US-CERT Bulletin (SB22-220):Vulnerability Summary for the Week of August 1, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
@acrontum — filesystem-template |
The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input. | 2022-08-05 | not yet calculated | CVE-2022-21186 CONFIRM CONFIRM |
Ittiam — libmpeg2 |
Ittiam libmpeg2 before 2022-07-27 uses memcpy with overlapping memory blocks in impeg2_mc_fullx_fully_8x8. | 2022-08-05 | not yet calculated | CVE-2022-37416 MISC MISC |
accusoft — imagegear |
An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-29465 MISC |
aes_crypt — aes_crypt |
AES Crypt is a file encryption software for multiple platforms. AES Crypt for Linux built using the source on GitHub and having the version number 3.11 has a vulnerability with respect to reading user-provided passwords and confirmations via command-line prompts. Passwords lengths were not checked before being read. This vulnerability may lead to buffer overruns. This does _not_ affect source code found on aescrypt.com, nor is the vulnerability present when providing a password or a key via the `-p` or `-k` command-line options. The problem was fixed via in commit 68761851b and will be included in release 3.16. Users are advised to upgrade. Users unable to upgrade should us the `-p` or `-k` options to provide a password or key. | 2022-08-03 | not yet calculated | CVE-2022-35928 MISC CONFIRM |
alphaware_simple_e-commerce_system — alphaware_simple_e-commerce_system |
A vulnerability, which was classified as problematic, has been found in SourceCodester Alphaware Simple E-Commerce System. Affected by this issue is some unknown functionality of the file stockin.php. The manipulation of the argument id with the input ‘”><script>alert(/xss/)</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205670 is the identifier assigned to this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-2682 MISC MISC |
apache — hadoop |
Apache Hadoop’s FileUtil.unTar(File, File) API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. “Check existence of file before untarring/zipping”, which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136). | 2022-08-04 | not yet calculated | CVE-2022-25168 MISC |
apache — jspwiki |
A carefully crafted request on AJAXPreview.jsp could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. This vulnerability leverages CVE-2021-40369, where the Denounce plugin dangerously renders user-supplied URLs. Upon re-testing CVE-2021-40369, it appears that the patch was incomplete as it was still possible to insert malicious input via the Denounce plugin. Apache JSPWiki users should upgrade to 2.11.3 or later. | 2022-08-04 | not yet calculated | CVE-2022-28730 MISC |
apache — jspwiki |
A carefully crafted request on XHRHtml2Markup.jsp could trigger an XSS vulnerability on Apache JSPWiki up to and including 2.11.2, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. | 2022-08-04 | not yet calculated | CVE-2022-27166 MISC |
apache — jspwiki |
A carefully crafted request on WeblogPlugin could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim’s browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.3 or later. | 2022-08-04 | not yet calculated | CVE-2022-28732 MISC |
apache — jspwiki |
A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker’s account. Further examination of this issue established that it could also be used to modify the email associated with the attacked account, and then a reset password request from the login page. | 2022-08-04 | not yet calculated | CVE-2022-34158 MISC |
apache — jspwiki |
A carefully crafted request on UserPreferences.jsp could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow the attacker to modify the email associated with the attacked account, and then a reset password request from the login page. | 2022-08-04 | not yet calculated | CVE-2022-28731 MISC |
apartment_visitor_management_system — apartment_visitor_management_system |
A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been classified as critical. This affects an unknown part of the file index.php. The manipulation of the argument username with the input ‘ AND (SELECT 4955 FROM (SELECT(SLEEP(5)))RSzF) AND ‘htiy’=’htiy leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205665 was assigned to this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-2677 MISC MISC |
apartment_visitor_management_system — apartment_visitor_management_system |
A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /manage-apartment.php. The manipulation of the argument Apartment Number with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205672. | 2022-08-05 | not yet calculated | CVE-2022-2684 MISC MISC |
aplhaware_simple_e-commerce_system — aplhaware_simple_e-commerce_system |
A vulnerability was found in SourceCodester Alphaware Simple E-Commerce System. It has been declared as critical. This vulnerability affects unknown code of the file admin_feature.php of the component Background Management Page. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205666 is the identifier assigned to this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-2678 MISC MISC |
arista — cloudvision_portal |
This advisory documents an internally found vulnerability in the on premises deployment model of Arista CloudVision Portal (CVP) where under a certain set of conditions, user passwords can be leaked in the Audit and System logs. The impact of this vulnerability is that the CVP user login passwords might be leaked to other authenticated users. | 2022-08-05 | not yet calculated | CVE-2022-29071 MISC |
arista_networks — eos |
This advisory documents the impact of an internally found vulnerability in Arista EOS for security ACL bypass. The impact of this vulnerability is that the security ACL drop rule might be bypassed if a NAT ACL rule filter with permit action matches the packet flow. This could allow a host with an IP address in a range that matches the range allowed by a NAT ACL and a range denied by a Security ACL to be forwarded incorrectly as it should have been denied by the Security ACL. This can enable an ACL bypass. | 2022-08-05 | not yet calculated | CVE-2021-28511 MISC |
arm — mali_gpu_kernel_driver |
An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory. | 2022-08-02 | not yet calculated | CVE-2022-33917 MISC |
arris — multiple_products |
do_request in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and NVG510 devices and Arris-derived BGW210 and BGW320 devices are affected. | 2022-08-04 | not yet calculated | CVE-2022-31793 MISC MISC MISC MISC |
artica — pandora_fms | Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role. | 2022-08-01 | not yet calculated | CVE-2022-26308 CONFIRM CONFIRM |
artica — pandora_fms | A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field. | 2022-08-05 | not yet calculated | CVE-2021-46678 CONFIRM CONFIRM |
artica — pandora_fms | A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements. | 2022-08-05 | not yet calculated | CVE-2021-46679 CONFIRM CONFIRM |
artica — pandora_fms | A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field. | 2022-08-05 | not yet calculated | CVE-2021-46680 CONFIRM |
artica — pandora_fms | Pandora FMS v7.0NG.760 and below allows an improper authorization in User Management where any authenticated user with access to the User Management module could create, modify or delete any user with full admin privilege. The impact could lead to a vertical privilege escalation to access the privileges of a higher-level user or typically an admin user. | 2022-08-01 | not yet calculated | CVE-2022-26310 CONFIRM CONFIRM |
artica — pandora_fms | A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field. | 2022-08-05 | not yet calculated | CVE-2021-46677 CONFIRM CONFIRM |
artica — pandora_fms |
A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field. | 2022-08-05 | not yet calculated | CVE-2021-46681 CONFIRM CONFIRM |
artica– pandora_fms | Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group. | 2022-08-01 | not yet calculated | CVE-2022-26309 CONFIRM CONFIRM |
artica — pandora_fms | A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field. | 2022-08-05 | not yet calculated | CVE-2021-46676 CONFIRM CONFIRM |
asustor — adm |
A stack-based buffer overflow vulnerability was found inside ADM when using WebDAV due to the lack of data size validation. An attacker can exploit this vulnerability to run arbitrary code. Affected ADM versions include: 3.5.9.RUE3 and below, 4.0.5.RVI1 and below as well as 4.1.0.RJD1 and below. | 2022-08-05 | not yet calculated | CVE-2022-37398 MISC |
asuswrt-merlin — asuswrt |
A memory corruption vulnerability exists in the httpd unescape functionality of Asuswrt prior to 3.0.0.4.386_48706 and Asuswrt-Merlin New Gen prior to 386.7.. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-26376 MISC |
atlassian — jira_data_center | This issue exists to document that a security improvement in the way that Jira Server and Data Center use templates has been implemented. Affected versions of Atlassian Jira Server and Data Center allowed remote attackers with system administrator permissions to execute arbitrary code via Template Injection leading to Remote Code Execution (RCE) in the Email Templates feature. In this case the security improvement was to protect against using the XStream library to be able to execute arbitrary code in velocity templates. The affected versions are before version 8.13.19, from version 8.14.0 before 8.20.7, and from version 8.21.0 before 8.22.1. | 2022-08-01 | not yet calculated | CVE-2022-36799 MISC |
atlassian — jira_service_management_server_and_data_center |
Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers without the “Browse Users” permission to view groups via an Information Disclosure vulnerability in the browsegroups.action endpoint. The affected versions are before version 4.22.2. | 2022-08-03 | not yet calculated | CVE-2022-36800 MISC |
autodesk — autocad | Parsing a maliciously crafted PRT file can force Autodesk AutoCAD 2023 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-07-29 | not yet calculated | CVE-2022-33881 MISC |
autodesk — autodesk_design_review |
A maliciously crafted TIFF file when consumed through DesignReview.exe application can be forced to read beyond allocated boundaries when parsing the TIFF file. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 2022-07-29 | not yet calculated | CVE-2022-27866 MISC |
autodesk — autodesk_design_review |
A maliciously crafted TGA or PCX file may be used to write beyond the allocated buffer through DesignReview.exe application while parsing TGA and PCX files. This vulnerability may be exploited to execute arbitrary code. | 2022-07-29 | not yet calculated | CVE-2022-27865 MISC |
autodesk — autodesk_design_review |
A Double Free vulnerability allows remote attackers to execute arbitrary code through DesignReview.exe application on PDF files within affected installations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | 2022-07-29 | not yet calculated | CVE-2022-27864 MISC |
autodesk — fusion_360 | An attacker can force the victim’s device to perform arbitrary HTTP requests in WAN through a malicious SVG file being parsed by Autodesk Fusion 360’s document parser. The vulnerability exists in the application’s ‘Insert SVG’ procedure. An attacker can also leverage this vulnerability to obtain victim’s public IP and possibly other sensitive information. | 2022-07-29 | not yet calculated | CVE-2022-27873 MISC |
backdrop — backdrop |
An issue in the login and reset password functionality of Backdrop CMS v1.22.0 allows attackers to enumerate usernames via password reset requests and distinct responses returned based on usernames. | 2022-08-01 | not yet calculated | CVE-2022-34530 MISC MISC |
beancount — fava | Cross-site Scripting (XSS) – Reflected in GitHub repository beancount/fava prior to 1.22.3. | 2022-08-01 | not yet calculated | CVE-2022-2589 CONFIRM MISC |
best_fee_management_system — best_fee_management_system |
A vulnerability was found in SourceCodester Best Fee Management System. It has been rated as critical. Affected by this issue is the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205658 is the identifier assigned to this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-2674 MISC |
bigtree_cms — bigtree_cms |
BigTree CMS 4.4.16 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PDF file. | 2022-08-03 | not yet calculated | CVE-2022-36197 MISC |
bmc — track-it |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of BMC Track-It! 20.21.02.109. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetPopupSubQueryDetails endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16690. | 2022-08-03 | not yet calculated | CVE-2022-35864 MISC MISC |
bmc — track-it |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16709. | 2022-08-03 | not yet calculated | CVE-2022-35865 MISC MISC |
boltcms — boltcms |
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. | 2022-08-01 | not yet calculated | CVE-2022-31321 MISC MISC |
bookwyrm — bookwyrm |
BookWyrm is a social network for tracking reading. Versions prior to 0.4.5 were found to lack rate limiting on authentication views which allows brute-force attacks. This issue has been patched in version 0.4.5. Admins with existing instances will need to update their `nginx.conf` file that was created when the instance was set up. Users are advised advised to upgrade. Users unable to upgrade may update their nginx.conf files with the changes manually. | 2022-08-02 | not yet calculated | CVE-2022-35925 MISC CONFIRM MISC |
bookwyrm — bookwyrm |
Authentication Bypass by Primary Weakness in GitHub repository bookwyrm-social/bookwyrm prior to 0.4.5. | 2022-08-04 | not yet calculated | CVE-2022-2651 CONFIRM MISC |
bosch — bf-os |
BF-OS version 3.x up to and including 3.83 do not enforce strong passwords which may allow a remote attacker to brute-force the device password. | 2022-08-01 | not yet calculated | CVE-2022-36301 CONFIRM |
bosch — bf-os |
File path manipulation vulnerability in BF-OS version 3.00 up to and including 3.83 allows an attacker to modify the file path to access different resources, which may contain sensitive information. | 2022-08-01 | not yet calculated | CVE-2022-36302 CONFIRM |
centreon — centreon |
This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the configuration of poller resources. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to the level of an administrator. Was ZDI-CAN-16335. | 2022-08-03 | not yet calculated | CVE-2022-34871 MISC MISC |
centreon — centreon |
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of Virtual Metrics. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-16336. | 2022-08-03 | not yet calculated | CVE-2022-34872 MISC MISC |
chia_network — cat1 |
An inflation issue was discovered in Chia Network CAT1 Standard 1.0.0. Previously minted tokens minted on the Chia blockchain using the CAT1 standard can be inflated to an arbitrary extent by any holder of any amount of the token. The total amount of the token can be increased as high as the malicious actor pleases. This is true for every CAT1 on the Chia blockchain regardless of issuance rules. This attack is auditable on chain, so maliciously altered coins can potentially be marked by off-chain observers as malicious. | 2022-07-29 | not yet calculated | CVE-2022-36447 MISC MISC |
church_management_system — church_management_system |
A vulnerability classified as critical has been found in SourceCodester Church Management System 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument username with the input ‘ OR (SELECT 7064 FROM(SELECT COUNT(*),CONCAT(0x71627a7671,(SELECT (ELT(7064=7064,1))),0x716b707871,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)– jURL leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205668. | 2022-08-05 | not yet calculated | CVE-2022-2680 MISC MISC |
ckeditor — ckeditor5 |
CKEditor 5 is a JavaScript rich text editor. A cross-site scripting vulnerability has been discovered affecting three optional CKEditor 5’s packages in versions prior to 35.0.1. The vulnerability allowed to trigger a JavaScript code after fulfilling special conditions. The affected packages are `@ckeditor/ckeditor5-markdown-gfm`, `@ckeditor/ckeditor5-html-support`, and `@ckeditor/ckeditor5-html-embed`. The specific conditions are 1) Using one of the affected packages. In case of `ckeditor5-html-support` and `ckeditor5-html-embed`, additionally, it was required to use a configuration that allows unsafe markup inside the editor. 2) Destroying the editor instance and 3) Initializing the editor on an element and using an element other than `<textarea>` as a base. The root cause of the issue was a mechanism responsible for updating the source element with the markup coming from the CKEditor 5 data pipeline after destroying the editor. This vulnerability might affect a small percent of integrators that depend on dynamic editor initialization/destroy and use Markdown, General HTML Support or HTML embed features. The problem has been recognized and patched. The fix is available in version 35.0.1. There are no known workarounds for this issue. | 2022-08-03 | not yet calculated | CVE-2022-31175 CONFIRM MISC MISC MISC |
company_website_cms — company_website_cms |
