Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31784 | 1 Mitel | 2 Mivoice Business, Mivoice Business Express | 2022-06-29 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters. A successful exploit could allow arbitrary code execution. | |||||
| CVE-2017-20095 | 1 Simple Ads Manager Project | 1 Simple Ads Manager | 2022-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely. | |||||
| CVE-2022-34213 | 1 Jenkins | 1 Squash Tm Publisher | 2022-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | |||||
| CVE-2017-20096 | 1 Wp-spamfree Anti-spam Project | 1 Wp-spamfree Anti-spam | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. | |||||
| CVE-2022-34207 | 1 Jenkins | 1 Beaker Builder | 2022-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2022-34209 | 1 Jenkins | 1 Threadfix | 2022-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL. | |||||
| CVE-2022-34211 | 1 Jenkins | 1 Vrealize Orchestrator | 2022-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. | |||||
| CVE-2022-34210 | 1 Jenkins | 1 Threadfix | 2022-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | |||||
| CVE-2022-34212 | 1 Jenkins | 1 Vrealize Orchestrator | 2022-06-29 | 3.5 LOW | 5.7 MEDIUM |
| A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. | |||||
| CVE-2022-34205 | 1 Jenkins | 1 Jianliao Notification | 2022-06-29 | 4.3 MEDIUM | 6.5 MEDIUM |
| A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL. | |||||
| CVE-2022-32987 | 1 Simple Bakery Shop Management System Project | 1 Simple Bakery Shop Management System | 2022-06-29 | 3.5 LOW | 4.8 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name fields. | |||||
| CVE-2022-33024 | 1 Gnu | 1 Libredwg | 2022-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. | |||||
| CVE-2022-34300 | 1 Tinyexr Project | 1 Tinyexr | 2022-06-29 | 6.8 MEDIUM | 8.8 HIGH |
| In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData. | |||||
| CVE-2022-34328 | 1 Pmb Project | 1 Pmb | 2022-06-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. | |||||
| CVE-2022-34299 | 1 Libdwarf Project | 1 Libdwarf | 2022-06-29 | 5.8 MEDIUM | 8.1 HIGH |
| There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b. | |||||
| CVE-2017-20088 | 1 Bytesforall | 1 Atahualpa | 2022-06-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. | |||||
| CVE-2022-31009 | 1 Wire | 1 Wire | 2022-06-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The root cause was an unnecessary assert statement when converting an integer value into the corresponding enum value, causing an exception instead of a fallback to a default value. This issue is fixed in [wire-ios](https://github.com/wireapp/wire-ios/commit/caa0e27dbe51f9edfda8c7a9f017d93b8cfddefb) and in Wire for iOS 3.100. There is no workaround available, but users may use other Wire clients (such as the [web app](https://app.wire.com)) to continue using Wire, or upgrade their client. | |||||
| CVE-2022-32393 | 1 Prison Management System Project | 1 Prison Management System | 2022-06-29 | 6.5 MEDIUM | 8.8 HIGH |
| Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4 | |||||
| CVE-2022-32392 | 1 Prison Management System Project | 1 Prison Management System | 2022-06-29 | 6.5 MEDIUM | 8.8 HIGH |
| Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:4 | |||||
| CVE-2022-32391 | 1 Prison Management System Project | 1 Prison Management System | 2022-06-29 | 6.5 MEDIUM | 8.8 HIGH |
| Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/view_action.php:4 | |||||