CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-31651 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
2 CVE-2022-31650 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
3 CVE-2022-31624 DoS 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
4 CVE-2022-31623 DoS 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
5 CVE-2022-31622 DoS 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
6 CVE-2022-31621 DoS 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
7 CVE-2022-31620 DoS 2022-05-25 2022-05-25
0.0
None ??? ??? ??? ??? ??? ???
In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan.
8 CVE-2022-31489 Sql 2022-05-23 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.
9 CVE-2022-31488 Sql 2022-05-23 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection.
10 CVE-2022-31487 Sql 2022-05-23 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection.
11 CVE-2022-31467 2022-05-23 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation.
12 CVE-2022-31466 2022-05-23 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation. It may follow a symlink that was created after a malware check.
13 CVE-2022-31268 2022-05-21 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).
14 CVE-2022-31267 2022-05-21 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value.
15 CVE-2022-31264 Overflow 2022-05-21 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.
16 CVE-2022-31263 Bypass 2022-05-24 2022-05-24
0.0
None ??? ??? ??? ??? ??? ???
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.
17 CVE-2022-31261 2022-05-24 2022-05-24
0.0
None ??? ??? ??? ??? ??? ???
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to.
18 CVE-2022-31259 Bypass 2022-05-21 2022-05-23
0.0
None ??? ??? ??? ??? ??? ???
The route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
19 CVE-2022-31258 2022-05-20 2022-05-21
0.0
None ??? ??? ??? ??? ??? ???
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
20 CVE-2022-31245 2022-05-20 2022-05-20
0.0
None ??? ??? ??? ??? ??? ???
mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs.
21 CVE-2022-31215 Bypass 2022-05-20 2022-05-20
0.0
None ??? ??? ??? ??? ??? ???
In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11.
22 CVE-2022-30994 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 29240
23 CVE-2022-30993 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
Cleartext transmission of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
24 CVE-2022-30992 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
Open redirect via user-controlled query parameter. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
25 CVE-2022-30991 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
HTML injection via report name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 29240
26 CVE-2022-30990 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Linux) before build 29240, Acronis Agent (Linux) before build 28037
27 CVE-2022-30976 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
GPAC 2.0.0 misuses a certain Unicode utf8_wcslen (renamed gf_utf8_wcslen) function in utils/utf.c, resulting in a heap-based buffer over-read, as demonstrated by MP4Box.
28 CVE-2022-30975 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
In Artifex MuJS through 1.2.0, jsP_dumpsyntax in jsdump.c has a NULL pointer dereference, as demonstrated by mujs-pp.
29 CVE-2022-30974 2022-05-18 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
compile in regexp.c in Artifex MuJS through 1.2.0 results in stack consumption because of unlimited recursion, a different issue than CVE-2019-11413.
30 CVE-2022-30957 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
A missing permission check in Jenkins SSH Plugin 2.6.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
31 CVE-2022-30956 XSS 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Rundeck Plugin 3.6.10 and earlier does not restrict URL schemes in Rundeck webhook submissions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to submit crafted Rundeck webhook payloads.
32 CVE-2022-30955 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins GitLab Plugin 1.5.31 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
33 CVE-2022-30954 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Blue Ocean Plugin 1.25.3 and earlier does not perform a permission check in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified HTTP server.
34 CVE-2022-30953 CSRF 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery (CSRF) vulnerability in Jenkins Blue Ocean Plugin 1.25.3 and earlier allows attackers to connect to an attacker-specified HTTP server.
35 CVE-2022-30952 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Pipeline SCM API for Blue Ocean Plugin 1.25.3 and earlier allows attackers with Job/Configure permission to access credentials with attacker-specified IDs stored in the private per-user credentials stores of any attacker-specified user in Jenkins.
36 CVE-2022-30951 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in.
37 CVE-2022-30950 Exec Code Overflow 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent machine.
38 CVE-2022-30949 +Info 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins REPO Plugin 1.14.0 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
39 CVE-2022-30948 +Info 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Mercurial Plugin 2.16 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
40 CVE-2022-30947 +Info 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Git Plugin 4.11.1 and earlier allows attackers able to configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs, obtaining limited information about other projects' SCM contents.
41 CVE-2022-30946 CSRF 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery (CSRF) vulnerability in Jenkins Script Security Plugin 1158.v7c1b_73a_69a_08 and earlier allows attackers to have Jenkins send an HTTP request to an attacker-specified webserver.
42 CVE-2022-30945 2022-05-17 2022-05-17
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Pipeline: Groovy Plugin 2689.v434009a_31b_f1 and earlier allows loading any Groovy source files on the classpath of Jenkins and Jenkins plugins in sandboxed pipelines.
43 CVE-2022-30887 Exec Code 2022-05-20 2022-05-20
0.0
None ??? ??? ??? ??? ??? ???
Pharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.
44 CVE-2022-30886 Sql 2022-05-20 2022-05-20
0.0
None ??? ??? ??? ??? ??? ???
School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php.
45 CVE-2022-30843 Sql 2022-05-24 2022-05-24
0.0
None ??? ??? ??? ??? ??? ???
Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id.
46 CVE-2022-30842 XSS 2022-05-24 2022-05-24
0.0
None ??? ??? ??? ??? ??? ???
Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname.
47 CVE-2022-30839 XSS 2022-05-24 2022-05-24
0.0
None ??? ??? ??? ??? ??? ???
Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name.
48 CVE-2022-30838 Sql 2022-05-24 2022-05-24
0.0
None ??? ??? ??? ??? ??? ???
Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status
49 CVE-2022-30837 XSS 2022-05-24 2022-05-24
0.0
None ??? ??? ??? ??? ??? ???
Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name.
50 CVE-2022-30689 2022-05-17 2022-05-18
0.0
None ??? ??? ??? ??? ??? ???
HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0 and does not affect the separate Enterprise MFA feature set. Fixed in 1.10.3.
Total number of vulnerabilities : 823   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.