Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27673 | 1 Tribalsystems | 1 Zenario | 2022-05-23 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component. | |||||
| CVE-2021-27291 | 3 Debian, Fedoraproject, Pygments | 3 Debian Linux, Fedora, Pygments | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. | |||||
| CVE-2021-27308 | 1 4homepages | 1 4images | 2022-05-23 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter. | |||||
| CVE-2021-27358 | 2 Grafana, Netapp | 2 Grafana, E-series Performance Analyzer | 2022-05-23 | 5.0 MEDIUM | 7.5 HIGH |
| The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. | |||||
| CVE-2021-27803 | 3 Debian, Fedoraproject, W1.fi | 3 Debian Linux, Fedora, Wpa Supplicant | 2022-05-23 | 5.4 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. | |||||
| CVE-2021-27351 | 1 Telegram | 1 Telegram | 2022-05-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Terminate Session feature in the Telegram application through 7.2.1 for Android, and through 2.4.7 for Windows and UNIX, fails to invalidate a recently active session. | |||||
| CVE-2021-3189 | 1 Google | 1 Slashify | 2022-05-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| The slashify package 1.0.0 for Node.js allows open-redirect attacks, as demonstrated by a localhost:3000///example.com/ substring. | |||||
| CVE-2022-0860 | 2 Cobbler Project, Fedoraproject | 2 Cobbler, Fedora | 2022-05-23 | 6.4 MEDIUM | 9.1 CRITICAL |
| Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. | |||||
| CVE-2021-26910 | 2 Debian, Firejail Project | 2 Debian Linux, Firejail | 2022-05-23 | 6.9 MEDIUM | 7.0 HIGH |
| Firejail before 0.9.64.4 allows attackers to bypass intended access restrictions because there is a TOCTOU race condition between a stat operation and an OverlayFS mount operation. | |||||
| CVE-2021-26675 | 3 Debian, Intel, Opensuse | 3 Debian Linux, Connman, Leap | 2022-05-23 | 5.8 MEDIUM | 8.8 HIGH |
| A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code. | |||||
| CVE-2021-41965 | 1 Churchcrm | 1 Churchcrm | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed. | |||||
| CVE-2022-28929 | 1 Hospital Management System Project | 1 Hospital Management System | 2022-05-23 | 7.5 HIGH | 9.8 CRITICAL |
| Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. | |||||
| CVE-2022-23166 | 1 Sysaid | 1 Sysaid | 2022-05-23 | 10.0 HIGH | 9.8 CRITICAL |
| Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path. in the "Insert/Edit Embedded Media" window Choose Type : iFrame and File/URL : [here is the LFI] Solution: Update to 22.2.20 cloud version, or to 22.1.64 on premise version. | |||||
| CVE-2022-23165 | 1 Sysaid | 1 Sysaid | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability. For an attacker to exploit this Cross-Site Scripting vulnerability, it's necessary for the affected product to expose the Offline Help Pages. An attacker may gain access to sensitive information or execute client-side code in the browser session of the victim user. Furthermore, an attacker would require the victim to open a malicious link. An attacker may exploit this vulnerability in order to perform phishing attacks. The attacker can receive sensitive data like server details, usernames, workstations, etc. He can also perform actions such as uploading files, deleting calls from the system | |||||
| CVE-2022-23139 | 1 Zte | 2 Zxmp M721, Zxmp M721 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could actually obtain higher operating permissions on key files. | |||||
| CVE-2022-22797 | 1 Sysaid | 1 Sysaid | 2022-05-23 | 5.8 MEDIUM | 6.1 MEDIUM |
| Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. | |||||
| CVE-2022-22393 | 1 Ibm | 1 Websphere Application Server | 2022-05-23 | 3.5 LOW | 6.5 MEDIUM |
| IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server. IBM X-Force ID: 222078. | |||||
| CVE-2021-23972 | 1 Mozilla | 1 Firefox | 2022-05-23 | 6.8 MEDIUM | 8.8 HIGH |
| One phishing tactic on the web is to provide a link with HTTP Auth. For example 'https://www.phishingtarget.com@evil.com'. To mitigate this type of attack, Firefox will display a warning dialog; however, this warning dialog would not have been displayed if evil.com used a redirect that was cached by the browser. This vulnerability affects Firefox < 86. | |||||
| CVE-2021-23974 | 1 Mozilla | 1 Firefox | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The DOMParser API did not properly process '<noscript>' elements for escaping. This could be used as an mXSS vector to bypass an HTML Sanitizer. This vulnerability affects Firefox < 86. | |||||
| CVE-2022-22325 | 1 Ibm | 1 Mq For Hpe Nonstop | 2022-05-23 | 1.9 LOW | 5.5 MEDIUM |
| IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853. | |||||