Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-29037 | 1 Jenkins | 1 Cvs | 2022-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins CVS Plugin 2.19 and earlier does not escape the name and description of CVS Symbolic Name parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2019-6834 | 1 Schneider-electric | 1 Software Update | 2022-04-20 | 9.3 HIGH | 7.8 HIGH |
| A CWE-502: Deserialization of Untrusted Data vulnerability exists which could allow an attacker to execute arbitrary code on the targeted system with SYSTEM privileges when placing a malicious user to be authenticated for this vulnerability to be successfully exploited. Affected Product: Schneider Electric Software Update (SESU) SUT Service component (V2.1.1 to V2.3.0) | |||||
| CVE-2022-29036 | 1 Jenkins | 1 Credentials | 2022-04-20 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2022-27655 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a user opens a manipulated Universal 3D (.u3d, 3difr.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-27256 | 1 Hubzilla | 1 Hubzilla | 2022-04-20 | 5.8 MEDIUM | 6.1 MEDIUM |
| A PHP Local File inclusion vulnerability in the Redbasic theme for Hubzilla before version 7.2 allows remote attackers to include arbitrary php files via the schema parameter. | |||||
| CVE-2022-27654 | 1 Sap | 1 3d Visual Enterprise Viewer | 2022-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a user opens a manipulated Photoshop Document (.psd, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. | |||||
| CVE-2022-26643 | 1 Johnsoncontrols | 1 Easyio Cpt Graphics | 2022-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue in EasyIO CPT Graphics v0.8 allows attackers to discover valid users in the application. | |||||
| CVE-2022-27671 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2022-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CSRF token visible in the URL may possibly lead to information disclosure vulnerability. | |||||
| CVE-2022-24308 | 4 Apple, Automox, Linux and 1 more | 4 Macos, Automox, Linux Kernel and 1 more | 2022-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Automox Agent prior to version 37 on Windows and Linux and Version 36 on OSX could allow for a non privileged user to obtain sensitive information during the install process. | |||||
| CVE-2022-26589 | 1 Pluck-cms | 1 Pluck | 2022-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| A Cross-Site Request Forgery (CSRF) in Pluck CMS v4.7.15 allows attackers to delete arbitrary pages. | |||||
| CVE-2021-43741 | 1 Cmsimple | 1 Cmsimple | 2022-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution. | |||||
| CVE-2022-26144 | 1 Mantisbt | 1 Mantisbt | 2022-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in MantisBT before 2.25.3. Improper escaping of a Plugin name allows execution of arbitrary code (if CSP allows it) in manage_plugin_page.php and manage_plugin_uninstall.php when a crafted plugin is installed. | |||||
| CVE-2022-24248 | 1 Ritecms | 1 Ritecms | 2022-04-20 | 8.5 HIGH | 6.5 MEDIUM |
| RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints. | |||||
| CVE-2022-1339 | 1 Pimcore | 1 Pimcore | 2022-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| SQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data | |||||
| CVE-2022-27419 | 1 Rtl 433 Project | 1 Rtl 433 | 2022-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| rtl_433 21.12 was discovered to contain a stack overflow in the function acurite_00275rm_decode at /devices/acurite.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file. | |||||
| CVE-2020-29653 | 1 Froxlor | 1 Froxlor | 2022-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET parameter. The value of this parameter is reflected in the login webpage, allowing the injection of arbitrary HTML tags. | |||||
| CVE-2022-24413 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 3.3 LOW | 3.6 LOW |
| Dell PowerScale OneFS, versions 8.2.2-9.3.x, contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem could potentially exploit this vulnerability, leading to data loss. | |||||
| CVE-2022-27475 | 1 Hotel Management System Project | 1 Hotel Management System | 2022-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded. | |||||
| CVE-2022-24412 | 1 Dell | 1 Emc Powerscale Onefs | 2022-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC PowerScale OneFS 8.2.x - 9.3.0.x contain an improper handling of value vulnerability. An unprivileged network attacker could potentially exploit this vulnerability, leading to denial-of-service. | |||||
| CVE-2022-29268 | 2022-04-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||