Vulnerabilities (CVE)

Total 15939 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-1292 1 Openssl 1 Openssl 2022-06-29 10.0 HIGH 9.8 CRITICAL
The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).
CVE-2017-12562 1 Libsndfile Project 1 Libsndfile 2022-06-28 7.5 HIGH 9.8 CRITICAL
Heap-based Buffer Overflow in the psf_binheader_writef function in common.c in libsndfile through 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2022-29775 1 Ispyconnect 1 Ispy 2022-06-28 7.5 HIGH 9.8 CRITICAL
iSpyConnect iSpy v7.2.2.0 allows attackers to bypass authentication via a crafted URL.
CVE-2022-2023 1 Trudesk Project 1 Trudesk 2022-06-28 7.5 HIGH 9.8 CRITICAL
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.
CVE-2017-20067 1 Hindu Matrimonial Script Project 1 Hindu Matrimonial Script 2022-06-28 7.5 HIGH 9.8 CRITICAL
A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/. The manipulation of the argument username/password with the input 'or''=' leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-31801 2 Phoenixcontact, Phoenixcontact-software 3 Multiprog, Proconos, Proconos Eclr 2022-06-28 10.0 HIGH 9.8 CRITICAL
An unauthenticated, remote attacker could upload malicious logic to the devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.
CVE-2022-31800 1 Phoenixcontact 34 Axc 1050, Axc 1050 Firmware, Axc 1050 Xc and 31 more 2022-06-28 10.0 HIGH 9.8 CRITICAL
An unauthenticated, remote attacker could upload malicious logic to devices based on ProConOS/ProConOS eCLR in order to gain full control over the device.
CVE-2022-1905 1 E-dynamics 1 Events Made Easy 2022-06-28 7.5 HIGH 9.8 CRITICAL
The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
CVE-2022-31874 1 Asus 2 Rt-n53, Rt-n53 Firmware 2022-06-28 7.5 HIGH 9.8 CRITICAL
ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.
CVE-2022-33750 1 Broadcom 1 Ca Automic Automation 2022-06-28 7.5 HIGH 9.8 CRITICAL
CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.
CVE-2022-29496 1 Blynk 1 Blynk-library 2022-06-28 7.5 HIGH 9.8 CRITICAL
A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.
CVE-2022-21806 1 Anker 2 Eufy Homebase 2, Eufy Homebase 2 Firmware 2022-06-28 7.5 HIGH 9.8 CRITICAL
A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to remote code execution. The device is exposed to attacks from the network.
CVE-2021-40903 1 Antminer Monitor Project 1 Antminer Monitor 2022-06-28 7.5 HIGH 9.8 CRITICAL
A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static.
CVE-2021-41411 1 Redhat 1 Drools 2022-06-28 7.5 HIGH 9.8 CRITICAL
drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java. The Validator class is not used correctly, resulting in the XXE injection vulnerability.
CVE-2022-22485 3 Ibm, Linux, Microsoft 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more 2022-06-28 7.5 HIGH 9.8 CRITICAL
In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server. An attacker could exploit this vulnerability using brute force techniques to gain unauthorized administrative access to the IBM Spectrum Protect Server. IBM X-Force ID: 226325.
CVE-2022-30767 1 Denx 1 U-boot 2022-06-28 7.5 HIGH 9.8 CRITICAL
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
CVE-2022-31941 1 Rescue Dispatch Management System Project 1 Rescue Dispatch Management System 2022-06-28 7.5 HIGH 9.8 CRITICAL
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_user&id=.
CVE-2022-22317 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Curam Social Program Management and 4 more 2022-06-28 7.5 HIGH 9.8 CRITICAL
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 218281.
CVE-2022-22318 5 Hp, Ibm, Linux and 2 more 7 Hp-ux, Aix, Curam Social Program Management and 4 more 2022-06-28 6.5 MEDIUM 9.8 CRITICAL
IBM Curam Social Program Management 8.0.0 and 8.0.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.
CVE-2022-30422 1 Proietti 1 Planet Time Enterprise 2022-06-28 10.0 HIGH 9.8 CRITICAL
Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter.