Vulners.com -- CVE-2019-6340 |
Vulners.com -- CVE-2020-10938 |
Vulners.com -- CVE-2018-11769 |
Vulners.com -- CVE-2020-24972 |
Vulners.com -- CVE-2021-30624 |
Vulners.com -- CVE-2007-0899 |
Vulners.com -- CVE-2019-1010268 |
Vulners.com -- CVE-2020-29600 |
Vulners.com -- CVE-2018-12356 |
Vulners.com -- CVE-2021-30563 |
Vulners.com -- CVE-2022-0307 |
Vulners.com -- CVE-2020-36129 |
Vulners.com -- CVE-2019-19787 |
Vulners.com -- CVE-2019-11831 |
Vulners.com -- CVE-2022-1031 |
Vulners.com -- CVE-2018-20427 |
Vulners.com -- CVE-2021-32491 |
Vulners.com -- CVE-2021-30555 |
Vulners.com -- CVE-2021-30610 |
Vulners.com -- CVE-2020-18976 |
Vulners.com -- CVE-2021-37981 |
Vulners.com -- CVE-2021-37975 |
Vulners.com -- CVE-2019-9897 |
Vulners.com -- CVE-2019-10249 |
Vulners.com -- CVE-2019-9199 |
Vulners.com -- CVE-2020-8432 |
Vulners.com -- CVE-2020-36254 |
Vulners.com -- CVE-2017-2908 |
Vulners.com -- CVE-2021-32492 |
Vulners.com -- CVE-2020-28636 |
Vulners.com -- CVE-2020-15238 |
Vulners.com -- CVE-2021-23165 |
Vulners.com -- CVE-2019-9589 |
Vulners.com -- CVE-2021-30586 |
Vulners.com -- CVE-2018-20548 |
Vulners.com -- CVE-2017-18187 |
Vulners.com -- CVE-2019-5052 |
Vulners.com -- CVE-2019-15551 |
Vulners.com -- CVE-2020-35176 |
Vulners.com -- CVE-2022-20785 |
Vulners.com -- CVE-2021-20314 |
Vulners.com -- CVE-2019-19785 |
Vulners.com -- CVE-2022-0103 |
Vulners.com -- CVE-2020-36326 |
Vulners.com -- CVE-2017-14476 |
Vulners.com -- CVE-2019-12957 |
Vulners.com -- CVE-2019-17534 |
Vulners.com -- CVE-2017-12377 |
Vulners.com -- CVE-2018-20426 |
Vulners.com -- CVE-2018-11319 |
Vulners.com -- CVE-2018-14403 |
Vulners.com -- CVE-2018-8103 |
Vulners.com -- CVE-2021-30577 |
Vulners.com -- CVE-2017-2921 |
Vulners.com -- CVE-2021-21199 |
Vulners.com -- CVE-2017-2906 |
Vulners.com -- CVE-2019-9895 |
Vulners.com -- CVE-2021-28710 |
Vulners.com -- CVE-2020-6105 |
Vulners.com -- CVE-2022-0096 |
Vulners.com -- CVE-2018-7033 |
Vulners.com -- CVE-2018-10685 |
Vulners.com -- CVE-2017-17520 |
Vulners.com -- CVE-2022-1382 |
Vulners.com -- CVE-2021-26910 |
Vulners.com -- CVE-2020-24994 |
Vulners.com -- CVE-2020-13671 |
Vulners.com -- CVE-2022-0310 |
Vulners.com -- CVE-2020-24916 |
Vulners.com -- CVE-2017-2893 |
Vulners.com -- CVE-2018-7711 |
Vulners.com -- CVE-2017-8821 |
Vulners.com -- CVE-2018-20683 |
Vulners.com -- CVE-2021-30506 |
Vulners.com -- CVE-2018-7889 |
Vulners.com -- CVE-2017-8823 |
Vulners.com -- CVE-2019-9114 |
Vulners.com -- CVE-2021-3420 |
Vulners.com -- CVE-2021-43518 |
Vulners.com -- CVE-2019-13226 |
Vulners.com -- CVE-2017-9104 |
Vulners.com -- CVE-2022-0457 |
Vulners.com -- CVE-2021-21230 |
Vulners.com -- CVE-2019-13207 |
Vulners.com -- CVE-2021-40401 |
Vulners.com -- CVE-2022-0797 |
Vulners.com -- CVE-2018-12933 |
Vulners.com -- CVE-2021-21204 |
Vulners.com -- CVE-2021-37961 |
Vulners.com -- CVE-2020-24698 |
Vulners.com -- CVE-2019-11577 |
Vulners.com -- CVE-2021-21113 |
Vulners.com -- CVE-2018-0493 |
Vulners.com -- CVE-2019-1785 |
Vulners.com -- CVE-2022-23947 |
Vulners.com -- CVE-2019-9113 |
Vulners.com -- CVE-2019-3849 |
Vulners.com -- CVE-2021-23180 |
Vulners.com -- CVE-2020-11060 |
CVE-2022-1752 -- Unrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2. |
CVE-2022-1809 -- Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.
