Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-26148 | 2 Grafana, Redhat | 3 Grafana, Ceph Storage, Storage | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address. | |||||
CVE-2022-28584 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2022-05-12 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28583 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2022-05-12 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28582 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2022-05-12 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28581 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2022-05-12 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28580 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2022-05-12 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28578 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2022-05-12 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28577 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2022-05-12 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. | |||||
CVE-2022-28575 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2022-05-12 | 10.0 HIGH | 9.8 CRITICAL |
It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload | |||||
CVE-2021-25268 | 1 Sophos | 2 Firewall, Firewall Firmware | 2022-05-12 | 6.0 MEDIUM | 8.4 HIGH |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. | |||||
CVE-2021-25267 | 1 Sophos | 2 Firewall, Firewall Firmware | 2022-05-12 | 8.5 HIGH | 8.4 HIGH |
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. | |||||
CVE-2022-29592 | 1 Tenda | 2 Tx9 Pro, Tx9 Pro Firmware | 2022-05-12 | 10.0 HIGH | 9.8 CRITICAL |
Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route). | |||||
CVE-2022-28606 | 1 Bosscms | 1 Bosscms | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server. | |||||
CVE-2022-28120 | 1 Rainier | 1 Open Virtual Simulation Experiment Teaching Management Platform | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server. | |||||
CVE-2022-27411 | 1 Totolink | 2 N600r, N600r Firmware | 2022-05-12 | 10.0 HIGH | 9.8 CRITICAL |
TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the "Main" function. | |||||
CVE-2022-27360 | 1 Bladex | 1 Springblade | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. | |||||
CVE-2022-27634 | 1 F5 | 1 Big-ip Access Policy Manager | 2022-05-12 | 6.5 MEDIUM | 7.2 HIGH |
On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
CVE-2022-27588 | 1 Qnap | 1 Qvr | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later | |||||
CVE-2022-27495 | 1 F5 | 1 Nginx Service Mesh | 2022-05-12 | 3.3 LOW | 6.5 MEDIUM |
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
CVE-2021-38487 | 1 Rti | 3 Connext Dds Micro, Connext Dds Professional, Connext Dds Secure | 2022-05-12 | 6.4 MEDIUM | 9.1 CRITICAL |
RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. |