Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31028 | 1 Minio | 1 Minio | 2022-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| MinIO is a multi-cloud object storage solution. Starting with version RELEASE.2019-09-25T18-25-51Z and ending with version RELEASE.2022-06-02T02-11-04Z, MinIO is vulnerable to an unending go-routine buildup while keeping connections established due to HTTP clients not closing the connections. Public-facing MinIO deployments are most affected. Users should upgrade to RELEASE.2022-06-02T02-11-04Z to receive a patch. One possible workaround is to use a reverse proxy to limit the number of connections being attempted in front of MinIO, and actively rejecting connections from such malicious clients. | |||||
| CVE-2021-23727 | 2 Celeryproject, Fedoraproject | 3 Celery, Extra Packages For Enterprise Linux, Fedora | 2022-06-14 | 6.0 MEDIUM | 7.5 HIGH |
| This affects the package celery before 5.2.2. It by default trusts the messages and metadata stored in backends (result stores). When reading task metadata from the backend, the data is deserialized. Given that an attacker can gain access to, or somehow manipulate the metadata within a celery backend, they could trigger a stored command injection vulnerability and potentially gain further access to the system. | |||||
| CVE-2021-43560 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-06-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action events. | |||||
| CVE-2021-43559 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-06-14 | 6.8 MEDIUM | 8.8 HIGH |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. The "delete related badge" functionality did not include the necessary token check to prevent a CSRF risk. | |||||
| CVE-2021-43558 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. | |||||
| CVE-2020-27842 | 5 Debian, Fedoraproject, Oracle and 2 more | 11 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 8 more | 2022-06-14 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An attacker who is able to provide crafted input to be processed by openjpeg could cause a null pointer dereference. The highest impact of this flaw is to application availability. | |||||
| CVE-2022-31495 | 1 Librehealth | 1 Librehealth Ehr | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. | |||||
| CVE-2022-32291 | 1 Realnetworks | 1 Realplayer | 2022-06-14 | 6.8 MEDIUM | 8.8 HIGH |
| In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. | |||||
| CVE-2022-30738 | 1 Samsung | 1 Internet | 2022-06-14 | 4.3 MEDIUM | 4.3 MEDIUM |
| Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. | |||||
| CVE-2022-30730 | 1 Samsung | 1 Samsung Pass | 2022-06-14 | 2.1 LOW | 4.6 MEDIUM |
| Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. | |||||
| CVE-2022-29773 | 1 Aleksis | 1 Aleksis | 2022-06-14 | 3.5 LOW | 6.5 MEDIUM |
| An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. | |||||
| CVE-2019-9971 | 2 3cx, Debian | 3 Phone System, Phone System Firmware, Debian Linux | 2022-06-14 | 9.0 HIGH | 8.8 HIGH |
| PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo. | |||||
| CVE-2019-9972 | 2 3cx, Debian | 3 Phone System, Phone System Firmware, Debian Linux | 2022-06-14 | 9.0 HIGH | 8.8 HIGH |
| PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling. | |||||
| CVE-2021-32997 | 1 Bakerhughes | 10 Bentley Nevada 3500\/22m \(288055-01\), Bentley Nevada 3500\/22m \(288055-01\) Firmware, Bentley Nevada 3500 Rack Configuration \(129133-01\) and 7 more | 2022-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access. | |||||
| CVE-2022-29778 | 1 Dlink | 2 Dir-890l, Dir-890l Firmware | 2022-06-14 | 6.5 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter 'descriptor' at SetVirtualServerSettings.php. | |||||
| CVE-2022-30860 | 1 Fudforum | 1 Fudforum | 2022-06-14 | 6.5 MEDIUM | 7.2 HIGH |
| FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel. | |||||
| CVE-2022-30861 | 1 Fudforum | 1 Fudforum | 2022-06-14 | 3.5 LOW | 4.8 MEDIUM |
| FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature. | |||||
| CVE-2021-42245 | 1 Flatcore | 1 Flatcore-cms | 2022-06-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. | |||||
| CVE-2021-39293 | 2 Golang, Netapp | 2 Go, Cloud Insights Telegraf | 2022-06-14 | 5.0 MEDIUM | 7.5 HIGH |
| In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. | |||||
| CVE-2020-27304 | 2 Civetweb Project, Siemens | 2 Civetweb, Sinec Infrastructure Network Services | 2022-06-14 | 7.5 HIGH | 9.8 CRITICAL |
| The CivetWeb web library does not validate uploaded filepaths when running on an OS other than Windows, when using the built-in HTTP form-based file upload mechanism, via the mg_handle_form_request API. Web applications that use the file upload form handler, and use parts of the user-controlled filename in the output path, are susceptible to directory traversal | |||||