Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2022-37150 An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters. | 5.4 | MEDIUM | — | 0 |
| CVE-2022-36708 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /student/bookdetails.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-37151 There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0. | 7.5 | HIGH | — | 0 |
| CVE-2022-37152 An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client" | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36521 Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts. | 7.5 | HIGH | — | 0 |
| CVE-2021-20260 A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerab... | 7.8 | HIGH | — | 0 |
| CVE-2021-35939 It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns anot... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-3414 A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threa... | 8.1 | HIGH | — | 0 |
| CVE-2022-34302 A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code... | 6.7 | MEDIUM | — | 0 |
| CVE-2021-3427 The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user wit... | 6.1 | MEDIUM | — | 0 |
| CVE-2021-3563 A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. T... | 7.4 | HIGH | — | 0 |
| CVE-2021-3574 A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. | 3.3 | LOW | — | 0 |
| CVE-2021-3585 A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-0084 A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed request... | 7.5 | HIGH | — | 0 |
| CVE-2021-3632 A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less l... | 7.5 | HIGH | — | 0 |
| CVE-2021-3644 A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interfa... | 3.3 | LOW | — | 0 |
| CVE-2021-3688 A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could all... | 4.8 | MEDIUM | — | 0 |
| CVE-2021-3703 It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed wi... | 7.5 | HIGH | — | 0 |
| CVE-2021-3754 A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in cas... | 5.3 | MEDIUM | — | 0 |
| CVE-2021-3856 ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an exte... | 4.3 | MEDIUM | — | 0 |
| CVE-2021-3859 A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. | 7.5 | HIGH | — | 0 |
| CVE-2021-3864 A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and ... | 7.0 | HIGH | — | 0 |
| CVE-2021-4216 A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-25625 A malicious unauthorized PAM user can access the administration configuration data and change the values. | 8.8 | HIGH | — | 0 |
| CVE-2022-0168 A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_us... | 4.4 | MEDIUM | — | 0 |
| CVE-2022-0171 A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM ins... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-0175 A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw... | 5.5 | MEDIUM | — | 0 |
| CVE-2022-0207 A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. | 4.7 | MEDIUM | — | 0 |
| CVE-2022-3013 A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument log... | 6.3 | MEDIUM | — | 0 |
| CVE-2022-0216 A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do... | 4.4 | MEDIUM | — | 0 |
| CVE-2022-0217 It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in ... | 7.5 | HIGH | — | 0 |
| CVE-2022-0225 A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site sc... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-31773 IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that t... | 8.8 | HIGH | — | 0 |
| CVE-2022-34301 A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary co... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-38794 Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. | 7.5 | HIGH | — | 0 |
| CVE-2022-34303 A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre... | 6.7 | MEDIUM | — | 0 |
| CVE-2022-35714 IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality poten... | 5.4 | MEDIUM | — | 0 |
| CVE-2022-36522 Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Ser... | 6.5 | MEDIUM | — | 0 |
| CVE-2022-36529 Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. | 8.8 | HIGH | — | 0 |
| CVE-2022-2915 A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execut... | 8.8 | HIGH | — | 0 |
| CVE-2022-3012 A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The mani... | 6.3 | MEDIUM | — | 0 |
| CVE-2022-3014 A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross ... | 3.5 | LOW | — | 0 |
| CVE-2022-3015 A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulatio... | 3.5 | LOW | — | 0 |
| CVE-2022-2787 Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. | 4.3 | MEDIUM | — | 0 |
| CVE-2022-38791 In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | 5.5 | MEDIUM | — | 0 |
| CVE-2022-38792 The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-3016 Use After Free in GitHub repository vim/vim prior to 9.0.0286. | 7.8 | HIGH | — | 0 |
| CVE-2022-3017 Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38. | 6.5 | MEDIUM | — | 0 |
| CVE-2022-36755 D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | 9.8 | CRITICAL | — | 0 |
| CVE-2022-36756 DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.