Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31547 | 1 Sphere Project | 1 Sphere | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31546 | 1 Glance Project | 1 Glance | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31545 | 1 Modelconverter Project | 1 Modelconverter | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31543 | 1 Setupbox Project | 1 Setupbox | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31542 | 1 Mdweb Project | 1 Mdweb | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31541 | 1 Barry Voice Assistant Project | 1 Barry Voice Assistant | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31540 | 1 Hin-eng-preprocessing Project | 1 Hin-eng-preprocessing | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31539 | 1 Kotekan Project | 1 Kotekan | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31538 | 1 Mp-m08-interface Project | 1 Mp-m08-interface | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31537 | 1 Solar-system-simulator Project | 1 Solar-system-simulator | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2021-1387 | 1 Cisco | 121 Nexus 3016, Nexus 3016q, Nexus 3048 and 118 more | 2022-07-15 | 4.3 MEDIUM | 8.6 HIGH |
| A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because the software improperly releases resources when it processes certain IPv6 packets that are destined to an affected device. An attacker could exploit this vulnerability by sending multiple crafted IPv6 packets to an affected device. A successful exploit could cause the network stack to run out of available buffers, impairing operations of control plane and management plane protocols and resulting in a DoS condition. Manual intervention would be required to restore normal operations on the affected device. For more information about the impact of this vulnerability, see the Details section of this advisory. | |||||
| CVE-2022-2274 | 1 Openssl | 1 Openssl | 2022-07-15 | 10.0 HIGH | 9.8 CRITICAL |
| The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue. | |||||
| CVE-2015-5236 | 1 Icedtea-web Project | 1 Icedtea-web | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value. | |||||
| CVE-2022-31536 | 1 Ytdl-sync Project | 1 Ytdl-sync | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31535 | 1 Fishtank Project | 1 Fishtank | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2015-5298 | 1 Jenkins | 1 Google Login | 2022-07-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification. | |||||
| CVE-2022-31534 | 1 Pythonweb Project | 1 Pythonweb | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-33936 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2022-07-15 | 10.0 HIGH | 9.8 CRITICAL |
| Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. | |||||
| CVE-2022-32481 | 1 Dell | 1 Powerprotect Cyber Recovery | 2022-07-15 | 7.2 HIGH | 7.8 HIGH |
| Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover. | |||||
| CVE-2021-35283 | 1 Atoms183 Cms Project | 1 Atoms183 Cms | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php. | |||||