Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28913 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. | |||||
| CVE-2022-28912 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. | |||||
| CVE-2022-28911 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. | |||||
| CVE-2022-28910 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. | |||||
| CVE-2022-28909 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx. | |||||
| CVE-2022-28908 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. | |||||
| CVE-2022-28907 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. | |||||
| CVE-2022-28906 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. | |||||
| CVE-2022-28905 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. | |||||
| CVE-2022-1209 | 1 Ultimatemember | 1 Ultimate Member | 2022-05-16 | 3.5 LOW | 5.4 MEDIUM |
| The Ultimate Member plugin for WordPress is vulnerable to open redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1 granted the victim clicks on a social icon on a user's profile page. | |||||
| CVE-2022-1537 | 1 Gruntjs | 1 Grunt | 2022-05-16 | 6.9 MEDIUM | 7.0 HIGH |
| file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user's .bashrc file or replace /etc/shadow file if the GruntJS user is root. | |||||
| CVE-2022-1397 | 1 Easyappointments | 1 Easyappointments | 2022-05-16 | 9.0 HIGH | 8.8 HIGH |
| API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover. | |||||
| CVE-2022-29591 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2022-05-16 | 10.0 HIGH | 9.8 CRITICAL |
| Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow. | |||||
| CVE-2021-42645 | 1 Cmsimple-xh | 1 Cmsimple Xh | 2022-05-16 | 10.0 HIGH | 10.0 CRITICAL |
| CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the "File" parameter to upload a PHP payload to get a reverse shell from the vulnerable host. | |||||
| CVE-2021-39700 | 1 Google | 1 Android | 2022-05-16 | 2.1 LOW | 5.5 MEDIUM |
| In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201645790 | |||||
| CVE-2022-22319 | 2 Ibm, Microsoft | 3 Robotic Process Automation, Robotic Process Automation As A Service, Windows | 2022-05-16 | 5.5 MEDIUM | 5.4 MEDIUM |
| IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366. | |||||
| CVE-2022-29167 | 1 Mozilla | 1 Hawk | 2022-05-16 | 5.0 MEDIUM | 7.5 HIGH |
| Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`. | |||||
| CVE-2021-23592 | 1 Thinkphp | 1 Thinkphp | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class. | |||||
| CVE-2021-39023 | 1 Ibm | 1 Guardium Data Encryption | 2022-05-16 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860. | |||||
| CVE-2022-0783 | 1 Themehigh | 1 Multiple Shipping Addresses For Woocommerce | 2022-05-16 | 7.5 HIGH | 9.8 CRITICAL |
| The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections | |||||