Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-7184 | 1 Qnap | 2 Qts, Video Station | 2023-01-30 | 3.5 LOW | 4.8 MEDIUM |
| This cross-site scripting (XSS) vulnerability in Video Station allows remote attackers to inject and execute scripts on the administrator’s management console. To fix this vulnerability, QNAP recommend updating Video Station to their latest versions. | |||||
| CVE-2022-23538 | 1 Sylabs | 1 Singularity Container Services Library | 2023-01-30 | N/A | 7.6 HIGH |
| github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectly leaked to an S3 backing storage provider. This occurs in a specific flow, where the library service redirects the client to a backing S3 storage server, to perform a multi-part concurrent download. Depending on site configuration, the S3 service may be provided by a third party. An attacker with access to the S3 service may be able to extract user credentials, allowing them to impersonate the user. The vulnerable multi-part concurrent download flow, with redirect to S3, is only used when communicating with a Singularity Enterprise 1.x installation, or third party server implementing this flow. Interaction with Singularity Enterprise 2.x, and Singularity Container Services (cloud.sylabs.io), does not trigger the vulnerable flow. We encourage all users to update. Users who interact with a Singularity Enterprise 1.x installation, using a 3rd party S3 storage service, are advised to revoke and recreate their authentication tokens within Singularity Enterprise. There is no workaround available at this time. | |||||
| CVE-2022-35224 | 1 Sap | 1 Enterprise Portal | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This attack can be used to non-permanently deface or modify portal content. The execution of script content by a victim registered on the portal could compromise the confidentiality and integrity of victim?s web browser session. | |||||
| CVE-2022-32249 | 1 Sap | 1 Business One | 2023-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials) | |||||
| CVE-2022-29412 | 1 Hermit Project | 1 Hermit | 2023-01-30 | 5.8 MEDIUM | 5.4 MEDIUM |
| Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. | |||||
| CVE-2022-29411 | 1 Hermit Project | 1 Hermit | 2023-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers to execute SQLi attack via (&id). | |||||
| CVE-2022-29410 | 1 Hermit Project | 1 Hermit | 2023-01-30 | 6.5 MEDIUM | 8.8 HIGH |
| Authenticated SQL Injection (SQLi) vulnerability in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). | |||||
| CVE-2022-4300 | 1 Xjd2020 | 1 Fastcms | 2023-01-30 | N/A | 8.8 HIGH |
| A vulnerability was found in FastCMS. It has been rated as critical. This issue affects some unknown processing of the file /template/edit of the component Template Handler. The manipulation leads to injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214901 was assigned to this vulnerability. | |||||
| CVE-2022-29413 | 1 Hermit Project | 1 Hermit | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng's Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter. | |||||
| CVE-2020-6311 | 1 Sap | 2 Bank Analyzer, S\/4hana For Financial Products Subledger | 2023-01-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version ? 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data. | |||||
| CVE-2021-23450 | 3 Debian, Linuxfoundation, Oracle | 5 Debian Linux, Dojo, Communications Policy Management and 2 more | 2023-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. | |||||
| CVE-2021-3805 | 2 Debian, Object-path Project | 2 Debian Linux, Object-path | 2023-01-30 | 5.0 MEDIUM | 7.5 HIGH |
| object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') | |||||
| CVE-2021-23434 | 2 Debian, Object-path Project | 2 Debian Linux, Object-path | 2023-01-30 | 7.5 HIGH | 8.6 HIGH |
| This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular, the condition currentPath === '__proto__' returns false if currentPath is ['__proto__']. This is because the === operator returns always false when the type of the operands is different. | |||||
| CVE-2020-6324 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700,701,720,730,731,740,750,751,752,753,754,755, allows an unauthenticated attacker to send polluted URL to the victim, when the victim clicks on this URL, the attacker can read, modify the information available in the victim?s browser leading to Reflected Cross Site Scripting. | |||||
| CVE-2022-31595 | 1 Sap | 1 Adaptive Server Enterprise | 2023-01-30 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | |||||
| CVE-2019-15833 | 1 Simple Mail Address Encoder Project | 1 Simple Mail Address Encoder | 2023-01-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. | |||||
| CVE-2022-37155 | 1 Spip | 1 Spip | 2023-01-30 | N/A | 8.8 HIGH |
| RCE in SPIP 3.1.13 through 4.1.2 allows remote authenticated users to execute arbitrary code via the _oups parameter. | |||||
| CVE-2020-22655 | 1 Ruckuswireless | 28 R310, R310 Firmware, R500 and 25 more | 2023-01-30 | N/A | 7.5 HIGH |
| In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to persistently to writing unauthorized image. | |||||
| CVE-2020-22656 | 1 Ruckuswireless | 28 R310, R310 Firmware, R500 and 25 more | 2023-01-30 | N/A | 7.5 HIGH |
| In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to make the Secure Boot in failed attempts state (rfwd). | |||||
| CVE-2016-1018 | 5 Adobe, Apple, Google and 2 more | 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more | 2023-01-30 | 9.3 HIGH | 8.8 HIGH |
| Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via crafted JPEG-XR data. | |||||