Search Results (Refine Search)
- CVSS Version: 3
- CVSS V3 Severity: Critical (9-10)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-31513 |
The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31512 |
The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31511 |
The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31510 |
The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31509 |
The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31508 |
The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31507 |
The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31506 |
The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31505 |
The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31504 |
The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31503 |
The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31502 |
The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31501 |
The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. Published: July 10, 2022; 9:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.3 CRITICAL V2.0: 6.4 MEDIUM |
CVE-2022-31137 |
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability. Published: July 08, 2022; 4:15:07 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2022-35411 |
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle. Published: July 08, 2022; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-34914 |
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary value that is used to replace the clientIp variable (without sanitization). A client can thus inject multiple arguments into the session startup. Systems that do not use the clientIP variable in the configuration are not vulnerable. The vulnerability is fixed in these versions: 20.1.16, 20.2.19, 21.1.8, 21.2.12, and 22.1.3. Published: July 08, 2022; 3:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2022-28623 |
Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX. Published: July 08, 2022; 9:15:08 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-1245 |
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services. Published: July 07, 2022; 8:15:07 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2022-33936 |
Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity. Published: July 07, 2022; 6:15:08 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2021-35283 |
SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php. Published: July 07, 2022; 5:15:09 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |