US-CERT Bulletin (SB22-241):Vulnerability Summary for the Week of August 22, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
72crm — wukong_crm | 72crm 9.0 has an Arbitrary file upload vulnerability. | 2022-08-24 | not yet calculated | CVE-2022-37181 MISC |
72crm — wukong_crm | An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar. | 2022-08-24 | not yet calculated | CVE-2022-37178 MISC |
abb — abb_zenon |
Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc. | 2022-08-24 | not yet calculated | CVE-2022-34836 MISC |
abb — abb_zenon |
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. | 2022-08-24 | not yet calculated | CVE-2022-34837 MISC |
abb — abb_zenon |
Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user. | 2022-08-24 | not yet calculated | CVE-2022-34838 MISC |
adobe — commerce | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user’s account detials. Exploitation of this issue does not require user interaction. | 2022-08-19 | not yet calculated | CVE-2022-35692 MISC |
anjuta-bookmarks.c — anjuta-bookmarks.c |
There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call ‘g_free()’ to release the return value of ‘xmlGetProp()’. | 2022-08-25 | not yet calculated | CVE-2021-42522 MISC |
apache — activemq_artemis | In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. | 2022-08-23 | not yet calculated | CVE-2022-35278 MISC |
apache — flume | Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | 2022-08-21 | not yet calculated | CVE-2022-34916 MISC MISC |
apache — hadoop |
ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used. | 2022-08-25 | not yet calculated | CVE-2021-25642 MISC |
apache — libapreq2 | A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. | 2022-08-25 | not yet calculated | CVE-2022-22728 MISC MLIST MLIST MLIST |
apple — macos | An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. | 2022-08-24 | not yet calculated | CVE-2022-32834 MISC MISC MISC |
apple — macos | A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges. | 2022-08-24 | not yet calculated | CVE-2022-32811 MISC MISC MISC |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. | 2022-08-24 | not yet calculated | CVE-2022-32810 MISC MISC MISC |
apple — macos | Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory. | 2022-08-24 | not yet calculated | CVE-2022-32793 MISC MISC MISC MISC FEDORA |
apple — macos | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges. | 2022-08-24 | not yet calculated | CVE-2022-32812 MISC MISC MISC |
apple — multiple_products | This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s activity. | 2022-08-24 | not yet calculated | CVE-2022-32857 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execute arbitrary code with kernel privileges. | 2022-08-24 | not yet calculated | CVE-2022-32813 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory. | 2022-08-24 | not yet calculated | CVE-2022-32837 MISC MISC MISC |
apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files. | 2022-08-24 | not yet calculated | CVE-2022-32838 MISC MISC MISC MISC |
apple — multiple_products | The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A remote user may cause an unexpected app termination or arbitrary code execution. | 2022-08-24 | not yet calculated | CVE-2022-32839 MISC MISC MISC MISC MISC MISC |
apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges. | 2022-08-24 | not yet calculated | CVE-2022-32840 MISC MISC MISC |
apple — multiple_products | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. | 2022-08-24 | not yet calculated | CVE-2022-32894 MISC MISC |
apple — multiple_products | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 2022-08-24 | not yet calculated | CVE-2022-32893 MISC MISC MISC MLIST MLIST FEDORA DEBIAN DEBIAN |
arc_informatique — pcvue |
The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users | 2022-08-24 | not yet calculated | CVE-2022-2569 MISC |
archer — archer_platform |
Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. | 2022-08-25 | not yet calculated | CVE-2022-37318 MISC MISC |
archer — archer_platform |
Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases. | 2022-08-25 | not yet calculated | CVE-2022-37317 MISC MISC |
archer — archer_platform |
Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 (6.10.0.3.1) is also a fixed release. | 2022-08-25 | not yet calculated | CVE-2022-37316 MISC MISC |
articatech — artica_proxy | An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php. | 2022-08-24 | not yet calculated | CVE-2022-37153 MISC |
artifex — ghostscript | A heap-based buffer over write vulnerability was found in GhostScript’s lp8000_print_page() function in gdevlp8k.c file. An attacker could trick a user to open a crafted PDF file, triggering the heap buffer overflow that could lead to memory corruption or a denial of service. | 2022-08-19 | not yet calculated | CVE-2020-27792 MISC MISC |
