VYPR

CVEs

82,359 total · page 699 of 1,648

  • CVE-2022-36603HigSep 1, 2022
    risk 0.57cvss 8.8epss 0.01

    InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function.

  • CVE-2022-36602HigSep 1, 2022
    risk 0.57cvss 8.8epss 0.01

    InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function.

  • CVE-2022-32743HigSep 1, 2022
    risk 0.49cvss 7.5epss 0.01

    Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.

  • CVE-2022-2738HigSep 1, 2022
    risk 0.49cvss 7.5epss 0.01

    The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause…

  • CVE-2022-2639HigSep 1, 2022
    risk 0.00cvss 7.8epss 0.01

    An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an…

  • CVE-2022-2320HigSep 1, 2022
    risk 0.51cvss 7.8epss 0.01

    A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw…

  • CVE-2022-2319HigSep 1, 2022
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.

  • CVE-2022-1902HigSep 1, 2022
    risk 0.00cvss 8.8epss 0.01

    A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.

  • CVE-2022-1729HigSep 1, 2022
    risk 0.00cvss 7.0epss 0.00

    A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.

  • CVE-2022-36773HigSep 1, 2022
    risk 0.53cvss 8.1epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571.

  • CVE-2022-30614HigSep 1, 2022
    risk 0.49cvss 7.5epss 0.01

    IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID:…

  • CVE-2022-2996HigSep 1, 2022
    risk 0.48cvss 7.4epss 0.01

    A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks.

  • CVE-2021-45027HigSep 1, 2022
    risk 0.49cvss 7.5epss 0.02

    An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input.

  • CVE-2020-35525HigSep 1, 2022
    risk 0.49cvss 7.5epss 0.01

    In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing.

  • CVE-2022-37435HigSep 1, 2022
    risk 0.50cvss 8.8epss 0.01

    Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3.

  • CVE-2022-36676HigSep 1, 2022
    risk 0.47cvss 7.2epss 0.01

    Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.

  • CVE-2022-36675HigSep 1, 2022
    risk 0.47cvss 7.2epss 0.01

    Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php.

  • CVE-2022-36674HigSep 1, 2022
    risk 0.47cvss 7.2epss 0.01

    Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php.

  • CVE-2022-36671HigSep 1, 2022
    risk 0.49cvss 7.5epss 0.00

    Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.

  • CVE-2022-37129HigAug 31, 2022
    risk 0.58cvss 8.8epss 0.08

    D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection.

  • CVE-2022-37123HigAug 31, 2022
    risk 0.57cvss 8.8epss 0.03

    D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi.

  • CVE-2022-36619HigAug 31, 2022
    risk 0.49cvss 7.5epss 0.01

    In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC.

  • CVE-2022-36051HigAug 31, 2022
    risk 0.50cvss 8.7epss 0.01

    ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain…

  • CVE-2022-36620HigAug 31, 2022
    risk 0.51cvss 7.5epss 0.23

    D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting.

  • CVE-2022-2897HigAug 31, 2022
    risk 0.51cvss 7.8epss 0.00

    Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation..

  • CVE-2022-2896HigAug 31, 2022
    risk 0.51cvss 7.8epss 0.00

    Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file.

  • CVE-2022-2895HigAug 31, 2022
    risk 0.51cvss 7.8epss 0.00

    Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file.

  • CVE-2022-2894HigAug 31, 2022
    risk 0.51cvss 7.8epss 0.00

    Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file.

  • CVE-2022-2892HigAug 31, 2022
    risk 0.51cvss 7.8epss 0.00

    Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file.

  • CVE-2022-36582HigAug 31, 2022
    risk 0.47cvss 7.2epss 0.01

    An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2022-36581HigAug 31, 2022
    risk 0.49cvss 7.5epss 0.01

    Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php.

  • CVE-2022-36580HigAug 31, 2022
    risk 0.47cvss 7.2epss 0.01

    An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2022-36571HigAug 31, 2022
    risk 0.47cvss 7.2epss 0.01

    Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting.

  • CVE-2022-36570HigAug 31, 2022
    risk 0.47cvss 7.2epss 0.01

    Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg.

  • CVE-2022-36569HigAug 31, 2022
    risk 0.57cvss 8.8epss 0.01

    Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg.

  • CVE-2022-36568HigAug 31, 2022
    risk 0.57cvss 8.8epss 0.01

    Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList.

  • CVE-2022-34383HigAug 31, 2022
    risk 0.53cvss 8.1epss 0.00

    Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM.

  • CVE-2022-34373HigAug 31, 2022
    risk 0.47cvss 7.3epss 0.00

    Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system.

  • CVE-2022-1841HigAug 31, 2022
    risk 0.47cvss 7.2epss 0.01

    In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero.

  • CVE-2022-37184HigAug 31, 2022
    risk 0.57cvss 8.8epss 0.01

    The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file.

  • CVE-2022-38152HigAug 31, 2022
    risk 0.00cvss 7.5epss 0.02

    An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses…

  • CVE-2022-3028HigAug 31, 2022
    risk 0.00cvss 7.0epss 0.00

    A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory…

  • CVE-2022-37122HigAug 31, 2022
    risk 0.50cvss 7.5epss 0.20

    Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 - B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the 'file' GET parameter through the 'logdownload.cgi' Bash script…

  • CVE-2022-2866HigAug 31, 2022
    risk 0.51cvss 7.8epss 0.00

    FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution.

  • CVE-2022-2590HigAug 31, 2022
    risk 0.46cvss 7.0epss 0.01

    A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their…

  • CVE-2022-2132HigAug 31, 2022
    risk 0.56cvss 8.6epss 0.02

    A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK.

  • CVE-2022-2044HigAug 31, 2022
    risk 0.53cvss 8.2epss 0.01

    MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device.

  • CVE-2022-2043HigAug 31, 2022
    risk 0.49cvss 7.5epss 0.01

    MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive.

  • CVE-2022-2006HigAug 31, 2022
    risk 0.51cvss 7.8epss 0.00

    AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL…

  • CVE-2022-2005HigAug 31, 2022
    risk 0.49cvss 7.5epss 0.00

    AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions…