IDCVSSSummaryLast (major) updatePublished
CVE-2021-41411 7.5
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
28-06-2022 - 13:56 16-06-2022 - 10:15
CVE-2022-22485 7.5
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could ex
28-06-2022 - 13:54 17-06-2022 - 16:15
CVE-2021-40606 None
The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2021-40607 None
The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2021-40608 None
The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2021-40609 None
The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command.
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2021-40943 None
In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS).
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2021-40944 None
In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS).
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2021-41460 None
ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information.
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2021-41687 None
DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2021-41689 None
DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to l
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2021-41688 None
DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2021-41690 None
DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak.
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2022-23896 None
Admidio 4.1.2 version is affected by stored cross-site scripting (XSS).
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2022-29519 None
Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper wi
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2022-30707 None
Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS fu
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2022-30997 None
Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2022-34750 None
An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various
28-06-2022 - 13:50 28-06-2022 - 13:15
CVE-2017-20053 4.3
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched rem
28-06-2022 - 13:44 16-06-2022 - 13:15
CVE-2017-20054 3.5
A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. Th
28-06-2022 - 13:43 16-06-2022 - 13:15
CVE-2022-32442 4.3
u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default home page if the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl (96502)%27bad=", it can cause html injection.
28-06-2022 - 13:36 17-06-2022 - 16:15
CVE-2021-37764 5.5
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/manufacturers.php.
28-06-2022 - 13:27 16-06-2022 - 21:15
CVE-2021-46820 5.5
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php
28-06-2022 - 13:26 16-06-2022 - 21:15
CVE-2022-30767 7.5
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
28-06-2022 - 13:15 16-05-2022 - 03:15
CVE-2018-25032 5.0
zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.
28-06-2022 - 13:15 25-03-2022 - 09:15
CVE-2021-44531 5.8
Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting U
28-06-2022 - 13:15 24-02-2022 - 19:15
CVE-2021-44532 5.0
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an inje
28-06-2022 - 13:15 24-02-2022 - 19:15
CVE-2021-44533 5.0
Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a m
28-06-2022 - 13:15 24-02-2022 - 19:15
CVE-2022-21824 6.4
Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, whi
28-06-2022 - 13:15 24-02-2022 - 19:15
CVE-2021-22959 6.4
The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.
28-06-2022 - 13:15 15-11-2021 - 15:15
CVE-2021-22960 5.8
The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.
28-06-2022 - 13:15 03-11-2021 - 20:15
CVE-2021-28116 4.3
Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody.
28-06-2022 - 13:15 09-03-2021 - 22:15
CVE-2017-20060 3.5
A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate t
28-06-2022 - 13:08 20-06-2022 - 05:15
CVE-2017-20061 3.5
A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert(1)%3E lea
28-06-2022 - 13:08 20-06-2022 - 05:15
CVE-2017-20059 3.5
A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input </title><img src=no onerror=alert(1)>
28-06-2022 - 13:07 20-06-2022 - 05:15
CVE-2017-20058 4.3
A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attac
28-06-2022 - 13:06 20-06-2022 - 05:15
CVE-2017-20057 4.3
A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the attack remote
28-06-2022 - 13:05 20-06-2022 - 05:15
CVE-2022-31873 4.3
Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi.
28-06-2022 - 13:01 17-06-2022 - 20:15
CVE-2022-22138 5.0
All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the
28-06-2022 - 12:59 17-06-2022 - 20:15
CVE-2022-30607 4.0
IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294.
28-06-2022 - 12:59 17-06-2022 - 16:15
CVE-2022-25345 5.0
All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash.
28-06-2022 - 12:57 17-06-2022 - 20:15
CVE-2022-31941 7.5
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_user&id=.
28-06-2022 - 12:55 17-06-2022 - 19:15
CVE-2022-32444 5.8
An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.
28-06-2022 - 12:32 17-06-2022 - 16:15
CVE-2022-22317 7.5
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.
28-06-2022 - 12:23 20-06-2022 - 17:15
CVE-2022-22318 6.5
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
28-06-2022 - 12:22 20-06-2022 - 17:15
CVE-2022-30422 10.0
Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter.
28-06-2022 - 12:22 17-06-2022 - 17:15
CVE-2022-22414 2.1
IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026.
28-06-2022 - 12:17 20-06-2022 - 17:15
CVE-2022-2128 7.5
Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.4.
28-06-2022 - 12:13 20-06-2022 - 17:15
CVE-2017-20104 None
A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads to sql injection (Time). The attack can be initia
28-06-2022 - 12:03 28-06-2022 - 07:15
CVE-2017-20105 None
A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with the input ..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2f
28-06-2022 - 12:03 28-06-2022 - 07:15
Back to Top Mark selected
Back to Top