|
CVE-2022-29188 -- Smokescreen is an HTTP proxy. The primary use case for Smokescreen is to prevent server-side request forgery (SSRF) attacks in which external attackers leverage the behavior of applications to connect to or scan internal infrastructure. Smokescreen also o |
CVE-2022-29189 -- Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake compl |
CVE-2022-29190 -- Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no k |
CVE-2022-29209 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions (e.g., `CHECK_LT`, `CHECK_GT`, etc.) have an incorrect logic when comparing `size_t` and ` |
CVE-2022-29210 -- TensorFlow is an open source platform for machine learning. In version 2.8.0, the `TensorKey` hash function used total estimated `AllocatedBytes()`, which (a) is an estimate per tensor, and (b) is a very poor hash function for constants (e.g. `int32_t`). |
CVE-2022-29211 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.histogram_fixed_width` is vulnerable to a crash when the values array contain `Not a Number` (`NaN`) elements. The impl |
CVE-2022-29212 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, certain TFLite models that were created using TFLite model converter would crash when loaded in the TFLite interpreter. The culprit is that durin |
CVE-2022-29213 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the `tf.compat.v1.signal.rfft2d` and `tf.compat.v1.signal.rfft3d` lack input validation and under certain condition can result in crashes (due to |
CVE-2022-29214 -- NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 con |
CVE-2022-29215 -- RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1. |
CVE-2022-29216 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, TensorFlow's `saved_model_cli` tool is vulnerable to a code injection. This can be used to open a reverse shell. This code path was maintained fo |
CVE-2022-29222 -- Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.5, a DTLS Client could provide a Certificate that it doesn't posses the private key for and Pion DTLS wouldn't reject it. This issue affects users that are using C |
CVE-2022-31259 -- The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1). |
CVE-2022-31264 -- Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program. |
CVE-2022-31267 -- Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value. |
CVE-2022-31268 -- A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname). |
Vulners.com -- Cisco IOS XR Software Health Check Open Port Vulnerability |
Vulners.com -- Galleon NTS-6002-GPS Command Injection vulnerability (CVE-2022-27224) |
Vulners.com -- Cytrox's Predator Spyware Targeted Android Users with Zero-Day Exploits |
Vulners.com -- Security update for ImageMagick (moderate) |
Vulners.com -- Security update for autotrace (moderate) |
CVE-2021-30028 -- SOOTEWAY Wi-Fi Range Extender v1.5 was discovered to use default credentials (the admin password for the admin account) to access the TELNET service, allowing attackers to erase/read/write the firmware remotely.
|
CVE-2021-34111 -- Thecus 4800Eco was discovered to contain a command injection vulnerability via the username parameter in /adm/setmain.php. |
CVE-2021-36833 -- Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode's MC4WP plugin <= 4.8.6 at WordPress. |
CVE-2021-39043 -- IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to crede |
CVE-2021-43728 -- Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized SSID parameter.
|
CVE-2021-43729 -- Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter.
|
CVE-2022-1754 -- Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2. |
CVE-2022-1770 -- Improper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2. |
CVE-2022-1775 -- Weak Password Requirements in GitHub repository polonel/trudesk prior to 1.2.2. |
CVE-2022-1784 -- Server-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8. |
CVE-2022-1803 -- Improper Restriction of Rendered UI Layers or Frames in GitHub repository polonel/trudesk prior to 1.2.2. |
CVE-2022-1806 -- Cross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rtx prior to checkpoint_2022-05-18. |
CVE-2022-21195 -- All versions of package url-regex are vulnerable to Regular Expression Denial of Service (ReDoS) which can cause the CPU usage to crash. |
CVE-2022-21500 -- Vulnerability in Oracle E-Business Suite (component: Manage Proxies). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Sui |
CVE-2022-22365 -- IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, with the Ajax Proxy Web Application (AjaxProxy.war) deployed, is vulnerable to spoofing by allowing a man-in-the-middle attacker to spoof SSL server hostnames. IBM X-Force ID: 220904.
|
CVE-2022-22972 -- VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need |
CVE-2022-22973 -- VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.
|
CVE-2022-24044 -- A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The login functionality |
CVE-2022-24045 -- A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The application, after a |
CVE-2022-24287 -- A vulnerability has been identified in SIMATIC PCS 7 V9.0 and earlier (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions), SIMATIC WinC |
CVE-2022-24290 -- A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Te |
CVE-2022-24434 -- This affects all versions of package dicer. A malicious attacker can send a modified form to server, and crash the nodejs service. An attacker could sent the payload again and again so that the service continuously crashes. |
CVE-2022-24904 -- Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 0.7.0 and prior to versions 2.1.15m 2.2.9, and 2.3.4 is vulnerable to a symlink following bug allowing a malicious user with repository write access to |
CVE-2022-24905 -- Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A vulnerability was found in Argo CD prior to versions 2.3.4, 2.2.9, and 2.1.15 that allows an attacker to spoof error messages on the login screen when single sign on (SSO) is enab |
CVE-2022-24906 -- Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. |
CVE-2022-25224 -- Proton v0.2.0 allows an attacker to create a malicious link inside a markdown file. When the victim clicks the link, the application opens the site in the current frame allowing an attacker to host JavaScript code in the malicious link in order to trigger |
CVE-2022-25227 -- Thinfinity VNC v4.0.0.1 contains a Cross-Origin Resource Sharing (CORS) vulnerability which can allow an unprivileged remote attacker, if they can trick a user into browse malicious site, to obtain an 'ID' that can be used to send websocket requests and a |
CVE-2022-25229 -- Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the 'webpage' to use 'NodeJs' features, an attacker can leverage this to run OS commands. |
CVE-2022-25229 -- Popcorn Time 0.4.7 has a Stored XSS in the 'Movies API Server(s)'' field via the 'settings' page. The 'nodeIntegration' configuration is set to on which allows the webpage to use 'NodeJs' features, an attacker can leverage this to run OS commands. |
CVE-2022-26632 -- Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php. |
CVE-2022-26633 -- Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php. |
CVE-2022-26634 -- HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
CVE-2022-27092 -- Private Internet Access v3.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
CVE-2022-27094 -- Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
CVE-2022-27095 -- BattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
CVE-2022-27242 -- A vulnerability has been identified in OpenV2G (V0.9.4). The OpenV2G EXI parsing feature is missing a length check when parsing X509 serial numbers. Thus, an attacker could introduce a buffer overflow that leads to memory corruption.
|
CVE-2022-27640 -- A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests. This could allow an attacker to create a denial |
CVE-2022-27640 -- A vulnerability has been identified in SIMATIC CP 442-1 RNA (All versions < V1.5.18), SIMATIC CP 443-1 RNA (All versions < V1.5.18). The affected devices improperly handles excessive ARP broadcast requests.
|
CVE-2022-27653 -- A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted .NEU files. This could allow an attacker to ex |
CVE-2022-28104 -- Foxit PDF Editor v11.3.1 was discovered to contain an arbitrary file upload vulnerability.
|
CVE-2022-28105 -- Online Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php.
|
CVE-2022-28106 -- Online Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request.
|
CVE-2022-28531 -- Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field. |
CVE-2022-28618 -- A command injection security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays and HPE Nimble Storage Secondary Flash Arrays that could allow an attacker to execute arbitrary commands on a Nim |
CVE-2022-28660 -- The querier component in Grafana Enterprise Logs 1.1.x through 1.3.x before 1.4.0 does not require authentication when X-Scope-OrgID is used. Versions 1.2.1, 1.3.1, and 1.4.0 contain the bugfix. This affects -auth.type=enterprise in microservices mode
|
CVE-2022-28964 -- An arbitrary file write vulnerability in Avast Premium Security before v21.11.2500 (build 21.11.6809.528) allows attackers to cause a Denial of Service (DoS) via a crafted DLL file. |
CVE-2022-28965 -- Multiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file. |
CVE-2022-28985 -- A stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. |
CVE-2022-28987 -- ManageEngine ADSelfService Plus v6.1 allows attackers to perform username enumeration via a crafted POST request to /ServletAPI/accounts/login. |
CVE-2022-28990 -- WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm. |
CVE-2022-28991 -- Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. |
CVE-2022-28992 -- A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. |
CVE-2022-28993 -- Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. |
CVE-2022-28995 -- Rengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function. |
CVE-2022-29021 -- A buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. |
CVE-2022-29022 -- A buffer overflow in the razeraccessory driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. |
CVE-2022-29023 -- A buffer overflow in the razermouse driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device. |
CVE-2022-29028 -- A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition whi |
CVE-2022-29030 -- A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow co |
CVE-2022-29031 -- A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vuln |
CVE-2022-29032 -- A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerabi |
CVE-2022-29033 -- A vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized p |
CVE-2022-29159 -- Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. In versions prior to 1.4.8, 1.5.6, and 1.6.1, an authenticated user can move stacks with cards from their own board to a board of another user. The Nextcloud Deck app conta |
CVE-2022-29160 -- Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former accou |
CVE-2022-29163 -- Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.6 and 23.0.3, a user can create a link that is not password protected even if the administrator requires links to be password protected |
CVE-2022-29165 -- Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2.3.4 which would allow unauthenticated users to imperso |
CVE-2022-29170 -- Grafana is an open-source platform for monitoring and observability. In Grafana Enterprise, the Request security feature allows list allows to configure Grafana in a way so that the instance doesn’t call or only calls specific hosts. The vulnerability p |