asneg — opc_ua_stack | All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks – per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | 2022-08-23 | not yet calculated | CVE-2022-24381 CONFIRM |
atlassian — bitbucket_server_and_data_center |
Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew. | 2022-08-25 | not yet calculated | CVE-2022-36804 MISC |
atlassian — jira |
ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. | 2022-08-26 | not yet calculated | CVE-2022-36537 MISC |
baijiacms — baijiacms | Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-35150 MISC MISC |
bdg — mobiledoc_kit | Cross-site Scripting (XSS) – Reflected in GitHub repository bustle/mobiledoc-kit prior to 0.14.2. | 2022-08-22 | not yet calculated | CVE-2022-2932 MISC CONFIRM |
blue_prism — enterprise |
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for a domain authenticated user to send a crafted message to the Blue Prism Server and accomplish a remote code execution attack that is possible because of insecure deserialization. Exploitation of this vulnerability allows for code to be executed in the context of the Blue Prism Server service. | 2022-08-25 | not yet calculated | CVE-2022-36119 MISC MISC MISC |
blue_prism — enterprise | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative function. Using a low/no privilege Blue Prism user account, the attacker can alter the server’s settings by abusing the getChartData method, allowing the Blue Prism server to execute any MSSQL stored procedure by name. | 2022-08-26 | not yet calculated | CVE-2022-36120 MISC MISC MISC |
blue_prism — enterprise | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file. | 2022-08-26 | not yet calculated | CVE-2022-36121 MISC MISC MISC |
blue_prism — enterprise |
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the SetProcessAttributes administrative function. Abusing this function will allow any Blue Prism user to publish, unpublish, or retire processes. Using this function, any logged-in user can change the status of a process, an action allowed only intended for users with the Edit Process permission. | 2022-08-25 | not yet calculated | CVE-2022-36118 MISC MISC MISC |
blue_prism — enterprise |
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If credential access is configured to be accessible by a machine or the runtime resource security group, using further reverse engineering, an attacker can spoof a known machine and request known encrypted credentials to decrypt later. | 2022-08-25 | not yet calculated | CVE-2022-36117 MISC MISC MISC |
blue_prism — enterprise |
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An attacker can abuse the CreateProcessAutosave() method to inject their own functionality into a development process. If (upon a warning) a user decides to recover unsaved work by using the last saved version, the malicious code could enter the workflow. Should the process action stages not be fully reviewed before publishing, this could result in the malicious code being run in a production environment. | 2022-08-25 | not yet calculated | CVE-2022-36115 MISC MISC MISC |
blue_prism — enterprise |
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the setValidationInfo administrative function. Removing the validation applied to newly designed processes increases the chance of successfully hiding malicious code that could be executed in a production environment. | 2022-08-25 | not yet calculated | CVE-2022-36116 MISC MISC MISC |
bluecms — bluecms | BlueCMS 1.6 has SQL injection in line 55 of admin/model.php | 2022-08-23 | not yet calculated | CVE-2022-37112 MISC |
bluecms — bluecms | BlueCMS 1.6 has SQL injection in line 132 of admin/article.php | 2022-08-23 | not yet calculated | CVE-2022-37111 MISC |
bluecm — bluecms | Bluecms 1.6 has SQL injection in line 132 of admin/area.php | 2022-08-23 | not yet calculated | CVE-2022-37113 MISC |
bpcbt — smartvista | Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side. | 2022-08-19 | not yet calculated | CVE-2022-35554 MISC MISC MISC |
bus_pass_management — bus_pass_management | Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php | 2022-08-22 | not yet calculated | CVE-2022-36198 MISC MISC |
chatwoot — chatwoot | Cross-site Scripting (XSS) – DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0. | 2022-08-19 | not yet calculated | CVE-2022-0542 CONFIRM MISC |
cisco — fxos |
A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | 2022-08-25 | not yet calculated | CVE-2022-20824 CISCO |
cisco — fxos |
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. | 2022-08-25 | not yet calculated | CVE-2022-20865 CISCO |
cisco — nx-os |
A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending a malicious OSPFv3 link-state advertisement (LSA) to an affected device. A successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The OSPFv3 feature is disabled by default. To exploit this vulnerability, an attacker must be able to establish a full OSPFv3 neighbor state with an affected device. For more information about exploitation conditions, see the Details section of this advisory. | 2022-08-25 | not yet calculated | CVE-2022-20823 CISCO |
