Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4291 | 1 Openmrs | 1 Admin Ui Module | 2023-01-05 | N/A | 6.1 MEDIUM |
| A vulnerability was found in OpenMRS Admin UI Module up to 1.5.x. It has been declared as problematic. This vulnerability affects unknown code of the file omod/src/main/webapp/pages/metadata/locations/location.gsp. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.6.0 is able to address this issue. The name of the patch is a7eefb5f69f6c50a3bffcb138bb8ea57cb41a9b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216916. | |||||
| CVE-2020-36636 | 1 Openmrs | 1 Admin Ui Module | 2023-01-05 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in OpenMRS Admin UI Module up to 1.4.x. Affected is the function sendErrorMessage of the file omod/src/main/java/org/openmrs/module/adminui/page/controller/systemadmin/accounts/AccountPageController.java of the component Account Setup Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.5.0 is able to address this issue. The name of the patch is 702fbfdac7c4418f23bb5f6452482b4a88020061. It is recommended to upgrade the affected component. VDB-216918 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4819 | 1 Hotcrp | 1 Hotcrp | 2023-01-05 | N/A | 6.1 MEDIUM |
| A vulnerability was found in HotCRP. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is d4ffdb0ef806453c54ddca7fdda3e5c60356285c. It is recommended to apply a patch to fix this issue. VDB-216998 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4820 | 1 Flatpress | 1 Flatpress | 2023-01-05 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic has been found in FlatPress. This affects an unknown part of the file admin/panels/entry/admin.entry.list.php of the component Admin Area. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is 229752b51025e678370298284d42f8ebb231f67f. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216999. | |||||
| CVE-2022-4822 | 1 Flatpress | 1 Flatpress | 2023-01-05 | N/A | 6.1 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in FlatPress. This issue affects some unknown processing of the file setup/lib/main.lib.php of the component Setup. The manipulation leads to cross site scripting. The attack may be initiated remotely. The name of the patch is 5f23b4c2eac294cc0ba5e541f83a6f8a26f9fed1. It is recommended to apply a patch to fix this issue. The identifier VDB-217001 was assigned to this vulnerability. | |||||
| CVE-2022-4821 | 1 Flatpress | 1 Flatpress | 2023-01-05 | N/A | 6.1 MEDIUM |
| A vulnerability classified as problematic was found in FlatPress. This vulnerability affects the function onupload of the file admin/panels/uploader/admin.uploader.php of the component XML File Handler/MD File Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 3cc223dec5260e533a84b5cf5780d3a4fbf21241. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217000. | |||||
| CVE-2019-19030 | 1 Linuxfoundation | 1 Harbor | 2023-01-05 | N/A | 5.3 MEDIUM |
| Cloud Native Computing Foundation Harbor before 1.10.3 and 2.x before 2.0.1 allows resource enumeration because unauthenticated API calls reveal (via the HTTP status code) whether a resource exists. | |||||
| CVE-2019-11851 | 1 Sierrawireless | 13 Aleos, Es440, Es450 and 10 more | 2023-01-05 | N/A | 9.8 CRITICAL |
| The ACENet service in Sierra Wireless ALEOS before 4.4.9, 4.5.x through 4.9.x before 4.9.5, and 4.10.x through 4.13.x before 4.14.0 allows remote attackers to execute arbitrary code via a buffer overflow. | |||||
| CVE-2022-46442 | 1 Dedecms | 1 Dedecms | 2023-01-05 | N/A | 9.8 CRITICAL |
| dedecms <=V5.7.102 is vulnerable to SQL Injection. In sys_ sql_ n query.php there are no restrictions on the sql query. | |||||
| CVE-2021-4239 | 1 Noiseprotocol | 1 Noise | 2023-01-05 | N/A | 7.5 HIGH |
| The Noise protocol implementation suffers from weakened cryptographic security after encrypting 2^64 messages, and a potential denial of service attack. After 2^64 (~18.4 quintillion) messages are encrypted with the Encrypt function, the nonce counter will wrap around, causing multiple messages to be encrypted with the same key and nonce. In a separate issue, the Decrypt function increments the nonce state even when it fails to decrypt a message. If an attacker can provide an invalid input to the Decrypt function, this will cause the nonce state to desynchronize between the peers, resulting in a failure to encrypt all subsequent messages. | |||||
| CVE-2021-4235 | 1 Yaml Project | 1 Yaml | 2023-01-05 | N/A | 5.5 MEDIUM |
| Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. | |||||
| CVE-2020-36568 | 1 Revel | 1 Revel | 2023-01-05 | N/A | 7.5 HIGH |
| Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation. | |||||
| CVE-2020-36566 | 1 Tar-utils Project | 1 Tar-utils | 2023-01-05 | N/A | 9.1 CRITICAL |
| Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |||||
| CVE-2020-36564 | 1 Nosurf Project | 1 Nosurf | 2023-01-05 | N/A | 7.5 HIGH |
| Due to improper validation of caller input, validation is silently disabled if the provided expected token is malformed, causing any user supplied token to be considered valid. | |||||
| CVE-2020-36561 | 1 Unzip Project | 1 Unzip | 2023-01-05 | N/A | 9.1 CRITICAL |
| Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |||||
| CVE-2020-36560 | 1 Go-unzip Project | 1 Go-unzip | 2023-01-05 | N/A | 9.1 CRITICAL |
| Due to improper path santization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory. | |||||
| CVE-2022-44541 | 2023-01-05 | N/A | N/A | ||
| CVE was unused by HPE. | |||||
| CVE-2022-44540 | 2023-01-05 | N/A | N/A | ||
| CVE was unused by HPE. | |||||
| CVE-2022-44539 | 2023-01-05 | N/A | N/A | ||
| CVE was unused by HPE. | |||||
| CVE-2022-44538 | 2023-01-05 | N/A | N/A | ||
| CVE was unused by HPE. | |||||