A vulnerability was found in SourceCodester Company Website CMS and classified as critical. This issue affects some unknown processing. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205817 was assigned to this vulnerability. | 2022-08-06 | not yet calculated | CVE-2022-2694 MISC MISC |
complete_online_job_search system — complete_online_job_search system |
Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the U_NAME parameter at /category/controller.php?action=edit. | 2022-08-05 | not yet calculated | CVE-2022-35163 MISC |
complete_online_job_search system — complete_online_job_search system |
Complete Online Job Search System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the CATEGORY parameter at /category/controller.php?action=edit. | 2022-08-05 | not yet calculated | CVE-2022-35162 MISC |
connman — connman |
In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. | 2022-08-03 | not yet calculated | CVE-2022-32293 CONFIRM MISC CONFIRM |
connman — connman |
In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. | 2022-08-03 | not yet calculated | CVE-2022-32292 MISC CONFIRM |
contiki-ng — contiki-ng |
Contiki-NG is an open-source, cross-platform operating system for IoT devices. Because of insufficient validation of IPv6 neighbor discovery options in Contiki-NG, attackers can send neighbor solicitation packets that trigger an out-of-bounds read. The problem exists in the module os/net/ipv6/uip-nd6.c, where memory read operations from the main packet buffer, <code>uip_buf</code>, are not checked if they go out of bounds. In particular, this problem can occur when attempting to read the 2-byte option header and the Source Link-Layer Address Option (SLLAO). This attack requires ipv6 be enabled for the network. The problem has been patched in the develop branch of Contiki-NG. The upcoming 4.8 release of Contiki-NG will include the patch.Users unable to upgrade may apply the patch in Contiki-NG PR #1654. | 2022-08-04 | not yet calculated | CVE-2022-35926 CONFIRM MISC MISC MISC |
contiki-ng — contiki-ng |
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In affected versions it is possible to cause a buffer overflow when copying an IPv6 address prefix in the RPL-Classic implementation in Contiki-NG. In order to trigger the vulnerability, the Contiki-NG system must have joined an RPL DODAG. After that, an attacker can send a DAO packet with a Target option that contains a prefix length larger than 128 bits. The problem was fixed after the release of Contiki-NG 4.7. Users unable to upgrade may apply the patch in Contiki-NG PR #1615. | 2022-08-04 | not yet calculated | CVE-2021-32771 MISC MISC CONFIRM MISC |
contiki-ng — contiki-ng |
Contiki-NG is an open-source, cross-platform operating system for IoT devices. In the RPL-Classic routing protocol implementation in the Contiki-NG operating system, an incoming DODAG Information Option (DIO) control message can contain a prefix information option with a length parameter. The value of the length parameter is not validated, however, and it is possible to cause a buffer overflow when copying the prefix in the set_ip_from_prefix function. This vulnerability affects anyone running a Contiki-NG version prior to 4.7 that can receive RPL DIO messages from external parties. To obtain a patched version, users should upgrade to Contiki-NG 4.7 or later. There are no workarounds for this issue. | 2022-08-04 | not yet calculated | CVE-2022-35927 MISC CONFIRM MISC |
cpcletop — io.socket:socket.io-client |
The package io.socket:socket.io-client before 2.0.1 are vulnerable to NULL Pointer Dereference when parsing a packet with with invalid payload format. | 2022-08-02 | not yet calculated | CVE-2022-25867 MISC MISC MISC MISC MISC |
crowcpp — crowcpp |
Crow before v1.0+4 was discovered to contain a buffer overflow via the function qs_parse at query_string.h. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 2022-08-04 | not yet calculated | CVE-2022-34970 MISC MISC |
curljs — curljs |
This affects all versions of package curljs. | 2022-08-02 | not yet calculated | CVE-2020-28425 MISC |
cvat — cvat |
CVAT is an opensource interactive video and image annotation tool for computer vision. Versions prior to 2.0.0 were found to be subject to a Server-side request forgery (SSRF) vulnerability. Validation has been added to urls used in the affected code path in version 2.0.0. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-08-01 | not yet calculated | CVE-2022-31188 MISC CONFIRM |
d-link — dir-818lw a1:dir818l_fw105b01 |
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function binary.soapcgi_main. | 2022-08-03 | not yet calculated | CVE-2022-35620 MISC MISC |
d-link — dir820la1_fw106b02 |
D-Link DIR810LA1_FW102B22 was discovered to contain a command injection vulnerability via the Ping_addr function. | 2022-08-03 | not yet calculated | CVE-2022-34974 MISC MISC |
d-link — dsl-3782 | D-Link DSL-3782 v1.03 and below was discovered to contain a command injection vulnerability via the function byte_4C0160. | 2022-07-29 | not yet calculated | CVE-2022-34527 MISC MISC |
d-link — dsl-3782 | D-Link DSL-3782 v1.03 and below was discovered to contain a stack overflow via the function getAttrValue. | 2022-07-29 | not yet calculated | CVE-2022-34528 MISC MISC |
d-link — dir-818lw a1:dir818l_fw105b01 |
D-LINK DIR-818LW A1:DIR818L_FW105b01 was discovered to contain a remote code execution (RCE) vulnerability via the function ssdpcgi_main. | 2022-08-03 | not yet calculated | CVE-2022-35619 MISC MISC |
d-link — dir820la1_fw106b02 |
D-Link DIR820LA1_FW106B02 was discovered to contain a buffer overflow via the nextPage parameter at ping.ccp. | 2022-08-03 | not yet calculated | CVE-2022-34973 MISC MISC |
dd-wrt — dd-wrt |
A memory corruption vulnerability exists in the httpd unescape functionality of DD-WRT Revision 32270 – Revision 48599. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-27631 MISC |
dedecms — dedecms | DedeCMS v5.7.95 was discovered to contain a remote code execution (RCE) vulnerability via the component mytag_ main.php. | 2022-07-29 | not yet calculated | CVE-2022-34531 MISC |
devexpress — devexpress |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-16710. | 2022-08-03 | not yet calculated | CVE-2022-28684 MISC |
discourse — discourse |
Discourse is the an open source discussion platform. In affected versions a maliciously crafted request for static assets could cause error responses to be cached by Discourse’s default NGINX proxy configuration. A corrected NGINX configuration is included in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2022-08-01 | not yet calculated | CVE-2022-31182 MISC CONFIRM |
discourse — discourse |
Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unable to upgrade should manually rate limit email. | 2022-08-01 | not yet calculated | CVE-2022-31184 CONFIRM MISC |
django — django |
An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. | 2022-08-03 | not yet calculated | CVE-2022-36359 MISC CONFIRM MISC MLIST |
dogtagpki — dogtagpki | Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests. | 2022-07-29 | not yet calculated | CVE-2022-2414 MISC |
dotcms — dotcms |
A Reflected Cross-site scripting (XSS) issue was discovered in dotCMS Core through 22.06. This occurs in the admin portal when the configuration has XSS_PROTECTION_ENABLED=false. | 2022-08-05 | not yet calculated | CVE-2022-37431 MISC |
dpgaspar — flash-appbuilder |
Flask-AppBuilder is an application development framework built on top of Flask python framework. In versions prior to 4.1.3 an authenticated Admin user could query other users by their salted and hashed passwords strings. These filters could be made by using partial hashed password strings. The response would not include the hashed passwords, but an attacker could infer partial password hashes and their respective users. This issue has been fixed in version 4.1.3. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-08-01 | not yet calculated | CVE-2022-31177 CONFIRM MISC |
dspace — jspui | DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters during submission. This path traversal can only be executed by a user with special privileges (submitter rights). This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds. However, this vulnerability cannot be exploited by an anonymous user or a basic user. The user must first have submitter privileges to at least one Collection and be able to determine how to modify the request parameters to exploit the vulnerability. | 2022-08-01 | not yet calculated | CVE-2022-31194 CONFIRM MISC MISC |
dspace — jspui |
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI spellcheck “Did you mean” HTML escapes the data-spell attribute in the link, but not the actual displayed text. Similarly, the JSPUI autocomplete HTML does not properly escape text passed to it. Both are vulnerable to XSS. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-08-01 | not yet calculated | CVE-2022-31191 MISC MISC MISC MISC CONFIRM |
dspace — jspui |
DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible by a user with special privileges (either Administrators or someone with command-line access to the server). This vulnerability impacts the XMLUI, JSPUI and command-line. Users are advised to upgrade. As a basic workaround, users may block all access to the following URL paths: If you are using the XMLUI, block all access to /admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path “/xmlui”, then you’d need to block access to /xmlui/admin/batchimport. If you are using the JSPUI, block all access to /dspace-admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path “/jspui”, then you’d need to block access to /jspui/dspace-admin/batchimport. Keep in mind, only an Administrative user or a user with command-line access to the server is able to import/upload SAF packages. Therefore, assuming those users do not blindly upload untrusted SAF packages, then it is unlikely your site could be impacted by this vulnerability. | 2022-08-01 | not yet calculated | CVE-2022-31195 MISC CONFIRM MISC |
dspace — jspui |
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI controlled vocabulary servlet is vulnerable to an open redirect attack, where an attacker can craft a malicious URL that looks like a legitimate DSpace/repository URL. When that URL is clicked by the target, it redirects them to a site of the attacker’s choice. This issue has been patched in versions 5.11 and 6.4. Users are advised to upgrade. There are no known workaround for this vulnerability. | 2022-08-01 | not yet calculated | CVE-2022-31193 MISC MISC CONFIRM |
dspace — jspui |
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI “Request a Copy” feature does not properly escape values submitted and stored from the “Request a Copy” form. This means that item requests could be vulnerable to XSS attacks. This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2022-08-01 | not yet calculated | CVE-2022-31192 MISC CONFIRM MISC |
dspace — jspui |
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an “Internal System Error” occurs in the JSPUI, then entire exception (including stack trace) is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This issue has been fixed in version 6.4. users are advised to upgrade. Users unable to upgrade should disable the display of error messages in their internal.jsp file. | 2022-08-01 | not yet calculated | CVE-2022-31189 CONFIRM MISC |
dspace — xmlui |
DSpace open source software is a repository application which provides durable access to digital resources. dspace-xmlui is a UI component for DSpace. In affected versions metadata on a withdrawn Item is exposed via the XMLUI “mets.xml” object, as long as you know the handle/URL of the withdrawn Item. This vulnerability only impacts the XMLUI. Users are advised to upgrade to version 6.4 or newer. | 2022-08-01 | not yet calculated | CVE-2022-31190 CONFIRM MISC MISC |
easyuse — mailhunter_ultimate |
EasyUse MailHunter Ultimate’s cookie deserialization function has an inadequate validation vulnerability. Deserializing a cookie containing malicious payload will trigger this insecure deserialization vulnerability, allowing an unauthenticated remote attacker to execute arbitrary code, manipulate system command or interrupt service. | 2022-08-02 | not yet calculated | CVE-2022-35223 MISC |
eclipse — californium | In Eclipse Californium version 2.0.0 to 2.7.2 and 3.0.0-3.5.0 a DTLS resumption handshake falls back to a DTLS full handshake on a parameter mismatch without using a HelloVerifyRequest. Especially, if used with certificate based cipher suites, that results in message amplification (DDoS other peers) and high CPU load (DoS own peer). The misbehavior occurs only with DTLS_VERIFY_PEERS_ON_RESUMPTION_THRESHOLD values larger than 0. | 2022-07-29 | not yet calculated | CVE-2022-2576 CONFIRM |
elabftw — elabftw | eLabFTW is an electronic lab notebook manager for research teams. A vulnerability was discovered which allows a logged in user to read a template without being authorized to do so. This vulnerability has been patched in 4.3.4. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-08-01 | not yet calculated | CVE-2022-31178 CONFIRM |
electronic_medical_records_system — electronic_medical_records_system |
A vulnerability was found in SourceCodester Electronic Medical Records System and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument user_email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205664. | 2022-08-05 | not yet calculated | CVE-2022-2676 MISC MISC |
electronic_medical_records_system — electronic_medical_records_system |
A vulnerability has been found in SourceCodester Electronic Medical Records System and classified as critical. This vulnerability affects unknown code of the file register.php of the component UPDATE Statement Handler. The manipulation of the argument pconsultation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205816. | 2022-08-06 | not yet calculated | CVE-2022-2693 MISC MISC |
enalean — tuleap | Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not properly verify permissions when creating branches with the REST API in Git repositories using the fine grained permissions. Users can create branches via the REST endpoint `POST git/:id/branches` regardless of the permissions set on the repository. This issue has been fixed in version 13.10.99.82 Tuleap Community Edition as well as in version 13.10-3 of Tuleap Enterprise Edition. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-08-01 | not yet calculated | CVE-2022-31128 CONFIRM MISC MISC MISC |
ercom — citadel |
The embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions. | 2022-08-02 | not yet calculated | CVE-2022-1293 MISC |
estsoft — alyac |
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-29886 MISC |
estsoft — alyac |
An integer overflow vulnerability exists in the way ESTsoft Alyac 2.5.8.544 parses OLE files. A specially-crafted OLE file can lead to a heap buffer overflow which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-32543 MISC |
evmos — ethermint |
Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract’s code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state. | 2022-08-05 | not yet calculated | CVE-2022-35936 MISC MISC CONFIRM |
exim — exim |
Exim before 4.96 has an invalid free in pam_converse in auths/call_pam.c because store_free is not used after store_malloc. | 2022-08-06 | not yet calculated | CVE-2022-37451 MISC MISC MISC MISC MISC MISC MISC MISC |
expense_management_system — expense_management_system |
A vulnerability was found in SourceCodester Expense Management System. It has been rated as critical. This issue affects the function fetch_report_credit of the file report.php of the component POST Parameter Handler. The manipulation of the argument from/to leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-205811. | 2022-08-06 | not yet calculated | CVE-2022-2688 MISC |
f-secure — atlant_and_withsecure |
A Denial-of-Service vulnerability was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files it is possible that can crash the scanning engine. The exploit can be triggered remotely by an attacker. | 2022-08-05 | not yet calculated | CVE-2022-28880 MISC MISC |
f5 — big-ip |
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, when an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-34651 MISC |
f5 — big-ip |
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ Centralized Management all versions of 8.x, an authenticated attacker may cause iControl SOAP to become unavailable through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-34851 MISC |
f5 — big-ip |
In BIG-IP Versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an iRule containing the HTTP::payload command is configured on a virtual server, undisclosed traffic can cause Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-34655 MISC |
f5 — big-ip |
In BIG-IP Versions 17.0.x before 17.0.0.1 and 16.1.x before 16.1.3.1, when source-port preserve-strict is configured on an HTTP Message Routing Framework (MRF) virtual server, undisclosed traffic may cause the Traffic Management Microkernel (TMM) to produce a core file and the connection to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-35272 MISC |
f5 — big-ip |
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5.1, when a BIG-IP APM access policy is configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-35245 MISC |
f5 — big-ip |
