Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2363 | 1 Simple Parking Management System Project | 1 Simple Parking Management System | 2022-07-15 | 3.5 LOW | 4.6 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. Affected by this issue is some unknown functionality of the file /ci_spms/admin/search/searching/. The manipulation of the argument search with the input "><script>alert("XSS")</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2020-4157 | 1 Ibm | 1 Qradar Network Security | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174337. | |||||
| CVE-2022-2364 | 1 Simple Parking Management System Project | 1 Simple Parking Management System | 2022-07-15 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. This affects an unknown part of the file /ci_spms/admin/category. The manipulation of the argument vehicle_type with the input "><script>alert("XSS")</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-39041 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2022-07-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports. IBM X-Force ID: 214028. | |||||
| CVE-2020-4159 | 1 Ibm | 1 Qradar Network Security | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system. IBM X-Force ID: 174339. | |||||
| CVE-2022-29619 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2022-07-15 | 5.5 MEDIUM | 6.5 MEDIUM |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. | |||||
| CVE-2022-31591 | 1 Sap | 1 Businessobjects Bw Publisher Service | 2022-07-15 | 4.6 MEDIUM | 7.8 HIGH |
| SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. A local attacker can gain elevated privileges by inserting an executable file in the path of the affected service | |||||
| CVE-2022-31598 | 1 Sap | 1 Business Objects Business Intelligence Platform | 2022-07-15 | 4.9 MEDIUM | 5.4 MEDIUM |
| Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | |||||
| CVE-2022-31593 | 1 Sap | 1 Business One | 2022-07-15 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2022-31592 | 1 Sap | 1 Enterprise Extension Defense Forces \& Public Security | 2022-07-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality. | |||||
| CVE-2022-31654 | 1 Vmware | 1 Vrealize Log Insight | 2022-07-15 | 3.5 LOW | 5.4 MEDIUM |
| VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. | |||||
| CVE-2022-31655 | 1 Vmware | 1 Vrealize Log Insight | 2022-07-15 | 3.5 LOW | 5.4 MEDIUM |
| VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. | |||||
| CVE-2022-32115 | 1 Withknown | 1 Known | 2022-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file. | |||||
| CVE-2022-31290 | 1 Withknown | 1 Known | 2022-07-15 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field. | |||||
| CVE-2022-30852 | 1 Withknown | 1 Known | 2022-07-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR). | |||||
| CVE-2021-41037 | 1 Eclipse | 1 Equinox P2 | 2022-07-15 | 6.8 MEDIUM | 8.0 HIGH |
| In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like agent or other settings that usually require particular attention in term of security. Although p2 has built-in strategies to ensure artifacts are signed and then to help establish trust, there is no such strategy for the metadata part that does configure such touchpoints. As a result, it's possible to install a unit that will run malicious code during installation without user receiving any warning about this installation step being risky when coming from untrusted source. | |||||
| CVE-2022-2089 | 1 Bold-themes | 1 Bold Page Builder | 2022-07-15 | 3.5 LOW | 4.8 MEDIUM |
| The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-2093 | 1 Ninjateam | 1 Wp Duplicate Page | 2022-07-15 | 3.5 LOW | 4.8 MEDIUM |
| The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | |||||
| CVE-2022-2123 | 1 Wp Opt-in Project | 1 Wp Opt-in | 2022-07-15 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails. | |||||
| CVE-2022-2050 | 1 Maxfoundry | 1 Wp-paginate | 2022-07-15 | 3.5 LOW | 4.8 MEDIUM |
| The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed | |||||