CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1851 CVE-2022-31770 DoS 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
IBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.
1852 CVE-2022-31805 523 2022-06-24 2022-06-24
0.0
None ??? ??? ??? ??? ??? ???
In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.
1853 CVE-2022-31806 1188 2022-06-24 2022-06-24
0.0
None ??? ??? ??? ??? ??? ???
In CODESYS V2 PLCWinNT and Runtime Toolkit 32 in versions prior to V2.4.7.57 password protection is not enabled by default and there is no information or prompt to enable password protection at login in case no password is set at the controller.
1854 CVE-2022-31836 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
1855 CVE-2022-31856 Sql 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Newsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.
1856 CVE-2022-31883 2022-06-28 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.
1857 CVE-2022-31884 2022-06-28 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.
1858 CVE-2022-31885 2022-06-28 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.
1859 CVE-2022-31886 CSRF 2022-06-28 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.
1860 CVE-2022-31887 2022-06-28 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.
1861 CVE-2022-31897 XSS 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
SourceCodester Zoo Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via public_html/register_visitor?msg=.
1862 CVE-2022-31943 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
MCMS v5.2.8 was discovered to contain an arbitrary file upload vulnerability.
1863 CVE-2022-32030 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand.
1864 CVE-2022-32031 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic.
1865 CVE-2022-32032 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule.
1866 CVE-2022-32033 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer.
1867 CVE-2022-32034 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.
1868 CVE-2022-32035 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.
1869 CVE-2022-32036 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Tenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb.
1870 CVE-2022-32037 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAPCfg.
1871 CVE-2022-32039 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the listN parameter in the function fromDhcpListClient.
1872 CVE-2022-32040 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetCfm.
1873 CVE-2022-32041 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formGetPassengerAnalyseData.
1874 CVE-2022-32043 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Tenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formSetAccessCodeInfo.
1875 CVE-2022-32044 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the password parameter in the function FUN_00413f80.
1876 CVE-2022-32045 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00413be4.
1877 CVE-2022-32046 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_0041880c.
1878 CVE-2022-32047 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_00412ef4.
1879 CVE-2022-32048 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the command parameter in the function FUN_0041cc88.
1880 CVE-2022-32049 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the url parameter in the function FUN_00418540.
1881 CVE-2022-32050 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041af40.
1882 CVE-2022-32051 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc, week, sTime, eTime parameters in the function FUN_004133c4.
1883 CVE-2022-32052 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the desc parameter in the function FUN_004137a4.
1884 CVE-2022-32053 Overflow 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
TOTOLINK T6 V4.1.9cu.5179_B20201015 was discovered to contain a stack overflow via the cloneMac parameter in the function FUN_0041621c.
1885 CVE-2022-32081 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.
1886 CVE-2022-32082 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
MariaDB v10.5 to v10.7 was discovered to contain an assertion failure at table->get_ref_count() == 0 in dict0dict.cc.
1887 CVE-2022-32083 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.
1888 CVE-2022-32084 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component sub_select.
1889 CVE-2022-32085 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_func_in::cleanup/Item::cleanup_processor.
1890 CVE-2022-32086 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.
1891 CVE-2022-32087 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args.
1892 CVE-2022-32088 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort.
1893 CVE-2022-32089 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
MariaDB v10.5 to v10.7 was discovered to contain a segmentation fault via the component st_select_lex_unit::exclude_level.
1894 CVE-2022-32091 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.
1895 CVE-2022-32092 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi.
1896 CVE-2022-32093 Sql 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.
1897 CVE-2022-32094 Sql 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.
1898 CVE-2022-32095 Sql 2022-07-01 2022-07-01
0.0
None ??? ??? ??? ??? ??? ???
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.
1899 CVE-2022-32209 XSS 2022-06-24 2022-06-24
0.0
None ??? ??? ??? ??? ??? ???
# Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user).
1900 CVE-2022-32284 2022-07-04 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet.
Total number of vulnerabilities : 2011   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 (This Page)39 40 41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.