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when the Message Routing (MR) Message Queuing Telemetry Transport (MQTT) profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-35240 MISC |
f5 — big-ip |
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, using an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-35243 MISC |
f5 — big-ip |
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, and BIG-IQ version 8.x before 8.2.0 and all versions of 7.x, an authenticated user’s iControl REST token may remain valid for a limited time after logging out from the Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-35728 MISC |
f5 — big-ip |
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner leading to a privilege escalation. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-35735 MISC |
f5 — big-ip |
In BIG-IP Versions 16.1.x before 16.1.3.1 and 15.1.x before 15.1.6.1, and all versions of BIG-IQ 8.x, when the Data Plane Development Kit (DPDK)/Elastic Network Adapter (ENA) driver is used with BIG-IP or BIG-IQ on Amazon Web Services (AWS) systems, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Successful exploitation relies on conditions outside of the attacker’s control. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-34844 MISC |
f5 — big-ip |
In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when an LTM virtual server is configured to perform normalization, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-34862 MISC |
f5 — big-ip |
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when an HTTP2 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-35236 MISC |
f5 — big-ip |
In BIG-IP Versions 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, Traffic Intelligence feeds, which use HTTPS, do not verify the remote endpoint identity, allowing for potential data poisoning. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-34865 MISC |
f5 — big-ip |
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, certain iRules commands may allow an attacker to bypass the access control restrictions for a self IP address, regardless of the port lockdown settings. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-33962 MISC |
f5 — big-ip |
In BIG-IP Versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, when an LTM monitor or APM SSO is configured on a virtual server, and NTLM challenge-response is in use, undisclosed traffic can cause a buffer over-read. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-33968 MISC |
f5 — big_ip |
In BIG-IP Versions 16.1.x before 16.1.2.2, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when a BIG-IP LTM Client SSL profile is configured on a virtual server to perform client certificate authentication with session tickets enabled, undisclosed requests cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-32455 MISC |
f5 — big_ip |
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, and 14.1.x before 14.1.5, when a BIG-IP APM access policy with Service Connect agent is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-33203 MISC |
f5 — big_ip |
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, a vulnerability exists in undisclosed pages of the BIG-IP DNS Traffic Management User Interface (TMUI) that allows an authenticated attacker with at least operator role privileges to cause the Tomcat process to restart and perform unauthorized DNS requests and operations through undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-33947 MISC |
f5 — nginx_ingress_controller |
In versions 2.x before 2.3.0 and all versions of 1.x, An attacker authorized to create or update ingress objects can obtain the secrets available to the NGINX Ingress Controller. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-30535 MISC |
f5 — nginx_instance_manager |
In versions 2.x before 2.3.1 and all versions of 1.x, when NGINX Instance Manager is in use, undisclosed requests can cause an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-35241 MISC |
f5 — big-ip |
In BIG-IP Versions 16.1.x before 16.1.1 and 15.1.x before 15.1.4, when running in Appliance mode, an authenticated attacker may be able to bypass Appliance mode restrictions due to a directory traversal vulnerability in an undisclosed page within iApps. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 2022-08-04 | not yet calculated | CVE-2022-31473 MISC |
flask_security — flask_security |
This affects all versions of package Flask-Security. When using the get_post_logout_redirect and get_post_login_redirect functions, it is possible to bypass URL validation and redirect a user to an arbitrary URL by providing multiple back slashes such as \\\evil.com/path. This vulnerability is only exploitable if an alternative WSGI server other than Werkzeug is used, or the default behaviour of Werkzeug is modified using ‘autocorrect_location_header=False. **Note:** Flask-Security is not maintained anymore. | 2022-08-02 | not yet calculated | CVE-2021-23385 MISC MISC MISC |
fortinet — fortiadc |
A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request. | 2022-08-03 | not yet calculated | CVE-2022-27484 CONFIRM |
fortinet — fortios |
An improper access control vulnerability [CWE-284] in FortiOS versions 6.2.0 through 6.2.11, 6.4.0 through 6.4.8 and 7.0.0 through 7.0.5 may allow an authenticated attacker with a restricted user profile to gather the checksum information about the other VDOMs via CLI commands. | 2022-08-03 | not yet calculated | CVE-2022-23442 CONFIRM |
fortinet — multiple_products |
A format string vulnerability [CWE-134] in the command line interpreter of FortiADC version 6.0.0 through 6.0.4, FortiADC version 6.1.0 through 6.1.5, FortiADC version 6.2.0 through 6.2.1, FortiProxy version 1.0.0 through 1.0.7, FortiProxy version 1.1.0 through 1.1.6, FortiProxy version 1.2.0 through 1.2.13, FortiProxy version 2.0.0 through 2.0.7, FortiProxy version 7.0.0 through 7.0.1, FortiOS version 6.0.0 through 6.0.14, FortiOS version 6.2.0 through 6.2.10, FortiOS version 6.4.0 through 6.4.8, FortiOS version 7.0.0 through 7.0.2, FortiMail version 6.4.0 through 6.4.5, FortiMail version 7.0.0 through 7.0.2 may allow an authenticated user to execute unauthorized code or commands via specially crafted command arguments. | 2022-08-05 | not yet calculated | CVE-2022-22299 CONFIRM |
foxit — pdf_reader_and_pdf_editor |
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow an exportXFAData NULL pointer dereference. | 2022-08-06 | not yet calculated | CVE-2022-27944 MISC MISC |
foxit — pdf_reader_and_pdf_editor |
Foxit PDF Reader before 12.0.1 and PDF Editor before 12.0.1 allow a NULL pointer dereference when this.Span is used for oState of Collab.addStateModel, because this.Span.text can be NULL. | 2022-08-06 | not yet calculated | CVE-2022-26979 MISC MISC |
freshtomato — freshtomato |
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-arm` has a vulnerable URL-decoding feature that can lead to memory corruption. | 2022-08-05 | not yet calculated | CVE-2022-28665 MISC |
freshtomato — freshtomato |
A memory corruption vulnerability exists in the httpd unescape functionality of FreshTomato 2022.1. A specially-crafted HTTP request can lead to memory corruption. An attacker can send a network request to trigger this vulnerability.The `freshtomato-mips` has a vulnerable URL-decoding feature that can lead to memory corruption. | 2022-08-05 | not yet calculated | CVE-2022-28664 MISC |
friendsofflarum — byobu |
fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to Flarum 1.2 or later, or evaluate the impact this issue has on your forum’s users and choose to disable the extension if needed. There are no workarounds for this issue. | 2022-08-01 | not yet calculated | CVE-2022-35921 CONFIRM MISC |
frrouting — frrouting |
An issue was discovered in bgpd in FRRouting (FRR) 8.3. In bgp_notify_send_with_data() and bgp_process_packet() in bgp_packet.c, there is a possible use-after-free due to a race condition. This could lead to Remote Code Execution or Information Disclosure by sending crafted BGP packets. User interaction is not needed for exploitation. | 2022-08-02 | not yet calculated | CVE-2022-37035 MISC MISC |
garage_management_system — garage_management_system | A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. This vulnerability affects unknown code of the file /edituser.php. The manipulation of the argument id with the input -2’%20UNION%20select%2011,user(),333,444–+ leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2022-07-29 | not yet calculated | CVE-2022-2577 MISC MISC |
garage_management_system — garage_management_system | A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /php_action/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2022-07-29 | not yet calculated | CVE-2022-2578 MISC MISC |
garage_management_system — garage_management_system |
A vulnerability was found in SourceCodester Garage Management System and classified as critical. This issue affects some unknown processing of the file removeUser.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205655. | 2022-08-05 | not yet calculated | CVE-2022-2671 MISC |
garage_management_system — garage_management_system |
A vulnerability has been found in SourceCodester Garage Management System and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edituser.php. The manipulation of the argument id with the input 1\”><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205573 was assigned to this vulnerability. | 2022-08-04 | not yet calculated | CVE-2022-2645 MISC |
garage_management_system — garage_management_system |
A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument userName/uemail leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205656. | 2022-08-05 | not yet calculated | CVE-2022-2672 MISC |
garage_management_system — garage_management_system | A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument userName with the input lala<img src=”” onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2022-07-29 | not yet calculated | CVE-2022-2579 MISC MISC |
get-npm-package-version — get-npm-package-version | The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js. | 2022-08-02 | not yet calculated | CVE-2020-7795 MISC MISC MISC MISC |
getlaminas — laminas-diactoros | laminas-diactoros is a PHP package containing implementations of the PSR-7 HTTP message interfaces and PSR-17 HTTP message factory interfaces. Applications that use Diactoros, and are either not behind a proxy, or can be accessed via untrusted proxies, can potentially have the host, protocol, and/or port of a `Laminas\Diactoros\Uri` instance associated with the incoming server request modified to reflect values from `X-Forwarded-*` headers. Such changes can potentially lead to XSS attacks (if a fully-qualified URL is used in links) and/or URL poisoning. Since the `X-Forwarded-*` headers do have valid use cases, particularly in clustered environments using a load balancer, the library offers mitigation measures only in the v2 releases, as doing otherwise would break these use cases immediately. Users of v2 releases from 2.11.1 can provide an additional argument to `Laminas\Diactoros\ServerRequestFactory::fromGlobals()` in the form of a `Laminas\Diactoros\RequestFilter\RequestFilterInterface` instance, including the shipped `Laminas\Diactoros\RequestFilter\NoOpRequestFilter` implementation which ignores the `X-Forwarded-*` headers. Starting in version 3.0, the library will reverse behavior to use the `NoOpRequestFilter` by default, and require users to opt-in to `X-Forwarded-*` header usage via a configured `Laminas\Diactoros\RequestFilter\LegacyXForwardedHeaderFilter` instance. Users are advised to upgrade to version 2.11.1 or later to resolve this issue. Users unable to upgrade may configure web servers to reject `X-Forwarded-*` headers at the web server level. | 2022-08-01 | not yet calculated | CVE-2022-31109 MISC CONFIRM MISC |
gitblame — gitblame |
This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js. | 2022-08-02 | not yet calculated | CVE-2020-28434 MISC |
github — enterprise_server | A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github’s Content Security Policy (CSP). This vulnerability affected all versions of GitHub Enterprise Server prior to 3.6 and was fixed in versions 3.3.11, 3.4.6 and 3.5.3. This vulnerability was reported via the GitHub Bug Bounty program. | 2022-08-02 | not yet calculated | CVE-2022-23733 CONFIRM CONFIRM CONFIRM |
gitlab — ce/ee |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.6 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1, allowed a project member to filter issues by contact and organization. | 2022-08-05 | not yet calculated | CVE-2022-2539 MISC CONFIRM |
gitlab — ce/ee |
An improper access control check in GitLab CE/EE affecting all versions starting from 13.7 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious authenticated user to view a public project’s Deploy Key’s public fingerprint and name when that key has write permission. Note that GitLab never asks for nor stores the private key. | 2022-08-05 | not yet calculated | CVE-2022-2095 CONFIRM MISC MISC |
gitlab — ce/ee |
A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited. | 2022-08-05 | not yet calculated | CVE-2022-2307 CONFIRM MISC |
gitlab — ce/ee |
A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side. | 2022-08-05 | not yet calculated | CVE-2022-2500 CONFIRM MISC MISC |
gitlab — ce/ee |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration. | 2022-08-05 | not yet calculated | CVE-2022-2534 MISC CONFIRM |
gitlab — ce/ee |
An issue has been discovered in GitLab EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for email invited members to join a project even after the Group Owner has enabled the setting to prevent members from being added to projects in a group, if the invite was sent before the setting was enabled. | 2022-08-05 | not yet calculated | CVE-2022-2459 MISC MISC CONFIRM |
gitlab — ce/ee |
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible to gain access to a private project through an email invite by using other user’s email address as an unverified secondary email. | 2022-08-05 | not yet calculated | CVE-2022-2326 MISC MISC CONFIRM |
gitlab — ce/ee |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. A malicious maintainer could exfiltrate an integration’s access token by modifying the integration URL such that authenticated requests are sent to an attacker controlled server. | 2022-08-05 | not yet calculated | CVE-2022-2497 MISC CONFIRM MISC |
gitlab — ce/ee |
Insufficient validation in GitLab CE/EE affecting all versions from 12.10 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project. | 2022-08-05 | not yet calculated | CVE-2022-2417 MISC CONFIRM |
gitlab — ce/ee |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. Membership changes are not reflected in TODO for confidential notes, allowing a former project members to read updates via TODOs. | 2022-08-05 | not yet calculated | CVE-2022-2512 MISC CONFIRM |
gitlab — ce/ee |
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for group members to bypass 2FA enforcement enabled at the group level by using Resource Owner Password Credentials grant to obtain an access token without using 2FA. | 2022-08-05 | not yet calculated | CVE-2022-2303 MISC MISC CONFIRM |
gitlab — ce/ee |
An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request. | 2022-08-05 | not yet calculated | CVE-2022-2456 MISC MISC CONFIRM |
gitlab — ee |
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was not performing correct authentication on Grafana API under specific conditions allowing unauthenticated users to perform queries through a path traversal vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-2531 MISC CONFIRM MISC |
gitlab — ee |
An improper access control issue in GitLab EE affecting all versions from 12.0 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 allows an attacker to bypass IP allow-listing and download artifacts. This attack only bypasses IP allow-listing, proper permissions are still required. | 2022-08-05 | not yet calculated | CVE-2022-2501 CONFIRM MISC MISC |
gitlab — ee |
An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription’s author. | 2022-08-05 | not yet calculated | CVE-2022-2498 MISC CONFIRM MISC |
gitlab — ee |
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab’s Jira integration has an insecure direct object reference vulnerability that may be exploited by an attacker to leak Jira issues. | 2022-08-05 | not yet calculated | CVE-2022-2499 CONFIRM MISC MISC |
gnu_affero — minio |
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all ‘admin’ users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies. | 2022-08-01 | not yet calculated | CVE-2022-35919 MISC MISC CONFIRM |
gnutls — gnutls | A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. | 2022-08-01 | not yet calculated | CVE-2022-2509 MISC MISC |
go_ethereum — go_ethereum |
Go Ethereum (aka geth) through 1.10.21 allows attackers to increase rewards by mining blocks in certain situations, and using a manipulation of time-difference values to achieve replacement of main-chain blocks, aka Riskless Uncle Making (RUM), as exploited in the wild in 2020 through 2022. | 2022-08-05 | not yet calculated | CVE-2022-37450 MISC MISC MISC MISC |
google — android | In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032553; Issue ID: ALPS07032553. | 2022-08-01 | not yet calculated | CVE-2022-26431 MISC |
