 | N/A | 4.3 MEDIUM |
| Jenkins Files Found Trigger Plugin 1.5 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system. | |||||
| CVE-2022-34578 | 1 Opensourcepos | 1 Open Source Point Of Sale | 2022-08-03 | N/A | 7.2 HIGH |
| Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page. | |||||
| CVE-2022-34593 | 1 Dptech | 1 Dptech Vpn | 2022-08-03 | N/A | 7.5 HIGH |
| DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability. | |||||
| CVE-2021-38410 | 1 Aveva | 7 Batch Management, Enterprise Data Management, Manufacturing Execution System and 4 more | 2022-08-03 | N/A | 7.8 HIGH |
| AVEVA Software Platform Common Services (PCS) Portal versions 4.5.2, 4.5.1, 4.5.0, and 4.4.6 are vulnerable to DLL hijacking through an uncontrolled search path element, which may allow an attacker control to one or more locations in the search path. | |||||
| CVE-2020-6998 | 1 Rockwellautomation | 18 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compact Guardlogix 5370 and 15 more | 2022-08-03 | N/A | 8.6 HIGH |
| The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products. | |||||
| CVE-2022-36948 | 1 Veritas | 1 Netbackup | 2022-08-03 | N/A | 5.4 MEDIUM |
| In Veritas NetBackup OpsCenter, a DOM XSS attack can occur. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10. | |||||
| CVE-2022-36899 | 1 Jenkins | 2 Compuware Ispw Operations, Jenkins | 2022-08-03 | N/A | 8.2 HIGH |
| Jenkins Compuware ISPW Operations Plugin 1.0.8 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | |||||
| CVE-2022-36900 | 1 Jenkins | 2 Compuware Zadviser Api, Jenkins | 2022-08-03 | N/A | 8.2 HIGH |
| Jenkins Compuware zAdviser API Plugin 1.0.3 and earlier does not restrict execution of a controller/agent message to agents, allowing attackers able to control agent processes to retrieve Java system properties. | |||||
| CVE-2022-27615 | 1 Synology | 1 Dns Server | 2022-08-03 | N/A | 8.1 HIGH |
| Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in cgi component in Synology DNS Server before 2.2.2-5027 allows remote authenticated users to delete arbitrary files via unspecified vectors. | |||||
| CVE-2021-43179 | 2022-08-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||
| CVE-2021-43178 | 2022-08-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none. | |||||