Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2022-06-24 CVE-2022-1524 Cleartext Transmission of Sensitive Information vulnerability in Illumina Local RUN Manager
LRM version 2.4 and lower does not implement TLS encryption.
network
illumina CWE-319
4.3
2022-06-24 CVE-2021-40892 Unspecified vulnerability in Validate Color Project Validate Color 2.1.0
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings.
network
low complexity
validate-color-project
5.0
2022-06-24 CVE-2022-32990 Improper Handling of Exceptional Conditions vulnerability in Gimp 2.10.30
An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS).
network
gimp CWE-755
4.3
2022-06-24 CVE-2021-41634 Information Exposure Through Discrepancy vulnerability in Melag FTP Server 2.2.0.4
A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames.
network
low complexity
melag CWE-203
5.0
2022-06-24 CVE-2021-41635 Incorrect Default Permissions vulnerability in Melag FTP Server 2.2.0.4
When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system.
network
low complexity
melag CWE-276
critical
9.0
2022-06-24 CVE-2021-41637 Incorrect Default Permissions vulnerability in Melag FTP Server 2.2.0.4
Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users.
local
low complexity
melag CWE-276
3.6
2022-06-24 CVE-2021-41638 Improper Authentication vulnerability in Melag FTP Server 2.2.0.4
The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username.
network
low complexity
melag CWE-287
5.0
2022-06-24 CVE-2021-41639 Cleartext Storage of Sensitive Information vulnerability in Melag FTP Server 2.2.0.4
MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file.
local
low complexity
melag CWE-312
2.1
2022-06-24 CVE-2022-1965 Improper Handling of Exceptional Conditions vulnerability in Codesys Plcwinnt and Runtime Toolkit
Multiple products of CODESYS implement a improper error handling.
network
low complexity
codesys CWE-755
5.5
2022-06-24 CVE-2022-31802 Partial String Comparison vulnerability in Codesys Gateway
In CODESYS Gateway Server V2 for versions prior to V2.3.9.38 only a part of the the specified password is been compared to the real CODESYS Gateway password.
network
low complexity
codesys CWE-187
7.5