google — android | In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085486; Issue ID: ALPS07085486. | 2022-08-01 | not yet calculated | CVE-2022-26426 MISC |
google — android | In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478059; Issue ID: ALPS06478059. | 2022-08-01 | not yet calculated | CVE-2022-21791 MISC |
google — android | In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138450; Issue ID: ALPS07138450. | 2022-08-01 | not yet calculated | CVE-2022-26434 MISC |
google — android | In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138400; Issue ID: ALPS07138400. | 2022-08-01 | not yet calculated | CVE-2022-26433 MISC |
google — android | In mailbox, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032542; Issue ID: ALPS07032542. | 2022-08-01 | not yet calculated | CVE-2022-26432 MISC |
google — android | In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260. | 2022-08-01 | not yet calculated | CVE-2022-26428 MISC |
google — android | In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085410; Issue ID: ALPS07085410. | 2022-08-01 | not yet calculated | CVE-2022-21792 MISC |
google — android | In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07032521; Issue ID: ALPS07032521. | 2022-08-01 | not yet calculated | CVE-2022-26430 MISC |
google — android | In scp, there is a possible undefined behavior due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06988728; Issue ID: ALPS06988728. | 2022-08-01 | not yet calculated | CVE-2022-21788 MISC |
google — android | In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID: ALPS07025415. | 2022-08-01 | not yet calculated | CVE-2022-26429 MISC |
google — android | In audio ipi, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06478101; Issue ID: ALPS06478101. | 2022-08-01 | not yet calculated | CVE-2022-21789 MISC |
google — android | In mailbox, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07138435; Issue ID: ALPS07138435. | 2022-08-01 | not yet calculated | CVE-2022-26435 MISC |
google — android | In camera isp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479306; Issue ID: ALPS06479306. | 2022-08-01 | not yet calculated | CVE-2022-21790 MISC |
google — android | In camera isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07085540; Issue ID: ALPS07085540. | 2022-08-01 | not yet calculated | CVE-2022-26427 MISC |
google — android | In emi mpu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07023666; Issue ID: ALPS07023666. | 2022-08-01 | not yet calculated | CVE-2022-26436 MISC |
google — android |
EllieGrid Android Application version 3.4.1 is vulnerable to Code Injection. The application appears to evaluate user input as code (remote). | 2022-07-30 | not yet calculated | CVE-2022-30083 MISC |
google — google_play_services_software_development_kit | Incorrect signature trust exists within Google Play services SDK play-services-basement. A debug version of Google Play services is trusted by the SDK for devices that are non-GMS. We recommend upgrading the SDK past the 2022-05-03 release. | 2022-07-29 | not yet calculated | CVE-2022-1799 MISC |
graphql-go — graphql-go | graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser. | 2022-08-01 | not yet calculated | CVE-2022-37315 MISC |
graphql-rust — juniper |
Juniper is a GraphQL server library for Rust. Affected versions of Juniper are vulnerable to uncontrolled recursion resulting in a program crash. This issue has been addressed in version 0.15.10. Users are advised to upgrade. Users unable to upgrade should limit the recursion depth manually. | 2022-08-01 | not yet calculated | CVE-2022-31173 MISC MISC MISC CONFIRM |
grummunio — gromox |
Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module. | 2022-08-04 | not yet calculated | CVE-2022-37030 MISC MISC |
gvret — gvret |
GVRET Stable Release as of Aug 15, 2015 was discovered to contain a buffer overflow via the handleConfigCmd function at SerialConsole.cpp. | 2022-08-03 | not yet calculated | CVE-2022-35161 MISC |
gym_management_system — gym_management_system |
A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. Affected is an unknown function. The manipulation of the argument user_pass leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-205734 is the identifier assigned to this vulnerability. | 2022-08-06 | not yet calculated | CVE-2022-2687 MISC MISC |
hcl_commerce — remote_store_server |
HCL Commerce’s Remote Store server could allow a local attacker to obtain sensitive personal information. The vulnerability requires the victim to first perform a particular operation on the website. | 2022-07-30 | not yet calculated | CVE-2021-27785 MISC |
hcl_software — launch |
HCL Launch could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. | 2022-08-03 | not yet calculated | CVE-2022-27551 CONFIRM |
heroku-env — heroku-env |
This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js. | 2022-08-02 | not yet calculated | CVE-2020-28437 MISC |
hestiacp — hestiacp | Improper Input Validation in GitHub repository hestiacp/hestiacp prior to 1.6.6. | 2022-08-05 | not yet calculated | CVE-2022-2636 CONFIRM MISC |
hestiacp — hestiacp |
Incorrect Privilege Assignment in GitHub repository hestiacp/hestiacp prior to 1.6.6. | 2022-08-05 | not yet calculated | CVE-2022-2626 MISC CONFIRM |
hiby — r3_pro_firmware | Hiby R3 PRO firmware v1.5 to v1.7 was discovered to contain a file upload vulnerability via the file upload feature. | 2022-07-29 | not yet calculated | CVE-2022-34496 MISC MISC |
hinet — hicos_citizen_verification |
HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service. | 2022-08-02 | not yet calculated | CVE-2022-35222 MISC |
ibm — cics_tx | IBM CICS TX 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229333. | 2022-08-01 | not yet calculated | CVE-2022-34163 CONFIRM CONFIRM XF |
ibm — cics_tx | IBM CICS TX 11.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 229331. | 2022-08-01 | not yet calculated | CVE-2022-34161 CONFIRM XF CONFIRM |
ibm — cics_tx | IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 229436. | 2022-08-01 | not yet calculated | CVE-2022-34307 XF CONFIRM CONFIRM |
ibm — cics_tx | IBM CICS TX 11.1 could allow a local user to impersonate another legitimate user due to improper input validation. IBM X-Force ID: 229338. | 2022-08-01 | not yet calculated | CVE-2022-34164 CONFIRM CONFIRM XF |
ibm — cics_tx | IBM CICS TX 11.1 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. IBM X-Force ID: 229332. | 2022-08-01 | not yet calculated | CVE-2022-34162 CONFIRM CONFIRM XF |
ibm — cics_tx | IBM CICS TX 11.1 could allow allow an attacker with physical access to the system to execute code due using a back and refresh attack. IBM X-Force ID: 229312. | 2022-08-01 | not yet calculated | CVE-2022-33955 CONFIRM XF CONFIRM |
ibm — datapower_gateway | IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 228359. | 2022-08-01 | not yet calculated | CVE-2022-31775 XF CONFIRM |
ibm — datapower_gateway | IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228435. | 2022-08-01 | not yet calculated | CVE-2022-32750 CONFIRM XF |
ibm — datapower_gateway | IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 228433. | 2022-08-01 | not yet calculated | CVE-2022-31776 XF CONFIRM |
ibm — datapower_gateway | IBM DataPower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.8, 10.5.0.0, and 2018.4.1.0 through 2018.4.1.21 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228358. | 2022-08-01 | not yet calculated | CVE-2022-31774 CONFIRM XF |
ibm — datapower_gateway | IBM Datapower Gateway 10.0.2.0 through 10.0.4.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 could allow unauthorized viewing of logs and files due to insufficient authorization checks. IBM X-Force ID: 218856. | 2022-08-01 | not yet calculated | CVE-2022-22326 CONFIRM CONFIRM XF |
ibm — powervm_vios | IBM PowerVM VIOS 3.1 could allow a remote attacker to tamper with system configuration or cause a denial of service. IBM X-Force ID: 230956. | 2022-07-29 | not yet calculated | CVE-2022-35643 CONFIRM XF |
ibm — robotic_process_automation | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could disclose sensitive information due to improper privilege management for storage provider types. IBM X-Force ID: 229962. | 2022-08-01 | not yet calculated | CVE-2022-34338 XF CONFIRM |
ibm — robotic_process_automation | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow IBM tenant credentials to be exposed. IBM X-Force ID: 227288. | 2022-08-01 | not yet calculated | CVE-2022-22505 CONFIRM XF |
ibm — robotic_process_automation | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to elevate their privilege to platform administrator through manipulation of APIs. IBM X-Force ID: 227978. | 2022-08-01 | not yet calculated | CVE-2022-30616 XF CONFIRM |
ibm — robotic_process_automation | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user to access information from a tenant of which they should not have access. IBM X-Force ID: 219391. | 2022-08-01 | not yet calculated | CVE-2022-22334 CONFIRM XF |
ibm — robotic_process_automation | IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to insufficiently protected credentials for users created via a bulk upload. IBM X-Force ID: 228888. | 2022-08-01 | not yet calculated | CVE-2022-33169 XF CONFIRM |
ibm — urbancode_deploy | IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360. | 2022-08-01 | not yet calculated | CVE-2022-35716 XF CONFIRM |
image-tiler — image-tiler | This affects the package image-tiler before 2.0.2. | 2022-08-02 | not yet calculated | CVE-2020-28451 MISC MISC |
imbrn — v8n |
NextAuth.js is a complete open source authentication solution for Next.js applications. `next-auth` users who are using the `EmailProvider` either in versions before `4.10.3` or `3.29.10` are affected. If an attacker could forge a request that sent a comma-separated list of emails (eg.: `[email protected],[email protected]`) to the sign-in endpoint, NextAuth.js would send emails to both the attacker and the victim’s e-mail addresses. The attacker could then login as a newly created user with the email being `[email protected],[email protected]`. This means that basic authorization like `email.endsWith(“@victim.com”)` in the `signIn` callback would fail to communicate a threat to the developer and would let the attacker bypass authorization, even with an `@attacker.com` address. This vulnerability has been patched in `v4.10.3` and `v3.29.10` by normalizing the email value that is sent to the sign-in endpoint before accessing it anywhere else. We also added a `normalizeIdentifier` callback on the `EmailProvider` configuration, where you can further tweak your requirements for what your system considers a valid e-mail address. (E.g.: strict RFC2821 compliance). Users are advised to upgrade. There are no known workarounds for this vulnerability. If for some reason you cannot upgrade, you can normalize the incoming request using Advanced Initialization. | 2022-08-02 | not yet calculated | CVE-2022-35924 MISC CONFIRM MISC MISC MISC MISC MISC MISC |
imbrn — v8n |
v8n is a javascript validation library. Versions of v8n prior to 1.5.1 were found to have an inefficient regular expression complexity in the `lowercase()` and `uppercase()` regex which could lead to a denial of service attack. In testing of the `lowercase()` function a payload of ‘a’ + ‘a’.repeat(i) + ‘A’ with 32 leading characters took 29443 ms to execute. The same issue happens with uppercase(). Users are advised to upgrade. There are no known workarounds for this issue. | 2022-08-02 | not yet calculated | CVE-2022-35923 CONFIRM MISC MISC |
inavitas — solar_log | Inavitas Solar Log product has an unauthenticated SQL Injection vulnerability. | 2022-07-29 | not yet calculated | CVE-2022-1277 CONFIRM |
inductive_automation — ignition |
Due to an XML external entity reference, the software parses XML in the backup/restore functionality without XML security flags, which may lead to a XXE attack while restoring the backup. | 2022-08-05 | not yet calculated | CVE-2022-1704 MISC |
interview_management_system — interview_management_system |
A vulnerability was found in SourceCodester Interview Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /addQuestion.php. The manipulation of the argument question with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205673 was assigned to this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-2685 MISC MISC MISC |
interview_management_system — interview_management_system |
A vulnerability was found in SourceCodester Interview Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /viewReport.php. The manipulation of the argument id with the input (UPDATEXML(9729,CONCAT(0x2e,0x716b707071,(SELECT (ELT(9729=9729,1))),0x7162766a71),7319)) leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205667. | 2022-08-05 | not yet calculated | CVE-2022-2679 MISC MISC |
itpison — omicard_edm |
OMICARD EDM’s mail image relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. | 2022-08-04 | not yet calculated | CVE-2022-35216 MISC |
itpison — omnicard_edm |
OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code, manipulate system data and disrupt service. | 2022-08-04 | not yet calculated | CVE-2022-32965 MISC |
itpison — omnicard_edm |
OMICARD EDM’s mail file relay function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to by-pass authentication and access arbitrary system files. | 2022-08-04 | not yet calculated | CVE-2022-32963 MISC |
itpison — omnicard_edm |
OMICARD EDM’s API function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, delete database or disrupt service. | 2022-08-04 | not yet calculated | CVE-2022-32964 MISC |
jeecg-boot — jeecg-boot |
A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-205594 is the identifier assigned to this vulnerability. | 2022-08-04 | not yet calculated | CVE-2022-2647 MISC MISC |
jetbrains — rider |
In JetBrains Rider before 2022.2 Trust and Open Project dialog could be bypassed, leading to local code execution | 2022-08-03 | not yet calculated | CVE-2022-37396 MISC |
jflyfox — jfinal_cms | JFinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via /system/user. | 2022-08-03 | not yet calculated | CVE-2022-34928 MISC |
kaspersky — vpn_secure_connection |
Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of its ‘Delete All Service Data And Reports’ feature by the local authenticated attacker. | 2022-08-05 | not yet calculated | CVE-2022-27535 MISC |
keycloak — keycloak |
An issue was discovered in Keycloak that allows arbitrary Javascript to be uploaded for the SAML protocol mapper even if the UPLOAD_SCRIPTS feature is disabled | 2022-08-05 | not yet calculated | CVE-2022-2668 MISC |
krakend — multiple_products |
Lura and KrakenD-CE versions older than v2.0.2 and KrakenD-EE versions older than v2.0.0 do not sanitize URL parameters correctly, allowing a malicious user to alter the backend URL defined for a pipe when remote users send crafty URL requests. The vulnerability does not affect KrakenD itself, but the consumed backend might be vulnerable. | 2022-08-01 | not yet calculated | CVE-2022-1561 CONFIRM CONFIRM |
kromit — titra | Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1. | 2022-08-01 | not yet calculated | CVE-2022-2595 MISC CONFIRM |
kvm — kvm |
A flaw was found in KVM. When updating a guest’s page table entry, vm_pgoff was improperly used as the offset to get the page’s pfn. As vaddr and vm_pgoff are controllable by user-mode processes, this flaw allows unprivileged local users on the host to write outside the userspace region and potentially corrupt the kernel, resulting in a denial of service condition. | 2022-08-05 | not yet calculated | CVE-2022-1158 MISC MISC |
landray — landling_oa |
Lanling OA Landray Office Automation (OA) internal patch number #133383/#137780 contains an arbitrary file read vulnerability via the component /sys/ui/extend/varkind/custom.jsp. | 2022-08-02 | not yet calculated | CVE-2022-34924 MISC MISC |
laravel — laravel |
Laravel v5.1 was discovered to contain a remote code execution (RCE) vulnerability via the component ChanceGenerator in __call. | 2022-08-03 | not yet calculated | CVE-2022-34943 MISC |
libtiff — libtiff | A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file. | 2022-07-29 | not yet calculated | CVE-2022-34526 MISC FEDORA |
linux — linux_kernel |
A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. | 2022-08-05 | not yet calculated | CVE-2022-1012 MISC |
linux — linux_kernel |
A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem. | 2022-08-05 | not yet calculated | CVE-2022-1973 MISC |
loan_management_system — loan_management_system |
A vulnerability was found in SourceCodester Loan Management System and classified as critical. This issue affects some unknown processing of the file delete_lplan.php. The manipulation of the argument lplan_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205619. | 2022-08-05 | not yet calculated | CVE-2022-2667 MISC MISC |
luadec — luadec |
Luadec v0.9.9 was discovered to contain a heap-buffer overflow via the function UnsetPending. | 2022-08-03 | not yet calculated | CVE-2022-34992 MISC |
makedeb — mprweb |
mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the `Hide Email Address` checkbox on their account page, or during signup. This could lead to an account’s email being leaked, which may be problematic if your email needs to remain private for any reason. Users hosting their own mprweb instance will need to upgrade to the latest commit to get this fixed. Users on the official instance will already have this issue fixed. | 2022-08-01 | not yet calculated | CVE-2022-31185 MISC CONFIRM |
mango — mango |
An issue in \Roaming\Mango\Plugins of University of Texas Multi-image Analysis GUI (Mango) 4.1 allows attackers to escalate privileges via crafted plugins. | 2022-08-01 | not yet calculated | CVE-2022-34567 MISC MISC MISC MISC |
mealie — mealie | A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Shopping Lists item names text field. | 2022-08-02 | not yet calculated | CVE-2022-34619 MISC MISC MISC MISC MISC |
mealie — mealie | A stored cross-site scripting (XSS) vulnerability in Mealie 1.0.0beta3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the recipe description text field. | 2022-08-02 | not yet calculated | CVE-2022-34618 MISC MISC MISC MISC MISC |
mealie — mealie |
Mealie 1.0.0beta3 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted file. | 2022-08-02 | not yet calculated | CVE-2022-34613 MISC MISC MISC MISC |
mealie — mealie |
Mealie1.0.0beta3 was discovered to contain a Server-Side Template Injection vulnerability, which allows attackers to execute arbitrary code via a crafted Jinja2 template. | 2022-08-02 | not yet calculated | CVE-2022-34625 MISC MISC MISC MISC MISC |
mediatek — chipsets_in_multiple_products | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420088; Issue ID: GN20220420088. | 2022-08-01 | not yet calculated | CVE-2022-26445 MISC |
mediatek — chipsets_in_multiple_products | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420075; Issue ID: GN20220420075. | 2022-08-01 | not yet calculated | CVE-2022-26444 MISC |
mediatek — chipsets_in_multiple_products | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420068; Issue ID: GN20220420068. | 2022-08-01 | not yet calculated | CVE-2022-26443 MISC |
mediatek — chipsets_in_multiple_products | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420051; Issue ID: GN20220420051. | 2022-08-01 | not yet calculated | CVE-2022-26442 MISC |
mediatek — chipsets_in_multiple_products | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420044; Issue ID: GN20220420044. | 2022-08-01 | not yet calculated | CVE-2022-26441 MISC |
mediatek — chipsets_in_multiple_products | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420037; Issue ID: GN20220420037. | 2022-08-01 | not yet calculated | CVE-2022-26440 MISC |
mediatek — chipsets_in_multiple_products | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420013; Issue ID: GN20220420013. | 2022-08-01 | not yet calculated | CVE-2022-26438 MISC |
mediatek — chipsets_in_multiple_products | In wifi driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220420020; Issue ID: GN20220420020. | 2022-08-01 | not yet calculated | CVE-2022-26439 MISC |
mediatek — chipsets_in_multiple_products | In httpclient, there is a possible out of bounds write due to uninitialized data. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WSAP00103831; Issue ID: WSAP00103831. | 2022-08-01 | not yet calculated | CVE-2022-26437 MISC |
michlol-rashim — michlol-rashim |
Michlol – rashim web interface Insecure direct object references (IDOR). First of all, the attacker needs to login. After he performs log into the system there are some functionalities that the specific user is not allowed to perform. However all the attacker needs to do in order to achieve his goals is to change the value of the ptMsl parameter and then the attacker can access sensitive data that he not supposed to access because its belong to another user. | 2022-08-05 | not yet calculated | CVE-2022-34769 MISC |
milkytracker — milkytracker |
MilkyTracker v1.03.00 was discovered to contain a stack overflow via the component LoaderXM::load. This vulnerability is triggered when the program is supplied a crafted XM module file. | 2022-08-03 | not yet calculated | CVE-2022-34927 MISC MISC |
monetdb — monetdb |
The assertion `stmt->Dbc->FirstStmt’ failed in MonetDB Database Server v11.43.13. | 2022-08-03 | not yet calculated | CVE-2022-34967 MISC |
monorepo-build — monorepo-build | This affects all versions of package monorepo-build. | 2022-08-02 | not yet calculated | CVE-2020-28423 MISC |
moodle — moodle | In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without the ‘access all groups’ capability were not restricted to viewing grades of users within their own groups. | 2022-08-05 | not yet calculated | CVE-2020-1754 MISC |
moodle — moodle | In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting. | 2022-08-05 | not yet calculated | CVE-2020-1691 MISC |
multi_language_hotel_management_software — multi_language_hotel_management_software |
A vulnerability classified as critical has been found in SourceCodester Multi Language Hotel Management Software. Affected is an unknown function. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205596. | 2022-08-04 | not yet calculated | CVE-2022-2656 MISC MISC |
multi_language_hotel_management_software — multi_language_hotel_management_software |
A vulnerability was found in SourceCodester Multi Language Hotel Management Software. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205595. | 2022-08-04 | not yet calculated | CVE-2022-2648 MISC MISC |
next.js — nextauth.js |
NextAuth.js is a complete open source authentication solution for Next.js applications. An information disclosure vulnerability in `next-auth` before `v4.10.2` and `v3.29.9` allows an attacker with log access privilege to obtain excessive information such as an identity provider’s secret in the log (which is thrown during OAuth error handling) and use it to leverage further attacks on the system, like impersonating the client to ask for extensive permissions. This issue has been patched in `v4.10.2` and `v3.29.9` by moving the log for `provider` information to the debug level. In addition, we added a warning for having the `debug: true` option turned on in production. If for some reason you cannot upgrade, you can user the `logger` configuration option by sanitizing the logs. | 2022-08-01 | not yet calculated | CVE-2022-31186 MISC MISC CONFIRM MISC |
nextcloud — mail |
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is recommended that the Nextcloud Mail is upgraded to 1.12.1. Operators should inspect their logs and remove passwords which have been logged. There are no workarounds to prevent logging in the event of a misconfiguration. | 2022-08-04 | not yet calculated | CVE-2022-31119 CONFIRM MISC MISC |
nextcloud — mail |
Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions shipped with a CSS minifier on the path `./vendor/cerdic/css-tidy/css_optimiser.php`. Access to the minifier is unrestricted and access may lead to Server-Side Request Forgery (SSRF). It is recommendet to upgrade to Mail 1.12.7 or Mail 1.13.6. Users unable to upgrade may manually delete the file located at `./vendor/cerdic/css-tidy/css_optimiser.php` | 2022-08-04 | not yet calculated | CVE-2022-31132 CONFIRM |
nextcloud — server |
Nextcloud server is an open source personal cloud solution. In affected versions an attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (`a-zA-Z0-9` ^ 15). It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2. Users unable to upgrade may disable federated sharing via the Admin Sharing settings in `index.php/settings/admin/sharing`. | 2022-08-04 | not yet calculated | CVE-2022-31118 CONFIRM MISC |
nextcloud — server |
Nextcloud server is an open source personal cloud solution. The audit log is used to get a full trail of the actions which has been incompletely populated. In affected versions federated share events were not properly logged which would allow brute force attacks to go unnoticed. This behavior exacerbates the impact of CVE-2022-31118. It is recommended that the Nextcloud Server is upgraded to 22.2.7, 23.0.4 or 24.0.0. There are no workarounds available. | 2022-08-04 | not yet calculated | CVE-2022-31120 CONFIRM MISC MISC |
nhi_card — nhi_card |
The NHI card’s web service component has a heap-based buffer overflow vulnerability due to insufficient validation for packet origin parameter length. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. | 2022-08-02 | not yet calculated | CVE-2022-35218 MISC |
nhi_card — nhi_card |
The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet key parameter. A LAN attacker with general user privilege can exploit this vulnerability to disrupt service. | 2022-08-02 | not yet calculated | CVE-2022-35219 MISC |
nhi_card — nhi_card |
The NHI card’s web service component has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A local area network attacker with general user privilege can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service. | 2022-08-02 | not yet calculated | CVE-2022-35217 MISC |
nlnet_labs — unbound |
NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the “ghost domain names” attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten. | 2022-08-01 | not yet calculated | CVE-2022-30699 CONFIRM |
nlnet_labs — unbound |
NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the “ghost domain names” attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound’s delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information. | 2022-08-01 | not yet calculated | CVE-2022-30698 CONFIRM |
node-fetch — node-fetch | Denial of Service in GitHub repository node-fetch/node-fetch prior to 3.2.10. | 2022-08-01 | not yet calculated | CVE-2022-2596 MISC CONFIRM |
node-latex-pdf — node-latex-pdf |
This affects all versions of package node-latex-pdf. | 2022-08-02 | not yet calculated | CVE-2020-28433 MISC |
npos-tesseract — npos-tesseract | This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js. | 2022-08-02 | not yet calculated | CVE-2020-28453 MISC |
nvidia — vgpu_software |
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin) where it may double-free some resources. An attacker may exploit this vulnerability with other vulnerabilities to cause denial of service, code execution, and information disclosure. | 2022-08-05 | not yet calculated | CVE-2022-31614 MISC |
nvidia — vgpu_software |
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it can dereference a null pointer, which may lead to denial of service. | 2022-08-05 | not yet calculated | CVE-2022-31618 MISC |
nvidia — vgpu_software |
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows the guest VM to allocate resources for which the guest is not authorized. This vulnerability may lead to loss of data integrity and confidentiality, denial of service, or information disclosure. | 2022-08-05 | not yet calculated | CVE-2022-31609 MISC |
online_admission_system — online_admission_system |
A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-205565 was assigned to this vulnerability. | 2022-08-04 | not yet calculated | CVE-2022-2644 MISC MISC |
online_admission_system — online_admission_system |
A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Affected is an unknown function of the file index.php. The manipulation of the argument eid with the input 8</h3><script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205572. | 2022-08-04 | not yet calculated | CVE-2022-2646 MISC MISC |
online_admission_system — online_admission_system |
A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument shift leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this entry is VDB-205564. | 2022-08-04 | not yet calculated | CVE-2022-2643 MISC MISC |
online_student_admission_system — online_student_admission_system |
A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input <script>alert(/xss/)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205669 was assigned to this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-2681 MISC MISC |
online_tours_and_travels_management_system — online_tours_and_travels_management_system | Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the pname parameter at /admin/operations/packages.php. | 2022-08-02 | not yet calculated | CVE-2022-35421 MISC |
openstack — nova |
An issue was discovered in OpenStack Nova before 23.2.2, 24.x before 24.1.2, and 25.x before 25.0.2. By creating a neutron port with the direct vnic_type, creating an instance bound to that port, and then changing the vnic_type of the bound port to macvtap, an authenticated user may cause the compute service to fail to restart, resulting in a possible denial of service. Only Nova deployments configured with SR-IOV are affected. | 2022-08-03 | not yet calculated | CVE-2022-37394 MISC MISC MISC |
openzeppelin — contracts |
OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, `CrossChainEnabledArbitrumL2` or `LibArbitrumL2`, will classify direct interactions of externally owned accounts (EOAs) as cross chain calls, even though they are not started on L1. This issue has been patched in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-08-01 | not yet calculated | CVE-2022-35916 MISC CONFIRM |
openzeppelin — contracts |
OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 `supportsInterface` query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in v4.7.2. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-08-01 | not yet calculated | CVE-2022-35915 MISC CONFIRM |
openzeppelin — contracts |
OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module `GovernorVotesQuorumFraction`, a mechanism that determines quorum requirements as a percentage of the voting token’s total supply. In affected instances, when a proposal is passed to lower the quorum requirements, past proposals may become executable if they had been defeated only due to lack of quorum, and the number of votes it received meets the new quorum requirement. Analysis of instances on chain found only one proposal that met this condition, and we are actively monitoring for new occurrences of this particular issue. This issue has been patched in v4.7.2. Users are advised to upgrade. Users unable to upgrade should consider avoiding lowering quorum requirements if a past proposal was defeated for lack of quorum. | 2022-08-01 | not yet calculated | CVE-2022-31198 MISC CONFIRM |
oretnom23 — fast_food_ordering_system |
A vulnerability, which was classified as problematic, was found in oretnom23 Fast Food Ordering System. This affects an unknown part of the component Menu List Page. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205725 was assigned to this vulnerability. | 2022-08-06 | not yet calculated | CVE-2022-2686 MISC MISC |
percona — percona_server_for_mysql |
An issue in the fetch_step function in Percona Server for MySQL v8.0.28-19 allows attackers to cause a Denial of Service (DoS) via a SQL query. | 2022-08-03 | not yet calculated | CVE-2022-34968 MISC |
pgjdbc — pgjdbc |
PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application’s JDBC user. User applications that do not invoke the `ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted if the underlying database that they are querying via their JDBC application may be under the control of an attacker. The attack requires the attacker to trick the user into executing SQL against a table name who’s column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on the ResultSet. Note that the application’s JDBC user and the schema owner need not be the same. A JDBC application that executes as a privileged user querying database schemas owned by potentially malicious less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to craft a schema that causes the application to execute commands as the privileged user. Patched versions will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-08-03 | not yet calculated | CVE-2022-31197 MISC CONFIRM |
pharmacy_management_system — pharmacy_management_system | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getOrderReport.php. | 2022-08-02 | not yet calculated | CVE-2022-34953 MISC |
pharmacy_management_system — pharmacy_management_system | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edituser.php. | 2022-08-02 | not yet calculated | CVE-2022-34952 MISC |
pharmacy_management_system — pharmacy_management_system | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getsalereport.php. | 2022-08-02 | not yet calculated | CVE-2022-34951 MISC |
pharmacy_management_system — pharmacy_management_system | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editproduct.php. | 2022-08-02 | not yet calculated | CVE-2022-34950 MISC |
pharmacy_management_system — pharmacy_management_system | Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php. | 2022-08-02 | not yet calculated | CVE-2022-34949 MISC |
pharmacy_management_system — pharmacy_management_system | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at invoiceprint.php. | 2022-08-02 | not yet calculated | CVE-2022-34954 MISC |
pharmacy_management_system — pharmacy_management_system | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editbrand.php. | 2022-08-02 | not yet calculated | CVE-2022-34948 MISC |
pharmacy_management_system — pharmacy_management_system | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at editcategory.php. | 2022-08-02 | not yet calculated | CVE-2022-34947 MISC |
pharmacy_management_system — pharmacy_management_system | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getexpproduct.php. | 2022-08-02 | not yet calculated | CVE-2022-34946 MISC |
