IDCVSSSummaryLast (major) updatePublished
CVE-2022-22433 5.0
IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform serve
16-05-2022 - 13:47 05-05-2022 - 16:15
CVE-2022-30011 None
In HMS 1.0 when requesting appointment.php through POST, multiple parameters can lead to a SQL injection vulnerability.
16-05-2022 - 13:15 16-05-2022 - 13:15
CVE-2022-30012 None
In the POST request of the appointment.php page of HMS v.0, there are SQL injection vulnerabilities in multiple parameters, and database information can be obtained through injection.
16-05-2022 - 13:15 16-05-2022 - 13:15
CVE-2022-29110 None
Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-29109.
16-05-2022 - 13:15 10-05-2022 - 21:15
CVE-2022-29586 None
Konica Minolta bizhub MFP devices before 2022-04-14 allow a Sandbox Escape. An attacker must attach a keyboard to a USB port, press F12, and then escape from the kiosk mode.
16-05-2022 - 13:00 16-05-2022 - 06:15
CVE-2022-29587 None
Konica Minolta bizhub MFP devices before 2022-04-14 have an internal Chromium browser that executes with root (aka superuser) access privileges.
16-05-2022 - 13:00 16-05-2022 - 06:15
CVE-2022-29588 None
Konica Minolta bizhub MFP devices before 2022-04-14 use cleartext password storage for the /var/log/nginx/html/ADMINPASS and /etc/shadow files.
16-05-2022 - 13:00 16-05-2022 - 06:15
CVE-2022-30782 None
Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers.
16-05-2022 - 13:00 16-05-2022 - 06:15
CVE-2022-30765 None
Calibre-Web before 0.6.18 allows user table SQL Injection.
16-05-2022 - 13:00 16-05-2022 - 02:15
CVE-2022-30763 None
Janet before 1.22.0 mishandles arrays.
16-05-2022 - 13:00 16-05-2022 - 03:15
CVE-2022-30767 None
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
16-05-2022 - 13:00 16-05-2022 - 03:15
CVE-2022-30770 None
Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions.
16-05-2022 - 13:00 16-05-2022 - 03:15
CVE-2022-30775 None
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
16-05-2022 - 13:00 16-05-2022 - 03:15
CVE-2022-30778 None
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in Illuminate\Broadcasting\PendingBroadcast.php and dispatch($command) in Illuminate\Bus\QueueingDisp
16-05-2022 - 13:00 16-05-2022 - 04:15
CVE-2022-30779 None
Laravel 9.1.8, when processing attacker-controlled data for deserialization, allows Remote Code Execution via an unserialize pop chain in __destruct in GuzzleHttp\Cookie\FileCookieJar.php.
16-05-2022 - 13:00 16-05-2022 - 04:15
CVE-2022-30781 None
Gitea before 1.6.7 does not escape git fetch remote.
16-05-2022 - 13:00 16-05-2022 - 04:15
CVE-2022-28929 None
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.
16-05-2022 - 13:00 15-05-2022 - 16:15
CVE-2022-28936 None
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet.
16-05-2022 - 13:00 15-05-2022 - 16:15
CVE-2022-28937 None
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests.
16-05-2022 - 13:00 15-05-2022 - 16:15
CVE-2022-28930 None
ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml..
16-05-2022 - 13:00 15-05-2022 - 17:15
CVE-2022-30049 None
A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter.
16-05-2022 - 13:00 15-05-2022 - 17:15
CVE-2021-41965 None
A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an exis
16-05-2022 - 13:00 15-05-2022 - 11:15
CVE-2022-30708 None
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the fil
16-05-2022 - 13:00 15-05-2022 - 03:15
CVE-2022-1379 None
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF). This allows ac
16-05-2022 - 13:00 14-05-2022 - 10:15
CVE-2022-24830 None
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential
16-05-2022 - 13:00 14-05-2022 - 00:15
CVE-2022-24831 None
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create SQL queries instead of prepared sta
16-05-2022 - 13:00 14-05-2022 - 01:15
CVE-2022-25946 4.9
On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administr
16-05-2022 - 12:49 05-05-2022 - 17:15
CVE-2022-1468 4.0
On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. Note:
16-05-2022 - 12:35 05-05-2022 - 17:15
CVE-2022-26130 5.0
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic
16-05-2022 - 12:34 05-05-2022 - 17:15
CVE-2022-26071 5.0
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traf
16-05-2022 - 12:31 05-05-2022 - 17:15
CVE-2022-24884 None
ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered vali
16-05-2022 - 04:15 06-05-2022 - 00:15
CVE-2022-30292 7.5
thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reservestack call.
16-05-2022 - 04:15 04-05-2022 - 23:15
CVE-2022-20796 4.9
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an a
16-05-2022 - 04:15 04-05-2022 - 17:15
CVE-2022-20771 7.8
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and
16-05-2022 - 04:15 04-05-2022 - 17:15
CVE-2022-20785 7.8
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS
16-05-2022 - 04:15 04-05-2022 - 17:15
CVE-2022-20770 7.8
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS v
16-05-2022 - 04:15 04-05-2022 - 17:15
CVE-2022-1507 4.3
chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Derefere
16-05-2022 - 04:15 27-04-2022 - 17:15
CVE-2017-4967 4.3
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior t
15-05-2022 - 14:14 13-06-2017 - 06:29
CVE-2019-11287 5.0
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of servi
15-05-2022 - 14:14 23-11-2019 - 00:15
CVE-2017-4966 2.1
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior t
15-05-2022 - 14:13 13-06-2017 - 06:29
CVE-2017-4965 4.3
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior t
15-05-2022 - 14:13 13-06-2017 - 06:29
CVE-2021-36740 6.4
Varnish Cache, with HTTP/2 enabled, allows request smuggling and VCL authorization bypass via a large Content-Length header for a POST request. This affects Varnish Enterprise 6.0.x before 6.0.8r3, and Varnish Cache 5.x and 6.x before 6.5.2, 6.6.x be
15-05-2022 - 13:29 14-07-2021 - 17:15
CVE-2021-42072 6.5
An issue was discovered in Barrier before 2.4.0. The barriers component (aka the server-side implementation of Barrier) does not sufficiently verify the identify of connecting clients. Clients can thus exploit weaknesses in the provided protocol to c
15-05-2022 - 13:28 08-11-2021 - 04:15
CVE-2022-1292 10.0
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execut
15-05-2022 - 04:15 03-05-2022 - 16:15
CVE-2022-28463 None
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
14-05-2022 - 16:15 08-05-2022 - 23:15
CVE-2021-3596 4.3
A NULL pointer dereference flaw was found in ImageMagick in versions prior to 7.0.10-31 in ReadSVGImage() in coders/svg.c. This issue is due to not checking the return value from libxml2's xmlCreatePushParserCtxt() and uses the value directly, which
14-05-2022 - 16:15 24-02-2022 - 19:15
CVE-2022-21434 5.0
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20
14-05-2022 - 12:15 19-04-2022 - 21:15
CVE-2022-21496 5.0
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5,
14-05-2022 - 12:15 19-04-2022 - 21:15
CVE-2022-21426 5.0
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5,
14-05-2022 - 12:15 19-04-2022 - 21:15
CVE-2022-21443 4.3
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20
14-05-2022 - 12:15 19-04-2022 - 21:15
Back to Top Mark selected
Back to Top