Total
1786 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43782 | 1 Enalean | 1 Tuleap | 2022-08-09 | 6.0 MEDIUM | 7.2 HIGH |
| Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4. | |||||
| CVE-2021-41276 | 1 Enalean | 1 Tuleap | 2022-08-09 | 6.0 MEDIUM | 7.2 HIGH |
| Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. This issue has been patched in Tuleap Community Edition 13.2.99.31, Tuleap Enterprise Edition 13.1-5, and Tuleap Enterprise Edition 13.2-3. | |||||
| CVE-2021-44530 | 1 Ui | 1 Unifi Network Controller | 2022-08-09 | 7.5 HIGH | 9.8 CRITICAL |
| An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application. | |||||
| CVE-2022-36302 | 1 Bosch | 1 Bf-os | 2022-08-08 | N/A | 5.4 MEDIUM |
| File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information. | |||||
| CVE-2021-0268 | 1 Juniper | 1 Junos | 2022-08-05 | 5.8 MEDIUM | 9.3 CRITICAL |
| An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness in J-web of Juniper Networks Junos OS leads to buffer overflows, segment faults, or other impacts, which allows an attacker to modify the integrity of the device and exfiltration information from the device without authentication. The weakness can be exploited to facilitate cross-site scripting (XSS), cookie manipulation (modifying session cookies, stealing cookies) and more. This weakness can also be exploited by directing a user to a seemingly legitimate link from the affected site. The attacker requires no special access or permissions to the device to carry out such attacks. This issue affects: Juniper Networks Junos OS: 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S5; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S3; 19.1 versions prior to 19.1R2-S2, 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2, 19.4R3; 20.1 versions prior to 20.1R1-S2, 20.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 18.1R1. | |||||
| CVE-2021-25682 | 1 Canonical | 1 Apport | 2022-08-01 | 7.2 HIGH | 7.8 HIGH |
| It was discovered that the get_pid_info() function in data/apport did not properly parse the /proc/pid/status file from the kernel. | |||||
| CVE-2021-27908 | 1 Acquia | 1 Mautic | 2022-07-29 | 2.1 LOW | 4.4 MEDIUM |
| In all versions prior to Mautic 3.3.2, secret parameters such as database credentials could be exposed publicly by an authorized admin user through leveraging Symfony parameter syntax in any of the free text fields in Mautic’s configuration that are used in publicly facing parts of the application. | |||||
| CVE-2016-15004 | 1 Revmakx | 1 Infinitewp Client | 2022-07-29 | N/A | 9.8 CRITICAL |
| A vulnerability was found in InfiniteWP Client Plugin 1.5.1.3/1.6.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to injection. The attack can be launched remotely. Upgrading to version 1.6.1.1 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2021-43350 | 1 Apache | 1 Traffic Control | 2022-07-25 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated Apache Traffic Control Traffic Ops user can send a request with a specially-crafted username to the POST /login endpoint of any API version to inject unsanitized content into the LDAP filter. | |||||
| CVE-2022-33011 | 1 Withknown | 1 Known | 2022-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Known v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack. | |||||
| CVE-2021-36668 | 1 Druva | 1 Insync Client | 2022-07-20 | 4.6 MEDIUM | 7.8 HIGH |
| URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App. | |||||
| CVE-2020-35669 | 1 Dart | 1 Http | 2022-07-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP request. | |||||
| CVE-2022-31593 | 1 Sap | 1 Business One | 2022-07-16 | 6.5 MEDIUM | 8.8 HIGH |
| SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. An attacker could thereby control the behavior of the application. | |||||
| CVE-2022-34914 | 1 Webswing | 1 Webswing | 2022-07-16 | 6.8 MEDIUM | 9.8 CRITICAL |
| Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary value that is used to replace the clientIp variable (without sanitization). A client can thus inject multiple arguments into the session startup. Systems that do not use the clientIP variable in the configuration are not vulnerable. The vulnerability is fixed in these versions: 20.1.16, 20.2.19, 21.1.8, 21.2.12, and 22.1.3. | |||||
| CVE-2020-5323 | 1 Dell | 2 Emc Openmanage Enterprise, Emc Openmanage Enterprise-modular | 2022-07-15 | 5.5 MEDIUM | 8.1 HIGH |
| Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to gain access to sensitive information or cause denial-of-service. | |||||
| CVE-2022-31126 | 1 Roxy-wi | 1 Roxy-wi | 2022-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue. | |||||
| CVE-2021-45656 | 1 Netgear | 54 Ac2100, Ac2100 Firmware, Ac2400 and 51 more | 2022-07-12 | 4.6 MEDIUM | 7.8 HIGH |
| Certain NETGEAR devices are affected by server-side injection. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RBK40 before 2.5.1.16, RBR40 before 2.5.1.16, RBS40 before 2.5.1.16, RBK20 before 2.5.1.16, RBR20 before 2.5.1.16, RBS20 before 2.5.1.16, RBK50 before 2.5.1.16, RBR50 before 2.5.1.16, RBS50 before 2.5.1.16, and RBS50Y before 2.6.1.40. | |||||
| CVE-2021-33668 | 1 Sap | 1 Infrabox | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Due to improper input sanitization, specially crafted LDAP queries can be injected by an unauthenticated user. This could partially impact the confidentiality of the application. | |||||
| CVE-2021-3154 | 1 Solarwinds | 1 Serv-u | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in SolarWinds Serv-U before 15.2.2. Unauthenticated attackers can retrieve cleartext passwords via macro Injection. NOTE: this had a distinct fix relative to CVE-2020-35481. | |||||
| CVE-2021-44550 | 1 Stanford | 1 Corenlp | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| An Incorrect Access Control vulnerability exists in CoreNLP 4.3.2 via the classifier in NERServlet.java (lines 158 and 159). | |||||