Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-12354 | 1 Zzcms | 1 Zzcms | 2022-06-28 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter. | |||||
| CVE-2022-31876 | 1 Netgear | 2 Wnap320, Wnap320 Firmware | 2022-06-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. | |||||
| CVE-2022-31875 | 1 Trendnet | 2 Tv-ip110wn, Tv-ip110wn Firmware | 2022-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi | |||||
| CVE-2019-12353 | 1 Zzcms | 1 Zzcms | 2022-06-28 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter. | |||||
| CVE-2022-31874 | 1 Asus | 2 Rt-n53, Rt-n53 Firmware | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface. | |||||
| CVE-2022-25872 | 1 Fast String Search Project | 1 Fast String Search | 2022-06-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory. | |||||
| CVE-2022-25871 | 1 Querymen Project | 1 Querymen | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867). | |||||
| CVE-2022-33750 | 1 Broadcom | 1 Ca Automic Automation | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands. | |||||
| CVE-2022-33739 | 1 Broadcom | 1 Ca Clarity | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system. | |||||
| CVE-2022-32276 | 1 Grafana | 1 Grafana | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI. NOTE: the vendor considers this a UI bug, not a vulnerability. | |||||
| CVE-2022-24436 | 1 Intel | 1 * | 2022-06-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access. | |||||
| CVE-2022-25856 | 1 Argo Events Project | 1 Argo Events | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as ... | |||||
| CVE-2022-25852 | 2 Libpq Project, Pg-native Project | 2 Libpq, Pg-native | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail. This happens for every non-array argument passed. **Note:** pg-native is a mere binding to npm's libpq library, which in turn has the addons and bindings to the actual C libpq library. This means that problems found in pg-native may transitively impact npm's libpq. | |||||
| CVE-2022-21213 | 1 Moutjs | 1 Mout | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7792](https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544). | |||||
| CVE-2022-29496 | 1 Blynk | 1 Blynk-library | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability. | |||||
| CVE-2022-33912 | 1 Tribe29 | 1 Checkmk | 2022-06-28 | 7.2 HIGH | 7.8 HIGH |
| A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected. | |||||
| CVE-2022-21806 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network. | |||||
| CVE-2022-2134 | 1 Inventree Project | 1 Inventree | 2022-06-28 | 4.3 MEDIUM | 6.5 MEDIUM |
| Denial of Service in GitHub repository inventree/inventree prior to 0.8.0. | |||||
| CVE-2021-40903 | 1 Antminer Monitor Project | 1 Antminer Monitor | 2022-06-28 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static. | |||||
| CVE-2017-20056 | 1 Intechnosoftware | 1 User Login Log | 2022-06-28 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Stored). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||