Search Results (Refine Search)
- CVSS Version: 3
- CVSS V3 Severity: Critical (9-10)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2020-29507 |
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability. Published: July 11, 2022; 4:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2020-29506 |
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. Published: July 11, 2022; 4:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2020-4150 |
IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 174142. Published: July 11, 2022; 1:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-1952 |
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps. Published: July 11, 2022; 9:15:09 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-1057 |
The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection Published: July 11, 2022; 9:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-2302 |
Multiple Lenze products of the cabinet series skip the password verification upon second login. After a user has been logged on to the device once, a remote attacker can get full access without knowledge of the password. Published: July 11, 2022; 7:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 9.3 HIGH |
CVE-2022-2368 |
Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. Published: July 11, 2022; 4:15:07 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-32294 |
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port). NOTE: a third party reports that this cannot be reproduced. Published: July 10, 2022; 11:15:07 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-31588 |
The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31587 |
The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31586 |
The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31585 |
The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31584 |
The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31583 |
The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31582 |
The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31581 |
The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31580 |
The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31579 |
The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31577 |
The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31576 |
The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:11 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |