Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9381 | 1 Totaljs | 1 Total.js Cms | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954. | |||||
| CVE-2020-1938 | 6 Apache, Blackberry, Debian and 3 more | 19 Geode, Tomcat, Good Control and 16 more | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed: - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations. | |||||
| CVE-2020-0688 | 1 Microsoft | 1 Exchange Server | 2022-07-12 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | |||||
| CVE-2020-8644 | 1 Playsms | 1 Playsms | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. | |||||
| CVE-2020-0646 | 1 Microsoft | 9 .net Framework, Windows 10, Windows 7 and 6 more | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'. | |||||
| CVE-2021-37524 | 1 Fusionpbx | 1 Fusionpbx | 2022-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php. | |||||
| CVE-2022-32040 | 1 Tenda | 2 M3, M3 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm. | |||||
| CVE-2022-32041 | 1 Tenda | 2 M3, M3 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData. | |||||
| CVE-2022-32043 | 1 Tenda | 2 M3, M3 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo. | |||||
| CVE-2022-32039 | 1 Tenda | 2 M3, M3 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient. | |||||
| CVE-2021-44463 | 1 Emerson | 1 Deltav | 2022-07-12 | 6.9 MEDIUM | 7.3 HIGH |
| Missing DLLs, if replaced by an insider, could allow an attacker to achieve local privilege escalation on the DeltaV Distributed Control System Controllers and Workstations (All versions) when some DeltaV services are started. | |||||
| CVE-2022-32037 | 1 Tenda | 2 M3, M3 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg. | |||||
| CVE-2020-26147 | 4 Arista, Debian, Linux and 1 more | 14 C-65, C-65 Firmware, C-75 and 11 more | 2022-07-12 | 3.2 LOW | 5.4 MEDIUM |
| An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. | |||||
| CVE-2022-32053 | 1 Totolink | 2 T6, T6 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c. | |||||
| CVE-2022-32052 | 1 Totolink | 2 T6, T6 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4. | |||||
| CVE-2022-32051 | 1 Totolink | 2 T6, T6 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4. | |||||
| CVE-2020-24586 | 5 Arista, Debian, Ieee and 2 more | 44 C-200, C-200 Firmware, C-230 and 41 more | 2022-07-12 | 2.9 LOW | 3.5 LOW |
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data. | |||||
| CVE-2022-32050 | 1 Totolink | 2 T6, T6 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40. | |||||
| CVE-2022-32049 | 1 Totolink | 2 T6, T6 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540. | |||||
| CVE-2022-32048 | 1 Totolink | 2 T6, T6 Firmware | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88. | |||||