Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-20150 | 1 Challenge Website Project | 1 Challenge Website | 2023-01-06 | N/A | 8.8 HIGH |
| A vulnerability was found in challenge website. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to sql injection. The name of the patch is f1644b1d3502e5aa5284f31ea80d2623817f4d42. It is recommended to apply a patch to fix this issue. The identifier VDB-216989 was assigned to this vulnerability. | |||||
| CVE-2022-4817 | 1 Jgit-cookbook Project | 1 Jgit-cookbook | 2023-01-06 | N/A | 7.8 HIGH |
| A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988. | |||||
| CVE-2019-25092 | 1 Mellivora Project | 1 Mellivora | 2023-01-06 | N/A | 4.8 MEDIUM |
| A vulnerability classified as problematic was found in Nakiami Mellivora up to 2.1.x. Affected by this vulnerability is the function print_user_ip_log of the file include/layout/user.inc.php of the component Admin Panel. The manipulation of the argument $entry['ip'] leads to cross site scripting. The attack can be launched remotely. Upgrading to version 2.2.0 is able to address this issue. The name of the patch is e0b6965f8dde608a3d2621617c05695eb406cbb9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216955. | |||||
| CVE-2018-25054 | 1 Shredzone | 1 Cilla | 2023-01-06 | N/A | 5.4 MEDIUM |
| A vulnerability was found in shred cilla. It has been classified as problematic. Affected is an unknown function of the file cilla-xample/src/main/webapp/WEB-INF/jsp/view/search.jsp of the component Search Handler. The manipulation of the argument details leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is d345e6bc7798bd717a583ec7f545ca387819d5c7. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216960. | |||||
| CVE-2022-4779 | 1 Elvexys | 1 Streamx | 2023-01-06 | N/A | 9.8 CRITICAL |
| StreamX applications from versions 6.02.01 to 6.04.34 are affected by a logic bug that allows to bypass the implemented authentication scheme. StreamX applications using StreamView HTML component with the public web server feature activated are affected. | |||||
| CVE-2022-4773 | 1 Cloudsync Project | 1 Cloudsync | 2023-01-06 | N/A | 3.3 LOW |
| ** UNSUPPPORTED WHEN ASSIGNED **** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in cloudsync. Affected by this vulnerability is the function getItem of the file src/main/java/cloudsync/connector/LocalFilesystemConnector.java. The manipulation leads to path traversal. It is possible to launch the attack on the local host. The name of the patch is 3ad796833398af257c28e0ebeade68518e0e612a. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216919. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-36563 | 1 Robotsandpencils | 1 Go-saml | 2023-01-06 | N/A | 5.3 MEDIUM |
| XML Digital Signatures generated and validated using this package use SHA-1, which may allow an attacker to craft inputs which cause hash collisions depending on their control over the input. | |||||
| CVE-2022-41967 | 1 Hypera | 1 Dragonfly | 2023-01-06 | N/A | 7.5 HIGH |
| Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versions are being resolved, this vulnerability may be avoided by not trying to resolve `SNAPSHOT` versions. | |||||
| CVE-2022-46172 | 1 Goauthentik | 1 Authentik | 2023-01-06 | N/A | 6.4 MEDIUM |
| authentik is an open-source Identity provider focused on flexibility and versatility. In versions prior to 2022.10.4, and 2022.11.4, any authenticated user can create an arbitrary number of accounts through the default flows. This would circumvent any policy in a situation where it is undesirable for users to create new accounts by themselves. This may also affect other applications as these new basic accounts would exist throughout the SSO infrastructure. By default the newly created accounts cannot be logged into as no password reset exists by default. However password resets are likely to be enabled by most installations. This vulnerability pertains to the user context used in the default-user-settings-flow, /api/v3/flows/instances/default-user-settings-flow/execute/. This issue has been fixed in versions 2022.10.4 and 2022.11.4. | |||||
| CVE-2020-36562 | 1 Dht Project | 1 Dht | 2023-01-06 | N/A | 7.5 HIGH |
| Due to unchecked type assertions, maliciously crafted messages can cause panics, which may be used as a denial of service vector. | |||||
| CVE-2022-41966 | 1 Xstream Project | 1 Xstream | 2023-01-06 | N/A | 7.5 HIGH |
| XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable. | |||||
| CVE-2022-4778 | 1 Elvexys | 1 Streamx | 2023-01-06 | N/A | 6.5 MEDIUM |
| StreamX applications from versions 6.02.01 to 6.04.34 are affected by a path traversal vulnerability that allows authenticated users to get unauthorized access to files on the server's filesystem. StreamX applications using StreamView HTML component with the public web server feature activated are affected. | |||||
| CVE-2020-36559 | 1 Aahframework | 1 Aah | 2023-01-06 | N/A | 7.5 HIGH |
| Due to improper santization of user input, HTTPEngine.Handle allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read. | |||||
| CVE-2019-25073 | 1 Goa.design | 1 Goa | 2023-01-06 | N/A | 7.5 HIGH |
| Improper path santiziation in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory. | |||||
| CVE-2018-25050 | 1 Getharvest | 1 Chosen | 2023-01-06 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in Harvest Chosen up to 1.8.6. Affected by this issue is the function AbstractChosen of the file coffee/lib/abstract-chosen.coffee. The manipulation of the argument group_label leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.8.7 is able to address this issue. The name of the patch is 77fd031d541e77510268d1041ed37798fdd1017e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216956. | |||||
| CVE-2021-4295 | 1 Healthit | 1 Code-validator-api | 2023-01-06 | N/A | 9.8 CRITICAL |
| A vulnerability classified as problematic was found in ONC code-validator-api up to 1.0.30. This vulnerability affects the function vocabularyValidationConfigurations of the file src/main/java/org/sitenv/vocabularies/configuration/CodeValidatorApiConfiguration.java of the component XML Handler. The manipulation leads to xml external entity reference. Upgrading to version 1.0.31 is able to address this issue. The name of the patch is fbd8ea121755a2d3d116b13f235bc8b61d8449af. It is recommended to upgrade the affected component. VDB-217018 is the identifier assigned to this vulnerability. | |||||
| CVE-2019-25072 | 1 Tendermint | 1 Tendermint | 2023-01-06 | N/A | 7.5 HIGH |
| Due to support of Gzip compression in request bodies, as well as a lack of limiting response body sizes, a malicious server can cause a client to consume a significant amount of system resources, which may be used as a denial of service vector. | |||||
| CVE-2021-4296 | 1 W3 | 1 Unicorn | 2023-01-06 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in w3c Unicorn. This issue affects the function ValidatorNuMessage of the file src/org/w3c/unicorn/response/impl/ValidatorNuMessage.java. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 51f75c31f7fc33859a9a571311c67ae4e95d9c68. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217019. | |||||
| CVE-2019-25091 | 1 Nsupdate | 1 Nsupdate.info | 2023-01-06 | N/A | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in nsupdate.info. This affects an unknown part of the file src/nsupdate/settings/base.py of the component CSRF Cookie Handler. The manipulation of the argument CSRF_COOKIE_HTTPONLY leads to cookie without 'httponly' flag. It is possible to initiate the attack remotely. The name of the patch is 60a3fe559c453bc36b0ec3e5dd39c1303640a59a. It is recommended to apply a patch to fix this issue. The identifier VDB-216909 was assigned to this vulnerability. | |||||
| CVE-2018-25046 | 1 Cloudfoundry | 1 Archiver | 2023-01-06 | N/A | 9.1 CRITICAL |
| Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |||||