Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31519 | 1 Windmill Project | 1 Windmill | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31518 | 1 Python-recipe-database Project | 1 Python-recipe-database | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31523 | 1 Paddlepaddle | 1 Anakin | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31522 | 1 Karaokey Project | 1 Karaokey | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31521 | 1 Mosaic Project | 1 Mosaic | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31526 | 1 Thunderatz | 1 Thunderdocs | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31525 | 1 Deep Learning Studio Project | 1 Deep Learning Studio | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31524 | 1 Purestorage | 1 Pure Swagger | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31529 | 1 Monorepo Project | 1 Monorepo | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31528 | 1 Bonn Activity Maps Annotation Tool Project | 1 Bonn Activity Maps Annotation Tool | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31527 | 1 Flask-file-server Project | 1 Flask-file-server | 2022-07-15 | 6.4 MEDIUM | 9.3 CRITICAL |
| The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | |||||
| CVE-2022-31058 | 1 Enalean | 1 Tuleap | 2022-07-15 | 6.5 MEDIUM | 7.2 HIGH |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue. | |||||
| CVE-2022-31032 | 1 Enalean | 1 Tuleap | 2022-07-15 | 4.0 MEDIUM | 4.3 MEDIUM |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.58 authorizations are not properly verified when creating projects or trackers from projects marked as templates. Users can get access to information in those template projects because the permissions model is not properly enforced. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-31063 | 1 Enalean | 1 Tuleap | 2022-07-15 | 3.5 LOW | 5.4 MEDIUM |
| Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.111 the title of a document is not properly escaped in the search result of MyDocmanSearch widget and in the administration page of the locked documents. A malicious user with the capability to create a document could force victim to execute uncontrolled code. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2022-33737 | 1 Openvpn | 1 Openvpn Access Server | 2022-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| The OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password | |||||
| CVE-2022-31135 | 1 Aceattorneyonline | 1 Akashi | 2022-07-14 | 7.8 HIGH | 7.5 HIGH |
| Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are subject to a denial of service attack. An attacker can use a specially crafted evidence packet to make an illegal modification, causing a server crash. This can be used to mount a denial-of-service exploit. Users are advised to upgrade. There is no known workaround for this issue. | |||||
| CVE-2022-32449 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2022-07-14 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet. | |||||
| CVE-2022-33098 | 1 Magnolia-cms | 1 Magnolia Cms | 2022-07-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2022-28889 | 1 Apache | 1 Druid | 2022-07-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| In Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header. | |||||
| CVE-2022-32055 | 1 Nesote | 1 Inout Homestay | 2022-07-14 | 5.0 MEDIUM | 7.5 HIGH |
| Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals. | |||||