CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2022-25471 An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/... | 8.1 | HIGH | — | 0 |
| CVE-2022-24563 In Genixcms v1.1.11, a stored Cross-Site Scripting (XSS) vulnerability exists in /gxadmin/index.php?page=themes&view=options" via the intro_title and intro_image parameters. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-24573 A stored cross-site scripting (XSS) vulnerability in the admin interface in Element-IT HTTP Commander 7.0.0 allows unauthenticated users to get admin access by injecting a malicious script in the User... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-42950 Remote Code Execution (RCE) vulnerability exists in Zepl Notebooks all previous versions before October 25 2021. Users can register for an account and are allocated a set number of credits to try the ... | 8.8 | HIGH | — | 0 |
| CVE-2022-23849 The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access the application because of authentication bypass. An attacker must rapidly make failed biometric authe... | 6.6 | MEDIUM | — | 0 |
| CVE-2021-40635 OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An attacker can inject a SQL query to extract information from the database. | 7.5 | HIGH | — | 0 |
| CVE-2021-40636 OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract information from the database. | 7.5 | HIGH | — | 0 |
| CVE-2022-23648 containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s... | 7.5 | HIGH | — | 0 |
| CVE-2021-40637 OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user. | 6.1 | MEDIUM | — | 0 |
| CVE-2021-43774 A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default creden... | 4.9 | MEDIUM | — | 0 |
| CVE-2021-45819 Wordline HIDCCEMonitorSVC before v5.2.4.3 contains an unquoted service path which allows attackers to escalate privileges to the system level. | 6.4 | MEDIUM | — | 0 |
| CVE-2022-25031 Remote Desktop Commander Suite Agent before v4.8 contains an unquoted service path which allows attackers to escalate privileges to the system level. | 7.8 | HIGH | — | 0 |
| CVE-2022-0753 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.9. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-0841 OS Command Injection in GitHub repository ljharb/npm-lockfile in v2.0.3 and v2.0.4. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-25138 Axelor Open Suite v5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Name parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-22700 CyberArk Identity versions up to and including 22.1 in the 'StartAuthentication' resource, exposes the response header 'X-CFY-TX-TM'. In certain configurations, that response header contains different... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-3602 An information disclosure flaw was found in Buildah, when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variab... | 5.5 | MEDIUM | — | 0 |
| CVE-2021-3609 .A flaw was found in the CAN BCM networking protocol in the Linux kernel, where a local attacker can abuse a flaw in the CAN subsystem to corrupt memory, crash the system or escalate privileges. This ... | 7.0 | HIGH | — | 0 |
| CVE-2021-3620 A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest thr... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-0492 A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_a... | 7.8 | HIGH | — | 0 |
| CVE-2022-23898 MCMS v5.2.5 was discovered to contain a SQL injection vulnerability via the categoryId parameter in the file IContentDao.xml. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-24724 cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:... | 8.8 | HIGH | — | 0 |
| CVE-2022-21716 Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the pee... | 7.5 | HIGH | — | 0 |
| CVE-2022-24723 URI.js is a Javascript URL mutation library. Before version 1.19.9, whitespace characters are not removed from the beginning of the protocol, so URLs are not parsed properly. This issue has been patch... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-3762 A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary f... | 9.8 | CRITICAL | — | 0 |
| CVE-2021-4002 A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some... | 4.4 | MEDIUM | — | 0 |
| CVE-2022-0265 Improper Restriction of XML External Entity Reference in GitHub repository hazelcast/hazelcast in 5.1-BETA-1. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-22943 VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where V... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-23051 PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code while adding an 'Attack Tree' by modifying the 'svg_file' parameter. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-23052 PeteReport Version 0.5 contains a Cross Site Request Forgery (CSRF) vulnerability allowing an attacker to trick users into deleting users, products, reports and findings on the application. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-23708 A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-23709 A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite ex... | 4.3 | MEDIUM | — | 0 |
| CVE-2022-23710 A cross-site-scripting (XSS) vulnerability was discovered in the Data Preview Pane (previously known as Index Pattern Preview Pane) which could allow arbitrary JavaScript to be executed in a victim’s ... | 6.1 | MEDIUM | — | 0 |
| CVE-2022-24725 Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functi... | 6.2 | MEDIUM | — | 0 |
| CVE-2022-25220 PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding. | 4.8 | MEDIUM | — | 0 |
| CVE-2021-26259 A flaw was found in htmldoc in v1.9.12. Heap buffer overflow in render_table_row(),in ps-pdf.cxx may lead to arbitrary code execution and denial of service. | 7.8 | HIGH | — | 0 |
| CVE-2021-26948 Null pointer dereference in the htmldoc v1.9.11 and before may allow attackers to execute arbitrary code and cause a denial of service via a crafted html file. | 7.8 | HIGH | — | 0 |
| CVE-2021-3638 An out-of-bounds memory access flaw was found in the ATI VGA device emulation of QEMU. This flaw occurs in the ati_2d_blt() routine while handling MMIO write operations when the guest provides invalid... | 6.5 | MEDIUM | — | 0 |
| CVE-2021-3640 A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_de... | 7.0 | HIGH | — | 0 |
| CVE-2022-0730 Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0838 Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.5.10. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-0848 OS Command Injection in GitHub repository part-db/part-db prior to 0.5.11. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-0752 Cross-site Scripting (XSS) - Generic in GitHub repository hestiacp/hestiacp prior to 1.5.9. | 6.1 | MEDIUM | — | 0 |
| CVE-2022-23327 A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a ... | 7.5 | HIGH | — | 0 |
| CVE-2020-18327 Cross Site Scripting (XSS) vulnerability exists in Alfresco Alfresco Community Edition v5.2.0 via the action parameter in the alfresco/s/admin/admin-nodebrowser API. Fixed in v6.2 | 6.1 | MEDIUM | — | 0 |
| CVE-2022-23328 A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a vi... | 7.5 | HIGH | — | 0 |
| CVE-2021-43392 STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to obtain information on cryptographic secrets. This is associated with the ECDSA signature algorithm on the Java... | 6.2 | MEDIUM | — | 0 |
| CVE-2021-43393 STMicroelectronics STSAFE-J 1.1.4, J-SAFE3 1.2.5, and J-SIGN sometimes allow attackers to abuse signature verification. This is associated with the ECDSA signature algorithm on the Java Card J-SAFE3 a... | 6.2 | MEDIUM | — | 0 |
| CVE-2021-44321 Mini-Inventory-and-Sales-Management-System is affected by Cross Site Request Forgery (CSRF), where an attacker can update/delete items in the inventory. The attacker must be logged into the applicatio... | 5.0 | MEDIUM | — | 0 |
| CVE-2021-46393 There is a stack buffer overflow vulnerability in the formSetPPTPServer function of Tenda-AX3 router V16.03.12.10_CN. The v10 variable is directly retrieved from the http request parameter startIp. Th... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.