CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1951 CVE-2022-33325 Exec Code 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/clear_tools_log/` API is affected by command injection vulnerability.
1952 CVE-2022-33326 Exec Code 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/config_rollback/` API is affected by a command injection vulnerability.
1953 CVE-2022-33327 Exec Code 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove_sniffer_raw_log/` API is affected by a command injection vulnerability.
1954 CVE-2022-33328 Exec Code 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/remove/` API is affected by a command injection vulnerability.
1955 CVE-2022-33329 Exec Code 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Multiple command injection vulnerabilities exist in the web_server ajax endpoints functionalities of Robustel R1510 3.3.0. A specially-crafted network packets can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.The `/ajax/set_sys_time/` API is affected by a command injection vulnerability.
1956 CVE-2022-33638 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33639.
1957 CVE-2022-33639 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638.
1958 CVE-2022-33740 +Info 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
1959 CVE-2022-33741 +Info 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
1960 CVE-2022-33742 +Info 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).
1961 CVE-2022-33743 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.
1962 CVE-2022-33744 DoS 2022-07-05 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.
1963 CVE-2022-33879 2022-06-27 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1.
1964 CVE-2022-33910 Exec Code XSS 2022-06-24 2022-06-24
0.0
None ??? ??? ??? ??? ??? ???
An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute.
1965 CVE-2022-33948 Exec Code 2022-07-04 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product.
1966 CVE-2022-33971 Bypass 2022-07-04 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program.
1967 CVE-2022-34043 Exec Code 2022-06-29 2022-06-29
0.0
None ??? ??? ??? ??? ??? ???
Incorrect permissions for the folder C:\ProgramData\NoMachine\var\uninstall of Nomachine v7.9.2 allows attackers to perform a DLL hijacking attack and execute arbitrary code.
1968 CVE-2022-34057 Exec Code 2022-06-24 2022-06-25
0.0
None ??? ??? ??? ??? ??? ???
The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
1969 CVE-2022-34059 Exec Code 2022-06-24 2022-06-25
0.0
None ??? ??? ??? ??? ??? ???
The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
1970 CVE-2022-34060 Exec Code 2022-06-24 2022-06-25
0.0
None ??? ??? ??? ??? ??? ???
The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
1971 CVE-2022-34061 Exec Code 2022-06-24 2022-06-25
0.0
None ??? ??? ??? ??? ??? ???
The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
1972 CVE-2022-34064 Exec Code 2022-06-24 2022-06-25
0.0
None ??? ??? ??? ??? ??? ???
The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
1973 CVE-2022-34065 Exec Code 2022-06-24 2022-06-25
0.0
None ??? ??? ??? ??? ??? ???
The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
1974 CVE-2022-34066 Exec Code 2022-06-24 2022-06-25
0.0
None ??? ??? ??? ??? ??? ???
The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges.
1975 CVE-2022-34132 Sql 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.
1976 CVE-2022-34133 XSS 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.
1977 CVE-2022-34134 CSRF 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.
1978 CVE-2022-34151 2022-07-04 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller.
1979 CVE-2022-34265 Sql 2022-07-04 2022-07-05
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.
1980 CVE-2022-34295 2022-06-23 2022-06-23
0.0
None ??? ??? ??? ??? ??? ???
totd before 1.5.3 does not properly randomize mesg IDs.
1981 CVE-2022-34296 Bypass 2022-06-23 2022-06-23
0.0
None ??? ??? ??? ??? ??? ???
In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request.
1982 CVE-2022-34298 2022-06-23 2022-06-23
0.0
None ??? ??? ??? ??? ??? ???
The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack."
1983 CVE-2022-34491 XSS 2022-06-25 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
In the RSS extension for MediaWiki through 1.38.1, when the $wgRSSAllowLinkTag config variable was set to true, and a new RSS feed was created with certain XSS payloads within its description tags and added to the $wgRSSUrlWhitelist config variable, stored XSS could occur via MediaWiki's template system whenever that feed was loaded via the rss document tag.
1984 CVE-2022-34494 2022-06-26 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.
1985 CVE-2022-34495 2022-06-26 2022-06-27
0.0
None ??? ??? ??? ??? ??? ???
rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.
1986 CVE-2022-34750 2022-06-28 2022-06-28
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty.
1987 CVE-2022-34777 79 XSS 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Jenkins GitLab Plugin 1.5.34 and earlier does not escape multiple fields inserted into the description of webhook-triggered builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
1988 CVE-2022-34778 79 XSS 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Jenkins TestNG Results Plugin 554.va4a552116332 and earlier renders the unescaped test descriptions and exception messages provided in test results if certain job-level options are set, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or control test results.
1989 CVE-2022-34779 862 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
A missing permission check in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
1990 CVE-2022-34780 352 CSRF 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery (CSRF) vulnerability in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
1991 CVE-2022-34781 862 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Missing permission checks in Jenkins XebiaLabs XL Release Plugin 22.0.0 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
1992 CVE-2022-34782 863 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
An incorrect permission check in Jenkins requests-plugin Plugin 2.2.16 and earlier allows attackers with Overall/Read permission to view the list of pending requests.
1993 CVE-2022-34783 79 XSS 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Plot Plugin 2.1.10 and earlier does not escape plot descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
1994 CVE-2022-34784 79 XSS 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Jenkins build-metrics Plugin 1.3 does not escape the build description on one of its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Build/Update permission.
1995 CVE-2022-34785 862 +Info 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Jenkins build-metrics Plugin 1.3 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about jobs otherwise inaccessible to them.
1996 CVE-2022-34786 79 XSS 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Rich Text Publisher Plugin 1.4 and earlier does not escape the HTML message set by its post-build step, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.
1997 CVE-2022-34787 XSS 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Project Inheritance Plugin 21.04.03 and earlier does not escape the reason a build is blocked in tooltips, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control the reason a queue item is blocked.
1998 CVE-2022-34788 79 XSS 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Jenkins Matrix Reloaded Plugin 1.1.3 and earlier does not escape the agent name in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.
1999 CVE-2022-34789 352 CSRF 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
A cross-site request forgery (CSRF) vulnerability in Jenkins Matrix Reloaded Plugin 1.1.3 and earlier allows attackers to rebuild previous matrix builds.
2000 CVE-2022-34790 79 XSS 2022-06-30 2022-06-30
0.0
None ??? ??? ??? ??? ??? ???
Jenkins eXtreme Feedback Panel Plugin 2.0.1 and earlier does not escape the job names used in tooltips, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
Total number of vulnerabilities : 2011   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 (This Page)41
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.