pharmacy_management_system — pharmacy_management_system | Pharmacy Management System v1.0 was discovered to contain a SQL injection vulnerability via the startDate parameter at getproductreport.php. | 2022-08-02 | not yet calculated | CVE-2022-34945 MISC |
pingcap — pingcap_tidb |
PingCAP TiDB v6.1.0 was discovered to contain a NULL pointer dereference. | 2022-08-03 | not yet calculated | CVE-2022-34969 MISC |
plankanban — planka |
With this vulnerability an attacker can read many sensitive files like configuration files, or the /proc/self/environ file, that contains the environment variable used by the web server that includes database credentials. If the web server user is root, an attacker will be able to read any file in the system. | 2022-08-04 | not yet calculated | CVE-2022-2653 MISC CONFIRM |
pligg — pligg_cms | Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_topusers.php. | 2022-08-02 | not yet calculated | CVE-2022-34955 MISC |
pligg — pligg_cms | Pligg CMS v2.0.2 was discovered to contain a time-based SQL injection vulnerability via the page_size parameter at load_data_for_groups.php. | 2022-08-02 | not yet calculated | CVE-2022-34956 MISC |
prestashop — prestashop |
PrestaShop is an Open Source e-commerce platform. In versions from 1.6.0.10 and before 1.7.8.7 PrestaShop is subject to an SQL injection vulnerability which can be chained to call PHP’s Eval function on attacker input. The problem is fixed in version 1.7.8.7. Users are advised to upgrade. Users unable to upgrade may delete the MySQL Smarty cache feature. | 2022-08-01 | not yet calculated | CVE-2022-31181 MISC MISC CONFIRM |
private_cloud_management_platform — private_cloud_management_platform |
A vulnerability classified as critical has been found in Private Cloud Management Platform. Affected is an unknown function of the file /management/api/rcx_management/global_config_query of the component POST Request Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. VDB-205614 is the identifier assigned to this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-2664 MISC |
progress — ws-ftp_server |
In Progress WS_FTP Server prior to version 8.7.3, multiple reflected cross-site scripting (XSS) vulnerabilities exist in the administrative web interface. It is possible for a remote attacker to inject arbitrary JavaScript into a WS_FTP administrator’s web session. This would allow the attacker to execute code within the context of the victim’s browser. | 2022-08-02 | not yet calculated | CVE-2022-36967 MISC MISC |
progress — ws-ftp_server |
In Progress WS_FTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery (CSRF) attacks. | 2022-08-02 | not yet calculated | CVE-2022-36968 MISC MISC |
pyrocms — pyrocms | PyroCMS v3.9 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities. | 2022-08-01 | not yet calculated | CVE-2022-35118 MISC MISC |
quest — kace_systems_management_appliance |
In Quest KACE Systems Management Appliance (SMA) through 12.0, predictable token generation occurs when appliance linking is enabled. | 2022-08-02 | not yet calculated | CVE-2022-29808 MISC MISC |
quest — kace_systems_management_appliance |
A SQL injection vulnerability exists within Quest KACE Systems Management Appliance (SMA) through 12.0 that can allow for remote code execution via download_agent_installer.php. | 2022-08-02 | not yet calculated | CVE-2022-29807 MISC MISC |
quest — kace_systems_management_appliance |
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible during authentication. This may allow authentication with invalid credentials. | 2022-08-02 | not yet calculated | CVE-2022-30285 MISC MISC |
rapid7 — velociraptor | A cross-site scripting (XSS) issue in generating a collection report made it possible for malicious clients to inject JavaScript code into the static HTML file. This issue was resolved in Velociraptor 0.6.5-2. | 2022-07-29 | not yet calculated | CVE-2022-35630 CONFIRM |
rapid7 — velociraptor | On MacOS and Linux, it may be possible to perform a symlink attack by replacing this predictable file name with a symlink to another file and have the Velociraptor client overwrite the other file. This issue was resolved in Velociraptor 0.6.5-2. | 2022-07-29 | not yet calculated | CVE-2022-35631 CONFIRM |
rapid7 — velociraptor | The Velociraptor GUI contains an editor suggestion feature that can display the description field of a VQL function, plugin or artifact. This field was not properly sanitized and can lead to cross-site scripting (XSS). This issue was resolved in Velociraptor 0.6.5-2. | 2022-07-29 | not yet calculated | CVE-2022-35632 CONFIRM |
rapid7 — velociraptor | Due to a bug in the handling of the communication between the client and server, it was possible for one client, already registered with their own client ID, to send messages to the server claiming to come from another client ID. This issue was resolved in Velociraptor 0.6.5-2. | 2022-07-29 | not yet calculated | CVE-2022-35629 CONFIRM |
realtek — e-cos_rsdk |
In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data. | 2022-08-01 | not yet calculated | CVE-2022-27255 MISC MISC |
renato — renato |
Renato v0.17.0 was discovered to contain a cross-site scripting (XSS) vulnerability. | 2022-08-04 | not yet calculated | CVE-2022-35144 MISC MISC MISC MISC |
renato — renato |
Renato v0.17.0 employs weak password complexity requirements, allowing attackers to crack user passwords via brute-force attacks. | 2022-08-04 | not yet calculated | CVE-2022-35143 MISC MISC MISC MISC |
renato — renato |
An issue in Renato v0.17.0 allows attackers to cause a Denial of Service (DoS) via a crafted payload injected into the Search parameter. | 2022-08-04 | not yet calculated | CVE-2022-35142 MISC MISC MISC MISC |
rigatur — online_booking_and_hotel_management_system |
A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205657 was assigned to this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-2673 MISC |
rsync — rsync |
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A malicious rsync server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rsync client target directory and subdirectories (for example, overwrite the .ssh/authorized_keys file). | 2022-08-02 | not yet calculated | CVE-2022-29154 MLIST MISC |
s3-kilatstorage — s3-kilatstorage | This affects all versions of package s3-kilatstorage. | 2022-08-02 | not yet calculated | CVE-2020-28424 MISC |
samsung — cameralyzer |
Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege. | 2022-08-05 | not yet calculated | CVE-2022-36832 MISC |
samsung — charm |
PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. | 2022-08-05 | not yet calculated | CVE-2022-36830 MISC |
samsung — charm |
Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. | 2022-08-05 | not yet calculated | CVE-2022-33734 MISC |
samsung — charm |
Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission. | 2022-08-05 | not yet calculated | CVE-2022-36836 MISC |
samsung — charm |
PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. | 2022-08-05 | not yet calculated | CVE-2022-36829 MISC |
samsung — charm |
Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. | 2022-08-05 | not yet calculated | CVE-2022-33733 MISC |
samsung — checkout |
SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. | 2022-08-05 | not yet calculated | CVE-2022-36839 MISC |
samsung — galaxy_wearable |
Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information. | 2022-08-05 | not yet calculated | CVE-2022-36838 MISC |
samsung — game_launcher |
Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction. | 2022-08-05 | not yet calculated | CVE-2022-36834 MISC |
samsung — game_optimizing_service |
Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name. | 2022-08-05 | not yet calculated | CVE-2022-36833 MISC |
samsung — internet_browser |
Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files. | 2022-08-05 | not yet calculated | CVE-2022-36835 MISC |
samsung — internet_browser |
Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. | 2022-08-05 | not yet calculated | CVE-2022-36837 MISC |
samsung — mtower |
The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount. | 2022-08-04 | not yet calculated | CVE-2022-35858 MISC MISC |
samsung — multiple_products | Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. | 2022-08-05 | not yet calculated | CVE-2022-33724 MISC |
samsung — multiple_products |
Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device. | 2022-08-05 | not yet calculated | CVE-2022-33729 MISC |
samsung — multiple_products |
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. | 2022-08-05 | not yet calculated | CVE-2022-33727 MISC |
samsung — multiple_products |
Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. | 2022-08-05 | not yet calculated | CVE-2022-33730 MISC |
samsung — multiple_products |
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. | 2022-08-05 | not yet calculated | CVE-2022-33731 MISC |
samsung — multiple_products |
Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. | 2022-08-05 | not yet calculated | CVE-2022-33732 MISC |
samsung — multiple_products |
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. | 2022-08-05 | not yet calculated | CVE-2022-33726 MISC |
samsung — multiple_products |
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. | 2022-08-05 | not yet calculated | CVE-2022-33720 MISC |
samsung — multiple_products |
A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege. | 2022-08-05 | not yet calculated | CVE-2022-33725 MISC |
samsung — multiple_products |
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. | 2022-08-05 | not yet calculated | CVE-2022-33723 MISC |
samsung — multiple_products |
Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. | 2022-08-05 | not yet calculated | CVE-2022-33719 MISC |
samsung — multiple_products |
Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal. | 2022-08-05 | not yet calculated | CVE-2022-33728 MISC |
samsung — multiple_products |
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. | 2022-08-05 | not yet calculated | CVE-2022-33718 MISC |
samsung — multiple_products |
A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory. | 2022-08-05 | not yet calculated | CVE-2022-33717 MISC |
samsung — multiple_products |
An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. | 2022-08-05 | not yet calculated | CVE-2022-33716 MISC |
samsung — multiple_products |
Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. | 2022-08-05 | not yet calculated | CVE-2022-33722 MISC |
samsung — multiple_products |
A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. | 2022-08-05 | not yet calculated | CVE-2022-33721 MISC |
samsung — multiple_products |
Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. | 2022-08-05 | not yet calculated | CVE-2022-33714 MISC |
samsung — multiple_products |
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. | 2022-08-05 | not yet calculated | CVE-2022-33715 MISC |
samsung — notes |
Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission. | 2022-08-05 | not yet calculated | CVE-2022-36831 MISC |
samsung — update_setup |
DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. | 2022-08-05 | not yet calculated | CVE-2022-36840 MISC |
sanic — sanic |
Sanic is an opensource python web server/framework. Affected versions of sanic allow access to lateral directories when using `app.static` if using encoded `%2F` URLs. Parent directory traversal is not impacted. Users are advised to upgrade. There is no known workaround for this issue. | 2022-08-01 | not yet calculated | CVE-2022-35920 MISC CONFIRM MISC |
sante — dicom_viewer_pro |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.9.2. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16679. | 2022-08-03 | not yet calculated | CVE-2022-28668 MISC |
sante — pacs_server |
This vulnerability allows remote attackers to bypass authentication on affected installations of Sante PACS Server 3.0.4. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of calls to the login endpoint. When parsing the username element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17331. | 2022-08-03 | not yet calculated | CVE-2022-2272 MISC |
scala — fs2 |
fs2 is a compositional, streaming I/O library for Scala. When establishing a server-mode `TLSSocket` using `fs2-io` on Node.js, the parameter `requestCert = true` is ignored, peer certificate verification is skipped, and the connection proceeds. The vulnerability is limited to: 1. `fs2-io` running on Node.js. The JVM TLS implementation is completely independent. 2. `TLSSocket`s in server-mode. Client-mode `TLSSocket`s are implemented via a different API. 3. mTLS as enabled via `requestCert = true` in `TLSParameters`. The default setting is `false` for server-mode `TLSSocket`s. It was introduced with the initial Node.js implementation of fs2-io in 3.1.0. A patch is released in v3.2.11. The requestCert = true parameter is respected and the peer certificate is verified. If verification fails, a SSLException is raised. If using an unpatched version on Node.js, do not use a server-mode TLSSocket with requestCert = true to establish a mTLS connection. | 2022-08-01 | not yet calculated | CVE-2022-31183 CONFIRM MISC MISC |
shescape — shescape |
Shescape is a simple shell escape package for JavaScript. Versions prior to 1.5.8 were found to be subject to code injection on windows. This impacts users that use Shescape (any API function) to escape arguments for cmd.exe on Windows An attacker can omit all arguments following their input by including a line feed character (`’\n’`) in the payload. This bug has been patched in [v1.5.8] which you can upgrade to now. No further changes are required. Alternatively, line feed characters (`’\n’`) can be stripped out manually or the user input can be made the last argument (this only limits the impact). | 2022-08-01 | not yet calculated | CVE-2022-31179 MISC CONFIRM MISC |
shescape — shescape |
Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the `escape` or `escapeAll` functions with the `interpolation` option set to `true`. The result is that if an attacker is able to include whitespace in their input they can: 1. Invoke shell-specific behaviour through shell-specific special characters inserted directly after whitespace. 2. Invoke shell-specific behaviour through shell-specific special characters inserted or appearing after line terminating characters. 3. Invoke arbitrary commands by inserting a line feed character. 4. Invoke arbitrary commands by inserting a carriage return character. Behaviour number 1 has been patched in [v1.5.7] which you can upgrade to now. No further changes are required. Behaviour number 2, 3, and 4 have been patched in [v1.5.8] which you can upgrade to now. No further changes are required. The best workaround is to avoid having to use the `interpolation: true` option – in most cases using an alternative is possible, see [the recipes](https://github.com/ericcornelissen/shescape#recipes) for recommendations. Alternatively, users may strip all whitespace from user input. Note that this is error prone, for example: for PowerShell this requires stripping `’\u0085’` which is not included in JavaScript’s definition of `\s` for Regular Expressions. | 2022-08-01 | not yet calculated | CVE-2022-31180 MISC MISC MISC MISC CONFIRM |
shopware — shopware | Shopware is an open source e-commerce software. In versions from 5.7.0 a persistent cross site scripting (XSS) vulnerability exists in the customer module. Users are recommend to update to the current version 5.7.14. You can get the update to 5.7.14 regularly via the Auto-Updater or directly via the download overview. There are no known workarounds for this issue. | 2022-08-01 | not yet calculated | CVE-2022-31148 CONFIRM MISC MISC |
sigstore — cosign |
cosign is a container signing and verification utility. In versions prior to 1.10.1 cosign can report a false positive if any attestation exists. `cosign verify-attestation` used with the `–type` flag will report a false positive verification when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (–type defaults to “custom”). This can happen when signing with a standard keypair and with “keyless” signing with Fulcio. This vulnerability can be reproduced with the `distroless.dev/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2` image. This image has a `vuln` attestation but not an `spdx` attestation. However, if you run `cosign verify-attestation –type=spdx` on this image, it incorrectly succeeds. This issue has been addressed in version 1.10.1 of cosign. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-08-04 | not yet calculated | CVE-2022-35929 MISC CONFIRM |
sigstore — policycontroller |
PolicyController is a utility used to enforce supply chain policy in Kubernetes clusters. In versions prior to 0.2.1 PolicyController will report a false positive, resulting in an admission when it should not be admitted when there is at least one attestation with a valid signature and there are NO attestations of the type being verified (–type defaults to “custom”). An example image that can be used to test this is `ghcr.io/distroless/static@sha256:dd7614b5a12bc4d617b223c588b4e0c833402b8f4991fb5702ea83afad1986e2`. Users should upgrade to version 0.2.1 to resolve this issue. There are no workarounds for users unable to upgrade. | 2022-08-04 | not yet calculated | CVE-2022-35930 MISC CONFIRM MISC |
simple_e-learning_system — simple_e-learning_system |
A vulnerability classified as critical was found in SourceCodester Simple E-Learning System. Affected by this vulnerability is an unknown functionality of the file classroom.php. The manipulation of the argument post_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205615. | 2022-08-05 | not yet calculated | CVE-2022-2665 MISC |
simple_food_ordereing_system — simple_food_ordereing_system |
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Food Ordering System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password with the input “><ScRiPt>alert(1)</sCrIpT> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205671. | 2022-08-05 | not yet calculated | CVE-2022-2683 MISC MISC |
solana-labs — pay |
Solana Pay is a protocol and set of reference implementations that enable developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be checked to represent a transfer of the desired amount to the recipient, using the supplied `validateTransfer` function. An edge case regarding this mechanism could cause the validation logic to validate multiple transfers. This issue has been patched as of version `0.2.1`. Users of the Solana Pay SDK should upgrade to it. There are no known workarounds for this issue. | 2022-08-01 | not yet calculated | CVE-2022-35917 MISC MISC CONFIRM MISC |
sonicwall — email_security |
Improperly Implemented Security Check vulnerability in the SonicWall Hosted Email Security leads to bypass of Capture ATP security service in the appliance. This vulnerability impacts 10.0.17.7319 and earlier versions | 2022-07-29 | not yet calculated | CVE-2022-2324 CONFIRM |
sonicwall — multiple_products |
Improper Neutralization of Special Elements used in an SQL Command leading to Unauthenticated SQL Injection vulnerability, impacting SonicWall GMS 9.3.1-SP2-Hotfix1, Analytics On-Prem 2.5.0.3-2520 and earlier versions. | 2022-07-29 | not yet calculated | CVE-2022-22280 CONFIRM |
sonicwall — switch |
Improper neutralization of special elements used in a user input allows an authenticated malicious user to perform remote code execution in the host system. This vulnerability impacts SonicWall Switch 1.1.1.0-2s and earlier versions | 2022-07-29 | not yet calculated | CVE-2022-2323 CONFIRM |
sourcegraph — sourcegraph |
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able to read contents of existing code monitors, only override the data. The issue is fixed in Sourcegraph 3.42. There are no workaround for the issue and patching is highly recommended. | 2022-08-01 | not yet calculated | CVE-2022-31154 CONFIRM MISC |
sourcegraph — sourcegraph |
Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended. | 2022-08-01 | not yet calculated | CVE-2022-31155 MISC CONFIRM |
sqlite — sqlite |
SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API. | 2022-08-03 | not yet calculated | CVE-2022-35737 MISC MISC |
streamlit — streamlit |
Streamlit is a data oriented application development framework for python. Users hosting Streamlit app(s) that use custom components are vulnerable to a directory traversal attack that could leak data from their web server file-system such as: server logs, world readable files, and potentially other sensitive information. An attacker can craft a malicious URL with file paths and the streamlit server would process that URL and return the contents of that file or overwrite existing files on the web-server. This issue has been resolved in version 1.11.1. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-08-01 | not yet calculated | CVE-2022-35918 CONFIRM MISC |
supersmart.me — supersmart.me |
Supersmart.me – Walk Through Performing unauthorized actions on other customers. Supersmart.me has a product designed to conduct smart shopping in stores. The customer receives a coder (or using an Android application) to scan at the beginning of the purchase the QR CODE on the cart, and then all the products he wants to purchase. At the end of the purchase the customer can pay independently. During the research it was discovered that it is possible to reset another customer’s cart without verification. Because the number of purchases is serial. | 2022-08-05 | not yet calculated | CVE-2022-34768 MISC |
synology — calendar |
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology Calendar before 2.3.4-0631 allows remote authenticated users to download arbitrary files via unspecified vectors. | 2022-08-03 | not yet calculated | CVE-2022-27617 CONFIRM |
synology — diskstation_manager |
Improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in webapi component in Synology DiskStation Manager (DSM) before 7.0.1-42218-3 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 2022-08-03 | not yet calculated | CVE-2022-27616 CONFIRM |
synology — note_station_client |
Cleartext transmission of sensitive information vulnerability in authentication management in Synology Note Station Client before 2.2.2-609 allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors. | 2022-08-03 | not yet calculated | CVE-2022-27619 CONFIRM |
synology — sso_server |
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology SSO Server before 2.2.3-0331 allows remote authenticated users to read arbitrary files via unspecified vectors. | 2022-08-03 | not yet calculated | CVE-2022-27620 CONFIRM |
synology — storage_analyzer |
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology Storage Analyzer before 2.1.0-0390 allows remote authenticated users to delete arbitrary files via unspecified vectors. | 2022-08-03 | not yet calculated | CVE-2022-27618 CONFIRM |
synology — usb_copy |
Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in webapi component in Synology USB Copy before 2.2.0-1086 allows remote authenticated users to read or write arbitrary files via unspecified vectors. | 2022-08-03 | not yet calculated | CVE-2022-27621 CONFIRM |
tcl — linkhub_mesh_wifi |
An os command injection vulnerability exists in the confsrv ucloud_add_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-22140 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the miniupnpd binary. | 2022-08-05 | not yet calculated | CVE-2022-24017 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the multiWAN binary. | 2022-08-05 | not yet calculated | CVE-2022-24018 MISC |
tcl — linkhub_mesh_wifi |
A hard-coded password vulnerability exists in the libcommonprod.so prod_change_root_passwd functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. During system startup this functionality is always called, leading to a known root password. An attacker does not have to do anything to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-22144 MISC |
tcl — linkhub_mesh_wifi |
A stack-based buffer overflow vulnerability exists in the confsrv confctl_set_app_language functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-23103 MISC |
tcl — linkhub_mesh_wifi |
A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-27660 MISC |
tcl — linkhub_mesh_wifi |
An information disclosure vulnerability exists in the confctl_get_guest_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-27633 MISC |
tcl — linkhub_mesh_wifi |
An information disclosure vulnerability exists in the confctl_get_master_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to information disclosure. An attacker can send packets to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-27630 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the ap_steer binary. | 2022-08-05 | not yet calculated | CVE-2022-24005 MISC |
tcl — linkhub_mesh_wifi |
A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the ethAddr field within the protobuf message to cause a buffer overflow. | 2022-08-05 | not yet calculated | CVE-2022-23918 MISC |
tcl — linkhub_mesh_wifi |
A stack-based buffer overflow vulnerability exists in the confsrv set_mf_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability leverages the name field within the protobuf message to cause a buffer overflow. | 2022-08-05 | not yet calculated | CVE-2022-23919 MISC |
tcl — linkhub_mesh_wifi |
A stack-based buffer overflow vulnerability exists in the confsrv set_port_fwd_rule functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-23399 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the arpbrocast binary. | 2022-08-05 | not yet calculated | CVE-2022-24006 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cfm binary. | 2022-08-05 | not yet calculated | CVE-2022-24007 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the confcli binary. | 2022-08-05 | not yet calculated | CVE-2022-24008 MISC |
tcl — linkhub_mesh_wifi |
An os command injection vulnerability exists in the confsrv ucloud_add_new_node functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a malicious packet to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-21178 MISC |
tcl — linkhub_mesh_wifi |
A denial of service vulnerability exists in the confctl_set_wan_cfg functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-27178 MISC |
tcl — linkhub_mesh_wifi |
A denial of service vulnerability exists in the confctl_set_master_wlan functionality of TCL LinkHub Mesh Wifi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-27185 MISC |
tcl — linkhub_mesh_wifi |
A stack-based buffer overflow vulnerability exists in the confers ucloud_add_node_new functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-21201 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the confsrv binary. | 2022-08-05 | not yet calculated | CVE-2022-24009 MISC |
tcl — linkhub_mesh_wifi |
A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-26346 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the netctrl binary. | 2022-08-05 | not yet calculated | CVE-2022-24019 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pannn binary. | 2022-08-05 | not yet calculated | CVE-2022-24022 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the libcommonprod.so binary. | 2022-08-05 | not yet calculated | CVE-2022-24028 MISC |
tcl — linkhub_mesh_wifi |
A stack-based buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to stack-based buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-26009 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the fota binary. | 2022-08-05 | not yet calculated | CVE-2022-24012 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the gpio_ctrl binary. | 2022-08-05 | not yet calculated | CVE-2022-24013 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the logserver binary. | 2022-08-05 | not yet calculated | CVE-2022-24014 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the log_upload binary. | 2022-08-05 | not yet calculated | CVE-2022-24015 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rp-pppoe.so binary. | 2022-08-05 | not yet calculated | CVE-2022-24029 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the mesh_status_check binary. | 2022-08-05 | not yet calculated | CVE-2022-24016 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the libcommon.so binary. | 2022-08-05 | not yet calculated | CVE-2022-24027 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the pppd binary. | 2022-08-05 | not yet calculated | CVE-2022-24023 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the network_check binary. | 2022-08-05 | not yet calculated | CVE-2022-24020 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the online_process binary. | 2022-08-05 | not yet calculated | CVE-2022-24021 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the cwmpd binary. | 2022-08-05 | not yet calculated | CVE-2022-24010 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the telnet_ate_monitor binary. | 2022-08-05 | not yet calculated | CVE-2022-24026 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the sntp binary. | 2022-08-05 | not yet calculated | CVE-2022-24025 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the rtk_ate binary. | 2022-08-05 | not yet calculated | CVE-2022-24024 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the GetValue functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to trigger this vulnerability.This vulnerability represents all occurances of the buffer overflow vulnerability within the device_list binary. | 2022-08-05 | not yet calculated | CVE-2022-24011 MISC |
tcl — linkhub_mesh_wifi |
A buffer overflow vulnerability exists in the confsrv ucloud_set_node_location functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-26342 MISC |
tcl — linkhub_mesh_wifi |
A stack-based buffer overflow vulnerability exists in the confsrv addTimeGroup functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability. | 2022-08-05 | not yet calculated | CVE-2022-25996 MISC |
teamplus_technology — teamplus_pro |
Teamplus Pro community discussion function has an ‘allocation of resource without limits or throttling’ vulnerability. A remote attacker with general user privilege posting a thread with large content can cause the receiving client device to allocate too much memory, leading to abnormal termination of this client’s Teamplus Pro application. | 2022-08-02 | not yet calculated | CVE-2022-35220 MISC |
teamplus_technology — teamplus_pro |
Teamplus Pro community discussion has an ‘allocation of resource without limits or throttling’ vulnerability on thread subject field. A remote attacker with general user privilege posting a thread subject with large content can cause the server to allocate too much memory, leading to missing partial post content and disrupt partial service. | 2022-08-02 | not yet calculated | CVE-2022-35221 MISC |
tem — flex-1085 | A vulnerability classified as critical has been found in TEM FLEX-1085 1.6.0. Affected is an unknown function of the file /sistema/flash/reboot. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2022-08-01 | not yet calculated | CVE-2022-2591 MISC |
tencent — tscancode |
A vulnerability in the lua parser of TscanCode tsclua v2.15.01 allows attackers to cause a Denial of Service (DoS) via a crafted lua script. | 2022-08-03 | not yet calculated | CVE-2022-35158 MISC |
thoughtbot — administrate | Cross-site request forgery (CSRF) vulnerability in administrate 0.1.4 and earlier allows remote attackers to hijack the user’s OAuth autorization code. | 2022-08-05 | not yet calculated | CVE-2016-3098 MISC |
tibco — iway_service_manager |
The iWay Service Manager Console component of TIBCO Software Inc.’s TIBCO iWay Service Manager contains an easily exploitable Directory Traversal vulnerability that allows a low privileged attacker with network access to read arbitrary resources on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO iWay Service Manager: versions 8.0.6 and below. | 2022-08-02 | not yet calculated | CVE-2022-30572 CONFIRM CONFIRM |
tibco — iway_service_manager |
The iWay Service Manager Console component of TIBCO Software Inc.’s TIBCO iWay Service Manager contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim’s local system. Affected releases are TIBCO Software Inc.’s TIBCO iWay Service Manager: versions 8.0.6 and below. | 2022-08-02 | not yet calculated | CVE-2022-30571 CONFIRM CONFIRM |
tooljet — tooljet | Improper Access Control in GitHub repository tooljet/tooljet prior to v1.19.0. | 2022-08-02 | not yet calculated | CVE-2022-2631 MISC CONFIRM |
totolink — totlink_a3600r_firmware |
Totolink A3600R_Firmware V4.1.2cu.5182_B20201102 contains a hard code password for root in /etc/shadow.sample. | 2022-08-04 | not yet calculated | CVE-2022-34993 MISC MISC |
trend_micro — apex_one_and_worry-free_business_security |
A link following vulnerability in the scanning function of Trend Micro Apex One and Worry-Free Business Security agents could allow a local attacker to escalate privileges on affected installations. The resolution for this issue has been deployed automatically via ActiveUpdate to customers in an updated Spyware pattern. Customers who are up-to-date on detection patterns are not required to take any additional steps to mitigate this issue. | 2022-07-30 | not yet calculated | CVE-2022-36336 MISC MISC |
trend_micro — security | Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. | 2022-07-30 | not yet calculated | CVE-2022-35234 MISC MISC |
trend_mirco — vpn_proxy_one_pro |
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system. | 2022-07-30 | not yet calculated | CVE-2022-33158 MISC MISC |
triplecross — triplecross |
TripleCross v0.1.0 was discovered to contain a stack overflow which occurs because there is no limit to the length of program parameters. | 2022-08-03 | not yet calculated | CVE-2022-35506 MISC |
triplecross — triplecross |
A segmentation fault in TripleCross v0.1.0 occurs when sending a control command from the client to the server. This occurs because there is no limit to the length of the output of the executed command. | 2022-08-03 | not yet calculated | CVE-2022-35505 MISC |
umlaeute — v4l2loopback |
Depending on the way the format strings in the card label are crafted it’s possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request (reproduce e.g. with many %s modifiers in a row). | 2022-08-04 | not yet calculated | CVE-2022-2652 CONFIRM MISC |
undertow — undertow |
