Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41750 | 1 Nystudio107 | 1 Seomatic | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension. | |||||
| CVE-2022-26041 | 1 Generex | 1 Rccmd | 2022-06-17 | 5.5 MEDIUM | 6.5 MEDIUM |
| Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors. | |||||
| CVE-2022-27231 | 1 Veronalabs | 1 Wp Statistics | 2022-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the website using the product. | |||||
| CVE-2020-8177 | 4 Debian, Fujitsu, Haxx and 1 more | 15 Debian Linux, M10-1, M10-1 Firmware and 12 more | 2022-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |||||
| CVE-2022-25863 | 1 Gatsbyjs | 1 Gatsby | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization. Exploiting this vulnerability is possible when passing input in both webpack (MDX files in src/pages or MDX file imported as a component in frontend / React code) and data mode (querying MDX nodes via GraphQL). Workaround: If an older version of gatsby-plugin-mdx must be used, input passed into the plugin should be sanitized ahead of processing. | |||||
| CVE-2022-24429 | 1 Convert-svg-core Project | 1 Convert-svg-core | 2022-06-17 | 6.8 MEDIUM | 7.8 HIGH |
| The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file. | |||||
| CVE-2017-20037 | 1 Sicunet | 1 Access Control | 2022-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument c leads to privilege escalation. The attack can be launched remotely. | |||||
| CVE-2017-20038 | 1 Sicunet | 1 Access Control | 2022-06-17 | 7.5 HIGH | 8.8 HIGH |
| A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical. Affected by this issue is some unknown functionality of the file card_scan_decoder.php. The manipulation of the argument No/door leads to privilege escalation. The attack may be launched remotely. | |||||
| CVE-2022-24376 | 1 Git-promise Project | 1 Git-promise | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package. **Note:** Please note that the vulnerability will not be fixed. The README file was updated with a warning regarding this issue. | |||||
| CVE-2022-24278 | 1 Convert-svg Project | 1 Convert-svg | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. | |||||
| CVE-2017-20039 | 1 Sicunet | 1 Access Control | 2022-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been classified as very critical. This affects an unknown part. The manipulation leads to weak authentication. It is possible to initiate the attack remotely. | |||||
| CVE-2017-20040 | 1 Sicunet | 1 Access Control | 2022-06-17 | 2.1 LOW | 5.5 MEDIUM |
| A vulnerability was found in SICUNET Access Controller 0.32-05z. It has been declared as problematic. This vulnerability affects unknown code of the component Password Storage. The manipulation leads to weak encryption. Attacking locally is a requirement. | |||||
| CVE-2022-31287 | 1 Axiosys | 1 Bento4 | 2022-06-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Bento4 v1.2. There is an allocation size request error in /Ap4RtpAtom.cpp. | |||||
| CVE-2022-31285 | 1 Axiosys | 1 Bento4 | 2022-06-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Bento4 1.2. The allocator is out of memory in /Source/C++/Core/Ap4Array.h. | |||||
| CVE-2022-31282 | 1 Axiosys | 1 Bento4 | 2022-06-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175. | |||||
| CVE-2021-41502 | 1 Intelliants | 1 Subrion Cms | 2022-06-17 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute. | |||||
| CVE-2022-30780 | 1 Lighttpd | 1 Lighttpd | 2022-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers. | |||||
| CVE-2021-41738 | 1 Zeroshell | 1 Zeroshell | 2022-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands. | |||||
| CVE-2018-17240 | 1 Netwavepr | 4 Indoor Ip Camera, Indoor Ip Camera Firmware, Outdoor Ip Camera and 1 more | 2022-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password). | |||||
| CVE-2022-25851 | 1 Jpeg-js Project | 1 Jpeg-js | 2022-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return. | |||||