VYPR

CVEs

82,359 total · page 701 of 1,648

  • CVE-2022-0934HigAug 29, 2022
    risk 0.49cvss 7.5epss 0.01

    A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.

  • CVE-2022-0850HigAug 29, 2022
    risk 0.00cvss 7.1epss 0.00

    A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.

  • CVE-2022-0497HigAug 29, 2022
    risk 0.00cvss 7.1epss 0.00

    A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.

  • CVE-2022-0400HigAug 29, 2022
    risk 0.49cvss 7.5epss 0.01

    An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.

  • CVE-2022-0367HigAug 29, 2022
    risk 0.00cvss 7.8epss 0.00

    A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

  • CVE-2022-0358HigAug 29, 2022
    risk 0.00cvss 7.8epss 0.00

    A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a…

  • CVE-2022-0336HigAug 29, 2022
    risk 0.00cvss 8.8epss 0.01

    The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on…

  • CVE-2022-0284HigAug 29, 2022
    risk 0.00cvss 7.1epss 0.01

    A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can…

  • CVE-2022-36690HigAug 29, 2022
    risk 0.57cvss 8.8epss 0.01

    Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=.

  • CVE-2022-36689HigAug 29, 2022
    risk 0.57cvss 8.8epss 0.01

    Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=.

  • CVE-2022-36688HigAug 29, 2022
    risk 0.57cvss 8.8epss 0.01

    Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=.

  • CVE-2022-36686HigAug 29, 2022
    risk 0.57cvss 8.8epss 0.01

    Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=.

  • CVE-2022-3019HigAug 29, 2022
    risk 0.00cvss 8.8epss 0.01

    The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).

  • CVE-2022-25921HigAug 29, 2022
    risk 0.53cvss 8.1epss 0.01

    All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor.

  • CVE-2021-41785HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.01

    Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.

  • CVE-2021-41784HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.01

    Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.

  • CVE-2021-41783HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.01

    Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.

  • CVE-2021-41782HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.01

    Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.

  • CVE-2021-41781HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.01

    Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.

  • CVE-2021-41780HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.01

    Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.

  • CVE-2022-38511HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.01

    TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi.

  • CVE-2022-38510HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.00

    Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList.

  • CVE-2022-36616HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.00

    TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

  • CVE-2022-36615HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.00

    TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

  • CVE-2022-36614HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.00

    TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

  • CVE-2022-36613HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.00

    TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

  • CVE-2022-36612HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.00

    TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

  • CVE-2022-36611HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.00

    TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

  • CVE-2022-36610HigAug 29, 2022
    risk 0.51cvss 7.8epss 0.00

    TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.

  • CVE-2022-36704HigAug 28, 2022
    risk 0.57cvss 8.8epss 0.01

    Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php.

  • CVE-2022-38571HigAug 28, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem.

  • CVE-2022-38570HigAug 28, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter.

  • CVE-2022-38569HigAug 28, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd.

  • CVE-2022-38568HigAug 28, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter.

  • CVE-2022-38567HigAug 28, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter.

  • CVE-2022-38566HigAug 28, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter.

  • CVE-2022-38565HigAug 28, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter.

  • CVE-2022-38564HigAug 28, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter.

  • CVE-2022-38563HigAug 28, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter.

  • CVE-2022-38562HigAug 28, 2022
    risk 0.49cvss 7.5epss 0.01

    Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter.

  • CVE-2022-3016HigAug 28, 2022
    risk 0.00cvss 7.8epss 0.01

    Use After Free in GitHub repository vim/vim prior to 9.0.0286.

  • CVE-2022-38794HigAug 27, 2022
    risk 0.49cvss 7.5epss 0.04

    Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.

  • CVE-2022-36546HigAug 26, 2022
    risk 0.57cvss 8.8epss 0.00

    Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php.

  • CVE-2022-2915HigAug 26, 2022
    risk 0.57cvss 8.8epss 0.01

    A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.

  • CVE-2022-36537HigKEVAug 26, 2022
    risk 0.19cvss 7.5epss 0.95

    ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.

  • CVE-2022-36529HigAug 26, 2022
    risk 0.57cvss 8.8epss 0.01

    Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml.

  • CVE-2022-31773HigAug 26, 2022
    risk 0.57cvss 8.8epss 0.00

    IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357.

  • CVE-2022-0217HigAug 26, 2022
    risk 0.49cvss 7.5epss 0.05

    It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition,…

  • CVE-2022-0084HigAug 26, 2022
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or…

  • CVE-2022-25625HigAug 26, 2022
    risk 0.57cvss 8.8epss 0.01

    A malicious unauthorized PAM user can access the administration configuration data and change the values.