Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34778 | 1 Jenkins | 1 Testng Results | 2022-07-11 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results. | |||||
| CVE-2022-1955 | 1 Opft | 1 Session | 2022-07-11 | 2.1 LOW | 4.6 MEDIUM |
| Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the application's password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. | |||||
| CVE-2017-20107 | 2 Microsoft, Shadeyouvpn.com Project | 2 Windows, Shadeyouvpn.com | 2022-07-11 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2022-33128 | 1 Ruijienetworks | 2 Rg-eg350, Rg-eg350 Firmware | 2022-07-11 | 6.4 MEDIUM | 9.1 CRITICAL |
| RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. | |||||
| CVE-2022-2353 | 2022-07-11 | N/A | N/A | ||
| Prior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user. | |||||
| CVE-2022-35412 | 2022-07-11 | N/A | N/A | ||
| Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device. | |||||
| CVE-2022-34914 | 2022-07-11 | N/A | N/A | ||
| Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary value that is used to replace the clientIp variable (without sanitization). A client can thus inject multiple arguments into the session startup. Systems that do not use the clientIP variable in the configuration are not vulnerable. The vulnerability is fixed in these versions: 20.1.16, 20.2.19, 21.1.8, 21.2.12, and 22.1.3. | |||||
| CVE-2022-22465 | 2022-07-11 | N/A | N/A | ||
| IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082. | |||||
| CVE-2022-22464 | 2022-07-11 | N/A | N/A | ||
| IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081. | |||||
| CVE-2022-22463 | 2022-07-11 | N/A | N/A | ||
| IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079. | |||||
| CVE-2020-11899 | 1 Treck | 1 Tcp\/ip | 2022-07-10 | 4.8 MEDIUM | 5.4 MEDIUM |
| The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. | |||||
| CVE-2013-4144 | 1 Swfupload Project | 1 Swfupload | 2022-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| There is an object injection vulnerability in swfupload plugin for wordpress. | |||||
| CVE-2022-34835 | 1 Denx | 1 U-boot | 2022-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function. | |||||
| CVE-2022-0987 | 2 Packagekit Project, Redhat | 2 Packagekit, Enterprise Linux | 2022-07-08 | 2.1 LOW | 3.3 LOW |
| A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists. | |||||
| CVE-2013-4170 | 1 Emberjs | 1 Ember.js | 2022-07-08 | 2.6 LOW | 6.1 MEDIUM |
| In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means that if an application assigns a view's `tagName` to user-supplied data, a specially-crafted payload could execute arbitrary JavaScript in the context of the current domain ("XSS"). This vulnerability only affects applications that assign or bind user-provided content to `tagName`. | |||||
| CVE-2017-20118 | 1 Trueconf | 1 Server | 2022-07-08 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/conferences/list/. The manipulation of the argument domxss leads to basic cross site scripting (DOM). The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2017-20116 | 1 Trueconf | 1 Server | 2022-07-08 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2022-32095 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php. | |||||
| CVE-2022-32094 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php. | |||||
| CVE-2022-32420 | 1 College Management System Project | 1 College Management System | 2022-07-08 | 6.8 MEDIUM | 8.8 HIGH |
| College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file. | |||||