VYPR

CVEs

82,359 total · page 700 of 1,648

  • CVE-2022-2004HigAug 31, 2022
    risk 0.49cvss 7.5epss 0.01

    AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1…

  • CVE-2022-2003HigAug 31, 2022
    risk 0.50cvss 7.7epss 0.01

    AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects:…

  • CVE-2022-1976HigAug 31, 2022
    risk 0.51cvss 7.8epss 0.00

    A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege…

  • CVE-2022-1888HigAug 31, 2022
    risk 0.51cvss 7.8epss 0.00

    Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code.

  • CVE-2022-1552HigAug 31, 2022
    risk 0.58cvss 8.8epss 0.12

    A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant…

  • CVE-2022-1405HigAug 31, 2022
    risk 0.51cvss 7.8epss 0.02

    CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition.

  • CVE-2022-1319HigAug 31, 2022
    risk 0.00cvss 7.5epss 0.01

    A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in…

  • CVE-2022-1271HigAug 31, 2022
    risk 0.58cvss 8.8epss 0.04

    An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to…

  • CVE-2022-1259HigAug 31, 2022
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.

  • CVE-2022-1247HigAug 31, 2022
    risk 0.46cvss 7.0epss 0.00

    An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and…

  • CVE-2022-36035HigAug 31, 2022
    risk 0.43cvss 7.7epss 0.00

    Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The…

  • CVE-2022-37022HigAug 31, 2022
    risk 0.57cvss 8.8epss 0.01

    Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java…

  • CVE-2022-39047HigAug 31, 2022
    risk 0.57cvss 8.8epss 0.01

    Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility's handling of the modpack URL.

  • CVE-2022-39046HigAug 31, 2022
    risk 0.49cvss 7.5epss 0.02

    An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the…

  • CVE-2022-27563HigAug 30, 2022
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service.

  • CVE-2022-3037HigAug 30, 2022
    risk 0.00cvss 7.8epss 0.01

    Use After Free in GitHub repository vim/vim prior to 9.0.0322.

  • CVE-2022-37173HigAug 30, 2022
    risk 0.51cvss 7.8epss 0.00

    An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe.

  • CVE-2022-37172HigAug 30, 2022
    risk 0.51cvss 7.8epss 0.00

    Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.

  • CVE-2022-36565HigAug 30, 2022
    risk 0.57cvss 8.8epss 0.01

    Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.

  • CVE-2022-36564HigAug 30, 2022
    risk 0.57cvss 8.8epss 0.01

    Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.

  • CVE-2022-36563HigAug 30, 2022
    risk 0.57cvss 8.8epss 0.01

    Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.

  • CVE-2022-36562HigAug 30, 2022
    risk 0.57cvss 8.8epss 0.01

    Incorrect access control in the install directory (C:\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.

  • CVE-2022-34375HigAug 30, 2022
    risk 0.57cvss 8.8epss 0.01

    Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.

  • CVE-2022-34374HigAug 30, 2022
    risk 0.57cvss 8.8epss 0.01

    Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system.

  • CVE-2022-31232HigAug 30, 2022
    risk 0.56cvss 8.6epss 0.01

    SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.

  • CVE-2022-37237HigAug 30, 2022
    risk 0.49cvss 7.5epss 0.01

    An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327.

  • CVE-2022-36552HigAug 30, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request.

  • CVE-2022-39028HigAug 30, 2022
    risk 0.49cvss 7.5epss 0.02

    telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However,…

  • CVE-2022-38118HigAug 30, 2022
    risk 0.57cvss 8.8epss 0.01

    OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.

  • CVE-2022-25857HigAug 30, 2022
    risk 0.42cvss 7.5epss 0.02

    The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

  • CVE-2022-24107HigAug 30, 2022
    risk 0.51cvss 7.8epss 0.00

    Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.

  • CVE-2022-24106HigAug 30, 2022
    risk 0.51cvss 7.8epss 0.00

    In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

  • CVE-2022-38784HigAug 30, 2022
    risk 0.51cvss 7.8epss 0.01

    Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the…

  • CVE-2022-38625HigAug 29, 2022
    risk 0.57cvss 8.8epss 0.00

    Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code. NOTE: the…

  • CVE-2022-37681HigAug 29, 2022
    risk 0.49cvss 7.5epss 0.01

    Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. Security information ID hitachi-sec-2022-001 contains fixes for the…

  • CVE-2022-37680HigAug 29, 2022
    risk 0.49cvss 7.5epss 0.01

    An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. Security…

  • CVE-2022-38772HigAug 29, 2022
    risk 0.63cvss 8.8epss 0.78

    Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.

  • CVE-2022-37177HigAug 29, 2022
    risk 0.49cvss 7.5epss 0.00

    HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm. NOTE: this is disputed by the vendor for multiple reasons, e.g., it is inconsistent with CVE ID assignment rules for cloud services, and no product with version V1.0 exists. Furthermore,…

  • CVE-2020-26938HigAug 29, 2022
    risk 0.47cvss 7.2epss 0.01

    In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. This allows a malicious…

  • CVE-2022-2559HigAug 29, 2022
    risk 0.47cvss 7.2epss 0.01

    The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users

  • CVE-2022-2261HigAug 29, 2022
    risk 0.47cvss 7.2epss 0.01

    The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue.

  • CVE-2022-1123HigAug 29, 2022
    risk 0.47cvss 7.2epss 0.01

    The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks.

  • CVE-2022-36034HigAug 29, 2022
    risk 0.49cvss 7.5epss 0.01

    nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds.

  • CVE-2022-27546HigAug 29, 2022
    risk 0.54cvss 8.3epss 0.01

    HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a…

  • CVE-2022-36200HigAug 29, 2022
    risk 0.49cvss 7.5epss 0.02

    In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed.

  • CVE-2022-35962HigAug 29, 2022
    risk 0.52cvss 8.0epss 0.01

    Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in…

  • CVE-2022-2961HigAug 29, 2022
    risk 0.46cvss 7.0epss 0.00

    A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on…

  • CVE-2022-1199HigAug 29, 2022
    risk 0.00cvss 7.5epss 0.02

    A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.

  • CVE-2022-1117HigAug 29, 2022
    risk 0.00cvss 8.4epss 0.00

    A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by…

  • CVE-2022-1043HigAug 29, 2022
    risk 0.03cvss 8.8epss 0.04

    A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.