When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow’s AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker (application server) as an error state and not forward requests to the worker for a while. In mod_cluster, this continues until the next STATUS request (10 seconds intervals) from the application server updates the server state. So, in the worst case, it can result in “All workers are in error state” and mod_cluster responds “503 Service Unavailable” for a while (up to 10 seconds). In mod_proxy_balancer, it does not forward requests to the worker until the “retry” timeout passes. However, luckily, mod_proxy_balancer has “forcerecovery” setting (On by default; this parameter can force the immediate recovery of all workers without considering the retry parameter of the workers if all workers of a balancer are in error state.). So, unlike mod_cluster, mod_proxy_balancer does not result in responding “503 Service Unavailable”. An attacker could use this behavior to send a malicious request and trigger server errors, resulting in DoS (denial of service). This flaw was fixed in Undertow 2.2.19.Final, Undertow 2.3.0.Alpha2. | 2022-08-05 | not yet calculated | CVE-2022-2053 MISC MISC |
unitree — go_1_robotics_platform |
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0.1.9 (using firmware version 0.1.35) can be powered down by an attacker within normal RF range without authentication. Other versions may be affected, such as the A1. | 2022-08-05 | not yet calculated | CVE-2022-2675 MISC MISC MISC |
uniwill — sparkio.sys_driver |
The Uniwill SparkIO.sys driver 1.0 is vulnerable to a stack-based buffer overflow via IOCTL 0x40002008. | 2022-08-05 | not yet calculated | CVE-2022-37415 MISC |
vim — vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0101. | 2022-08-01 | not yet calculated | CVE-2022-2571 MISC CONFIRM |
vim — vim | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0102. | 2022-08-01 | not yet calculated | CVE-2022-2580 CONFIRM MISC |
vim — vim | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0104. | 2022-08-01 | not yet calculated | CVE-2022-2581 CONFIRM MISC |
vim — vim | Undefined Behavior for Input to API in GitHub repository vim/vim prior to 9.0.0100. | 2022-08-01 | not yet calculated | CVE-2022-2598 MISC CONFIRM |
vinchin — backup_and_recovery |
This vulnerability allows remote attackers to bypass authentication on affected installations of Vinchin Backup and Recovery 6.5.0.17561. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the MySQL server. The server uses a hard-coded password for the administrator user. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-17139. | 2022-08-03 | not yet calculated | CVE-2022-35866 MISC |
vmware — multiple_products |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. | 2022-08-05 | not yet calculated | CVE-2022-31656 MISC |
vmware — multiple_products |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contains a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’. | 2022-08-05 | not yet calculated | CVE-2022-31660 MISC |
vmware — multiple_products |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to ‘root’. | 2022-08-05 | not yet calculated | CVE-2022-31664 MISC |
vmware — multiple_products |
VMware Workspace ONE Access, Identity Manager, Connectors and vRealize Automation contain a path traversal vulnerability. A malicious actor with network access may be able to access arbitrary files. | 2022-08-05 | not yet calculated | CVE-2022-31662 MISC |
vmware — multiple_products |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user’s window. | 2022-08-05 | not yet calculated | CVE-2022-31663 MISC |
vmware — multiple_products |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain two privilege escalation vulnerabilities. A malicious actor with local access can escalate privileges to ‘root’. | 2022-08-05 | not yet calculated | CVE-2022-31661 MISC |
vmware — multiple_products |
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | 2022-08-05 | not yet calculated | CVE-2022-31659 MISC |
vmware — multiple_products |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | 2022-08-05 | not yet calculated | CVE-2022-31658 MISC |
vmware — multiple_products |
VMware Workspace ONE Access and Identity Manager contain a URL injection vulnerability. A malicious actor with network access may be able to redirect an authenticated user to an arbitrary domain. | 2022-08-05 | not yet calculated | CVE-2022-31657 MISC |
vmware — multiple_products |
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a remote code execution vulnerability. A malicious actor with administrator and network access can trigger a remote code execution. | 2022-08-05 | not yet calculated | CVE-2022-31665 MISC |
web_based_quiz_system — web_based_quiz_system | Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the qid parameter at update.php. | 2022-08-02 | not yet calculated | CVE-2022-35422 MISC |
websockets-rs — rust-websocket |
Rust-WebSocket is a WebSocket (RFC6455) library written in Rust. In versions prior to 0.26.5 untrusted websocket connections can cause an out-of-memory (OOM) process abort in a client or a server. The root cause of the issue is during dataframe parsing. Affected versions would allocate a buffer based on the declared dataframe size, which may come from an untrusted source. When `Vec::with_capacity` fails to allocate, the default Rust allocator will abort the current process, killing all threads. This affects only sync (non-Tokio) implementation. Async version also does not limit memory, but does not use `with_capacity`, so DoS can happen only when bytes for oversized dataframe or message actually got delivered by the attacker. The crashes are fixed in version 0.26.5 by imposing default dataframe size limits. Affected users are advised to update to this version. Users unable to upgrade are advised to filter websocket traffic externally or to only accept trusted traffic. | 2022-08-01 | not yet calculated | CVE-2022-35922 MISC CONFIRM |
wedding_hall_booking_system — wedding_hall_booking_system |
A vulnerability, which was classified as problematic, has been found in SourceCodester Wedding Hall Booking System. Affected by this issue is some unknown functionality of the file /whbs/?page=manage_account of the component Profile Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-205814 is the identifier assigned to this vulnerability. | 2022-08-06 | not yet calculated | CVE-2022-2691 MISC MISC |
wedding_hall_booking_system — wedding_hall_booking_system |
A vulnerability classified as problematic has been found in SourceCodester Wedding Hall Booking System. Affected is an unknown function of the file /whbs/?page=contact_us of the component Contact Page. The manipulation of the argument Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-205812. | 2022-08-06 | not yet calculated | CVE-2022-2689 MISC MISC |
wedding_hall_booking_system — wedding_hall_booking_system |
A vulnerability classified as problematic was found in SourceCodester Wedding Hall Booking System. Affected by this vulnerability is an unknown functionality of the file /whbs/?page=my_bookings of the component Booking Form. The manipulation of the argument Remarks leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-205813 was assigned to this vulnerability. | 2022-08-06 | not yet calculated | CVE-2022-2690 MISC MISC |
wedding_hall_booking_system — wedding_hall_booking_system |
A vulnerability, which was classified as problematic, was found in SourceCodester Wedding Hall Booking System. This affects an unknown part of the file /whbs/admin/?page=user of the component Staff User Profile. The manipulation of the argument First Name/Last Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-205815. | 2022-08-06 | not yet calculated | CVE-2022-2692 MISC MISC |
western_digital — sweet_b | When computing a shared secret or point multiplication on the NIST P-256 curve using a public key with an X coordinate of zero, an error is returned from the library, and an invalid unreduced value is written to the output buffer. This may be leveraged by an attacker to cause an error scenario, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. | 2022-07-29 | not yet calculated | CVE-2022-23004 MISC |
western_digital — sweet_b | When computing a shared secret or point multiplication on the NIST P-256 curve that results in an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output may cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario or incorrect choice of session key in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. | 2022-07-29 | not yet calculated | CVE-2022-23003 MISC |
western_digital — sweet_b | When compressing or decompressing a point on the NIST P-256 elliptic curve with an X coordinate of zero, the resulting output is not properly reduced modulo the P-256 field prime and is invalid. The resulting output will cause an error when used in other operations. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. | 2022-07-29 | not yet calculated | CVE-2022-23002 MISC |
western_digital — sweet_b | When compressing or decompressing elliptic curve points using the Sweet B library, an incorrect choice of sign bit is used. An attacker with user level privileges and no other user’s assistance can exploit this vulnerability with only knowledge of the public key and the library. The resulting output may cause an error when used in other operations; for instance, verification of a valid signature under a decompressed public key may fail. This may be leveraged by an attacker to cause an error scenario in applications which use the library, resulting in a limited denial of service for an individual user. The scope of impact cannot extend to other components. | 2022-07-29 | not yet calculated | CVE-2022-23001 MISC |
wordpress — wordpress | The Copyright Proof WordPress plugin through 4.16 does not sanitise and escape a parameter before outputting it back via an AJAX action available to both unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting when a specific setting is enabled. | 2022-08-01 | not yet calculated | CVE-2022-1906 MISC |
wordpress — wordpress | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. | 2022-08-01 | not yet calculated | CVE-2022-36343 CONFIRM CONFIRM |
wordpress — wordpress | The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue which will be triggered in the frontend as well. | 2022-08-01 | not yet calculated | CVE-2022-2171 MISC |
wordpress — wordpress | The Microsoft Advertising Universal Event Tracking (UET) WordPress plugin before 1.0.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. Due to the nature of this plugin, well crafted XSS can also leak into the frontpage. | 2022-08-01 | not yet calculated | CVE-2022-2170 MISC |
wordpress — wordpress | The Youzify WordPress plugin before 1.2.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection | 2022-08-01 | not yet calculated | CVE-2022-1950 MISC |
wordpress — wordpress | The Advanced WordPress Reset WordPress plugin before 1.6 does not escape some generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting | 2022-08-01 | not yet calculated | CVE-2022-2181 MISC |
wordpress — wordpress | The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass IP-based limitations to vote in certain situations. | 2022-08-01 | not yet calculated | CVE-2022-1600 MISC |
wordpress — wordpress | The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive require_once call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server. | 2022-08-01 | not yet calculated | CVE-2022-2184 MISC |
wordpress — wordpress | The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup generation and download functionalities, which may allow any visitors on the site to download the entire site, including sensitive files like wp-config.php. | 2022-08-01 | not yet calculated | CVE-2022-1585 MISC |
wordpress — wordpress | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Floating Div plugin <= 3.0 at WordPress. | 2022-07-29 | not yet calculated | CVE-2022-36378 CONFIRM CONFIRM |
wordpress — wordpress |
Cross-Site Request Forgery (CSRF) vulnerability in MailerLite – Signup forms (official) plugin <= 1.5.7 at WordPress allows an attacker to change the API key. | 2022-08-05 | not yet calculated | CVE-2022-33201 CONFIRM CONFIRM |
wordpress — wordpress | The GiveWP WordPress plugin before 2.21.3 does not properly sanitise and escape the currency settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-08-01 | not yet calculated | CVE-2022-2215 MISC |
wordpress — wordpress | The Simple Membership WordPress plugin before 4.1.3 does not properly validate the membership_level parameter when editing a profile, allowing members to escalate to a higher membership level by using a crafted POST request. | 2022-08-01 | not yet calculated | CVE-2022-2273 MISC |
wordpress — wordpress | The Login with phone number WordPress plugin through 1.3.7 do not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-08-01 | not yet calculated | CVE-2022-0598 MISC |
wordpress — wordpress | The Invitation Based Registrations WordPress plugin through 2.2.84 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-08-01 | not yet calculated | CVE-2022-2325 MISC |
wordpress — wordpress | The Featured Image from URL (FIFU) WordPress plugin before 4.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of validation, sanitisation and escaping in some of them, it could also lead to Stored XSS issues | 2022-08-01 | not yet calculated | CVE-2022-2241 MISC |
wordpress — wordpress | The Featured Image from URL (FIFU) WordPress plugin before 4.0.1 does not validate, sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-08-01 | not yet calculated | CVE-2022-2278 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Starfish plugin <= 1.9.14 at WordPress allows an attacker to delete reviews. | 2022-08-05 | not yet calculated | CVE-2021-36861 CONFIRM CONFIRM |
wordpress — wordpress | Authenticated (author or higher user role) Arbitrary File Upload vulnerability in ideasToCode Enable SVG, WebP & ICO Upload plugin <= 1.0.1 at WordPress. | 2022-08-01 | not yet calculated | CVE-2022-34154 CONFIRM CONFIRM |
wordpress — wordpress | The WordPress Popup WordPress plugin through 1.9.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-08-01 | not yet calculated | CVE-2022-2305 MISC |
wordpress — wordpress | The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter. | 2022-08-01 | not yet calculated | CVE-2022-2317 MISC |
wordpress — wordpress | The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks | 2022-08-01 | not yet calculated | CVE-2022-2245 MISC |
wordpress — wordpress | The Flexi Quote Rotator WordPress plugin through 0.9.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-08-01 | not yet calculated | CVE-2022-2328 MISC |
wordpress — wordpress | The GiveWP WordPress plugin before 2.21.3 does not have CSRF in place when exporting data, and does not validate the exporting parameters such as dates, which could allow attackers to make a logged in admin DoS the web server via a CSRF attack as the plugin will try to retrieve data from the database many times which leads to overwhelm the target’s CPU. | 2022-08-01 | not yet calculated | CVE-2022-2260 MISC |
wordpress — wordpress | The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action, allowing any logged in users, such as subscriber to view the Logs of the plugin | 2022-08-01 | not yet calculated | CVE-2022-2369 MISC |
wordpress — wordpress | The YaySMTP WordPress plugin before 2.2.1 does not have capability check before displaying the Mailer Credentials in JS code for the settings, allowing any authenticated users, such as subscriber to retrieve them | 2022-08-01 | not yet calculated | CVE-2022-2370 MISC |
wordpress — wordpress | The Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2022-08-01 | not yet calculated | CVE-2022-1324 MISC |
wordpress — wordpress |
Multiple Improper Access Control vulnerabilities in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress. | 2022-08-05 | not yet calculated | CVE-2022-25649 CONFIRM CONFIRM |
wordpress — wordpress |
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0 at WordPress allows an attacker to change the PayPal email. WooCommerce PayPal Payments plugin (free) should be at least installed to get the extra input field on the user profile page. | 2022-08-05 | not yet calculated | CVE-2022-36284 CONFIRM CONFIRM |
wordpress — wordpress |
The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the “Insert from URL” feature. NOTE: the XSS payload does not execute in the context of the WordPress instance’s domain; however, analogous attempts by low-privileged users to reference SVG documents are blocked by some similar products, and this behavioral difference might have security relevance to some WordPress site administrators. | 2022-07-30 | not yet calculated | CVE-2022-33994 MISC |
wordpress — wordpress |
Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin <= 0.2.27 at WordPress allows unauthenticated post update/create/delete. | 2022-08-05 | not yet calculated | CVE-2022-36296 CONFIRM CONFIRM |
xhyve — xhyve |
This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-15056. | 2022-08-03 | not yet calculated | CVE-2022-35867 MISC |
yuba — u5cms |
Yuba u5cms v8.3.5 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component savepage.php. This vulnerability allows attackers to execute arbitrary code. | 2022-08-03 | not yet calculated | CVE-2022-34937 MISC |
zlib — zlib |
zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | 2022-08-05 | not yet calculated | CVE-2022-37434 MISC MISC MISC MISC MLIST |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.