CVE-2022-29177 -- Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker n |
CVE-2022-29178 -- Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating System |
CVE-2022-29179 -- Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as |
CVE-2022-29181 -- Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or r |
CVE-2022-29182 -- GoCD is a continuous delivery server. GoCD versions 19.11.0 through 21.4.0 (inclusive) are vulnerable to a Document Object Model (DOM)-based cross-site scripting attack via a pipeline run's Stage Details > Graphs tab. It is possible for a malicious script |
CVE-2022-29183 -- GoCD is a continuous delivery server. GoCD versions 20.2.0 until 21.4.0 are vulnerable to reflected cross-site scripting via abuse of the pipeline comparison function's error handling to render arbitrary HTML into the returned page. This could allow an at |
CVE-2022-29184 -- GoCD is a continuous delivery server. In GoCD versions prior to 22.1.0, it is possible for existing authenticated users who have permissions to edit or create pipeline materials or pipeline configuration repositories to get remote code execution capabilit |
CVE-2022-29185 -- totp-rs is a Rust library that permits the creation of 2FA authentification tokens per time-based one-time password (TOTP). Prior to version 1.1.0, token comparison was not constant time, and could theorically be used to guess value of an TOTP token, and |
CVE-2022-29186 -- Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Rundeck community and rundeck-enterprise docker images contained a pre-generated SSH keypair. If the id_rsa.pub public key of the keypair was copied to autho |
CVE-2022-29191 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.GetSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can be u |
CVE-2022-29192 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizeAndDequantizeV4Grad` does not fully validate the input arguments. This results in a `CHECK`-failure whi |
CVE-2022-29193 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be us |
CVE-2022-29194 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.DeleteSessionTensor` does not fully validate the input arguments. This results in a `CHECK`-failure which can b |
CVE-2022-29195 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to |
CVE-2022-29196 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which ca |
CVE-2022-29198 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure w |
CVE-2022-29199 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be |
CVE-2022-29200 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LSTMBlockCell` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used |
CVE-2022-29201 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.QuantizedConv2D` does not fully validate the input arguments. In this case, references get bound to `nullptr` f |
CVE-2022-29202 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.ragged.constant` does not fully validate the input arguments. This results in a denial of service by consuming all avai |
CVE-2022-29203 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SpaceToBatchND` (in all backends such as XLA and handwritten kernels) is vulnerable to an integer overflow: The |
CVE-2022-29204 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can b |
CVE-2022-29205 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, there is a potential for segfault / denial of service in TensorFlow by calling `tf.compat.v1.*` ops which don't yet have support for quantized ty |
CVE-2022-29206 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorDenseAdd` does not fully validate the input arguments. In this case, a reference gets bound to a `n |
CVE-2022-29207 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, multiple TensorFlow operations misbehave in eager mode when the resource handle provided to them is invalid. In graph mode, it would have been im |
CVE-2022-29208 -- TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.EditDistance` has incomplete validation. Users can pass negative values to cause a segmentation fault based den |
CVE-2022-29320 -- MiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. |
CVE-2022-29424 -- Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress. |
CVE-2022-29424 -- Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress.
|
CVE-2022-29425 -- Cross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress. |
CVE-2022-29426 -- Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team's Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress. |
CVE-2022-29426 -- Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team's Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress.
|
CVE-2022-29427 -- Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disable Right Click For WP plugin <= 1.1.6 at WordPress. |
CVE-2022-29427 -- Cross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disable Right Click For WP plugin <= 1.1.6 at WordPress.
|
CVE-2022-29428 -- Cross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin <= 1.4.5 at WordPress. |
CVE-2022-29430 -- Cross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality. |
CVE-2022-29431 -- Cross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base. |
CVE-2022-29432 -- Multiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerab |
CVE-2022-29434 -- Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. |
CVE-2022-29447 -- Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress. |
CVE-2022-29447 -- Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Hover Effects plugin <= 2.1 at WordPress.
|
CVE-2022-29448 -- Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress. |
CVE-2022-29801 -- A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on t |
CVE-2022-29801 -- A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an
|
CVE-2022-29883 -- A vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM |
CVE-2022-30518 -- ChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php.
|
CVE-2022-30551 -- OPC UA Legacy Java Stack 2022-04-01 allows a remote attacker to cause a server to stop processing messages by sending crafted messages that exhaust available resources. |
CVE-2022-30886 -- School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php. |
CVE-2022-30887 -- Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file. |
CVE-2022-31215 -- In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console |
CVE-2022-31245 -- mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs. |
CVE-2022-31258 -- In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink. |
Vulners.com -- SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization |