Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30814 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. | |||||
| CVE-2022-30813 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. | |||||
| CVE-2022-30810 | 1 Elitecms | 1 Elite Cms | 2022-06-10 | 7.5 HIGH | 9.8 CRITICAL |
| elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. | |||||
| CVE-2022-31007 | 1 Elabftw | 1 Elabftw | 2022-06-10 | 6.5 MEDIUM | 7.2 HIGH |
| eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts. | |||||
| CVE-2022-31011 | 1 Pingcap | 1 Tidb | 2022-06-10 | 4.6 MEDIUM | 7.8 HIGH |
| TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time. | |||||
| CVE-2022-30540 | 1 Hornerautomation | 1 Cscape | 2022-06-10 | 6.8 MEDIUM | 7.8 HIGH |
| The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code | |||||
| CVE-2022-30425 | 1 Tenda | 2 Hg6, Hg6 Firmware | 2022-06-09 | 9.0 HIGH | 8.8 HIGH |
| Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request. | |||||
| CVE-2022-30423 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. | |||||
| CVE-2022-30352 | 1 Phpabook Project | 1 Phpabook | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the "auth_user" parameter in index.php script. | |||||
| CVE-2022-30349 | 1 Sscms | 1 Siteserver Cms | 2022-06-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2022-30324 | 1 Hashicorp | 1 Nomad | 2022-06-09 | 7.5 HIGH | 9.8 CRITICAL |
| HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. | |||||
| CVE-2022-30277 | 1 Bd | 1 Synapsys | 2022-06-09 | 3.6 LOW | 5.7 MEDIUM |
| BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). | |||||
| CVE-2022-29788 | 1 Libmobi Project | 1 Libmobi | 2022-06-09 | 4.3 MEDIUM | 6.5 MEDIUM |
| libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. | |||||
| CVE-2022-29733 | 1 Deltacontrols | 2 Entelitouch, Entelitouch Firmware | 2022-06-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack. | |||||
| CVE-2022-29735 | 1 Deltacontrols | 2 Entelitouch, Entelitouch Firmware | 2022-06-09 | 6.8 MEDIUM | 8.8 HIGH |
| Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. | |||||
| CVE-2022-23082 | 1 Mend | 1 Curekit | 2022-06-09 | 5.0 MEDIUM | 7.5 HIGH |
| In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal. | |||||
| CVE-2022-1808 | 1 Trudesk Project | 1 Trudesk | 2022-06-09 | 6.5 MEDIUM | 8.8 HIGH |
| Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. | |||||
| CVE-2022-29780 | 1 Nginx | 1 Njs | 2022-06-09 | 2.1 LOW | 5.5 MEDIUM |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. | |||||
| CVE-2022-29779 | 1 Nginx | 1 Njs | 2022-06-09 | 2.1 LOW | 5.5 MEDIUM |
| Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. | |||||
| CVE-2022-29734 | 1 Ict | 2 Protege Gx, Protege Wx | 2022-06-09 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | |||||