Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31533 | 1 Umbral Project | 1 Umbral | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2021-41042 | 1 Eclipse | 1 Lyo | 2022-07-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved. | |||||
| CVE-2022-33680 | 1 Microsoft | 1 Edge Chromium | 2022-07-15 | 5.1 MEDIUM | 8.3 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639. | |||||
| CVE-2022-34592 | 1 Wavlink | 2 Wl-wn575a3, Wl-wn575a3 Firmware | 2022-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request. | |||||
| CVE-2022-31121 | 1 Hyperledger | 1 Fabric | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue. | |||||
| CVE-2022-33738 | 1 Openvpn | 1 Openvpn Access Server | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| OpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal | |||||
| CVE-2022-31560 | 1 Photo Tag Project | 1 Photo Tag | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31559 | 1 Flask-yeoman Project | 1 Flask-yeoman | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31562 | 1 Internshipsystem Project | 1 Internshipsystem | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31561 | 1 Sphere Imagebackend Project | 1 Sphere Imagebackend | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31136 | 1 Joinbookwyrm | 1 Bookwyrm | 2022-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as cross site scripting attacks on users viewing these fields. Users are advised to upgrade to version 0.4.1. There are no known workarounds for this issue. | |||||
| CVE-2022-31564 | 1 Munhak | 1 Munhak-moa | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31563 | 1 Vprj Project | 1 Vprj | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-23744 | 1 Checkpoint | 2 Endpoint Security, Harmony Endpoint | 2022-07-15 | 2.1 LOW | 2.3 LOW |
| Check Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator. | |||||
| CVE-2021-41995 | 2 Apple, Pingidentity | 2 Macos, Pingid Integration For Mac Login | 2022-07-15 | 5.0 MEDIUM | 7.5 HIGH |
| A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | |||||
| CVE-2022-33948 | 1 Kddi | 2 Home Spot Cube 2, Home Spot Cube 2 Firmware | 2022-07-15 | 8.3 HIGH | 8.8 HIGH |
| HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product. | |||||
| CVE-2022-31566 | 1 Data Stream Algorithm Benchmark Project | 1 Data Stream Algorithm Benchmark | 2022-07-15 | 5.0 MEDIUM | 8.6 HIGH |
| The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31565 | 1 Syrabond Project | 1 Syrabond | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-29512 | 1 Cybozu | 1 Garoon | 2022-07-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege. | |||||
| CVE-2022-31472 | 1 Cybozu | 1 Garoon | 2022-07-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet. | |||||