Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-34060 | 1 Togglee | 1 Togglee | 2022-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-34059 | 1 Sixfab-tool Project | 1 Sixfab-tool | 2022-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-34061 | 1 Catly Translate Project | 1 Catly Translate | 2022-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-34066 | 1 Texercise Project | 1 Texercise | 2022-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-34065 | 1 Rondolu-yt-concate Project | 1 Rondolu-yt-concate | 2022-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-34064 | 1 Zibal Project | 1 Zibal | 2022-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-2105 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2022-07-06 | 6.4 MEDIUM | 9.1 CRITICAL |
| Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters. | |||||
| CVE-2022-1667 | 1 Secheron | 2 Sepcos Control And Protection Relay, Sepcos Control And Protection Relay Firmware | 2022-07-05 | 7.8 HIGH | 7.5 HIGH |
| Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script | |||||
| CVE-2021-32002 | 1 Secomea | 2 Sitemanager, Sitemanager Firmware | 2022-07-02 | 2.1 LOW | 3.3 LOW |
| Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. | |||||
| CVE-2021-32689 | 1 Nextcloud | 1 Talk | 2022-07-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Nextcloud Talk is a fully on-premises audio/video and chat communication service. In versions prior to 11.2.2, if a user was able to reuse an earlier used username, they could get access to any chat message sent to the previous user with this username. The issue was patched in versions 11.2.2 and 11.3.0. As a workaround, don't allow users to choose usernames themselves. This is the default behaviour of Nextcloud, but some user providers may allow doing so. | |||||
| CVE-2017-20084 | 1 Jung-group | 2 Smart Visu Server, Smart Visu Server Firmware | 2022-06-29 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Address. The manipulation leads to backdoor. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20083 | 1 Jung-group | 2 Smart Visu Server, Smart Visu Server Firmware | 2022-06-29 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2017-20082 | 1 Jung-group | 2 Smart Visu Server, Smart Visu Server Firmware | 2022-06-29 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2001-1104 | 1 Sonicwall | 2 Soho, Soho Firmware | 2022-06-28 | 7.5 HIGH | N/A |
| SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. | |||||
| CVE-2021-20861 | 1 Elecom | 28 Edwrc-2533gst2, Edwrc-2533gst2 Firmware, Wrc-1167gst2 and 25 more | 2022-06-28 | 5.8 MEDIUM | 8.8 HIGH |
| Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and prior, WRC-1167GST2A firmware v1.25 and prior, WRC-1167GST2H firmware v1.25 and prior, WRC-2533GS2-B firmware v1.52 and prior, WRC-2533GS2-W firmware v1.52 and prior, WRC-1750GS firmware v1.03 and prior, WRC-1750GSV firmware v2.11 and prior, WRC-1900GST firmware v1.03 and prior, WRC-2533GST firmware v1.03 and prior, WRC-2533GSTA firmware v1.03 and prior, WRC-2533GST2 firmware v1.25 and prior, WRC-2533GST2SP firmware v1.25 and prior, WRC-2533GST2-G firmware v1.25 and prior, and EDWRC-2533GST2 firmware v1.25 and prior) allows a network-adjacent authenticated attacker to bypass access restriction and to access the management screen of the product via unspecified vectors. | |||||
| CVE-2021-20778 | 1 Ec-cube | 1 Ec-cube | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| Improper access control vulnerability in EC-CUBE 4.0.6 (EC-CUBE 4 series) allows a remote attacker to bypass access restriction and obtain sensitive information via unspecified vectors. | |||||
| CVE-2020-12729 | 1 Magicsmotion | 2 Flamingo 2, Flamingo 2 Firmware | 2022-06-28 | 2.1 LOW | 4.6 MEDIUM |
| MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors. | |||||
| CVE-2021-20584 | 1 Ibm | 1 Sterling B2b Integrator | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 199397. | |||||
| CVE-2021-43564 | 1 Job Fair Project | 1 Job Fair | 2022-06-28 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the jobfair (aka Job Fair) extension before 1.0.13 and 2.x before 2.0.2 for TYPO3. The extension fails to protect or obfuscate filenames of uploaded files. This allows unauthenticated users to download files with sensitive data by simply guessing the filename of uploaded files (e.g., uploads/tx_jobfair/cv.pdf). | |||||
| CVE-2021-39875 | 1 Gitlab | 1 Gitlab | 2022-06-28 | 5.0 MEDIUM | 5.3 MEDIUM |
| In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint. | |||||