cisco– aci_multi-site_orchestrator |
A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device. | 2022-08-25 | not yet calculated | CVE-2022-20921 CISCO |
claroline — claroline | Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the ‘Location’ field of a calendar event. | 2022-08-25 | not yet calculated | CVE-2022-37162 MISC |
claroline — claroline | Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload. | 2022-08-25 | not yet calculated | CVE-2022-37161 MISC |
claroline — claroline | Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user. | 2022-08-25 | not yet calculated | CVE-2022-37160 MISC |
claroline — claroline | Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. | 2022-08-25 | not yet calculated | CVE-2022-37159 MISC |
clinic’s_patient_management — clinic’s_patient_management | Clinic’s Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php. | 2022-08-22 | not yet calculated | CVE-2022-36251 MISC |
clusterlabs — clusterlabs_hawk |
An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive “shell” that isn’t limited to the commands specified in hawk_invoke, allowing escalation to root. | 2022-08-26 | not yet calculated | CVE-2021-3020 MISC MISC MISC |
codesys — visualization | All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. | 2022-08-23 | not yet calculated | CVE-2022-1989 CONFIRM |
colord — colord |
There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the ‘err_msg’ of ‘sqlite3_exec’ is not releasing after use, while libxml2 emphasizes that the caller needs to release it. | 2022-08-25 | not yet calculated | CVE-2021-42523 MISC |
crowcpp — crow | HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive data from stack memory when fulfilling a request for a static file smaller than 16 KB. | 2022-08-22 | not yet calculated | CVE-2022-38668 MISC |
crowcpp — crow | HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. | 2022-08-22 | not yet calculated | CVE-2022-38667 MISC |
crowdstrike — falcon | A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610. It has been classified as problematic. Affected is the Uninstallation Handler which makes it possible to circumvent and disable the security feature. The manipulation leads to missing authorization. The identifier of this vulnerability is VDB-206880. | 2022-08-22 | not yet calculated | CVE-2022-2841 N/A N/A N/A N/A |
cryptopro — cryptopro_secure_disk |
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 2022-08-26 | not yet calculated | CVE-2022-34301 MISC MISC |
cskefu — cskefu |
Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts. | 2022-08-26 | not yet calculated | CVE-2022-36521 MISC |
d-link — dir-615 | The WAN configuration page “wan.htm” on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. | 2022-08-23 | not yet calculated | CVE-2021-42627 MISC MISC MISC MISC |
d-link — dsl-3782 | D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request. | 2022-08-23 | not yet calculated | CVE-2022-35191 MISC MISC MISC MISC |
d-link — modem_router |
D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp. | 2022-08-26 | not yet calculated | CVE-2022-35192 MISC MISC MISC MISC |
de.fac2 — de.fac2 | de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim’s PC. | 2022-08-24 | not yet calculated | CVE-2022-33172 MISC MISC |
dell — emc_powerscale_onefs | Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure. | 2022-08-22 | not yet calculated | CVE-2022-32480 MISC |
dell — emc_powerscale_onefs | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services. | 2022-08-22 | not yet calculated | CVE-2022-33932 MISC |
dell — emc_powerscale_onefs | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure. | 2022-08-22 | not yet calculated | CVE-2022-31238 MISC |
dell — emc_powerscale_onefs | Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure. | 2022-08-22 | not yet calculated | CVE-2022-31237 MISC |
deluge — deluge_web-ui |
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it’s interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user’s browser session. | 2022-08-26 | not yet calculated | CVE-2021-3427 MISC MISC |
dlink — dir-816 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow. | 2022-08-22 | not yet calculated | CVE-2022-37134 MISC MISC |
dlink — dir-816 | D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end. | 2022-08-22 | not yet calculated | CVE-2022-37133 MISC MISC |
dolphinphp — dolphinphp | DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background – > System – > system function – > configuration management. | 2022-08-19 | not yet calculated | CVE-2022-37254 MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system |
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field. | 2022-08-26 | not yet calculated | CVE-2022-36548 MISC MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system |
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. | 2022-08-26 | not yet calculated | CVE-2022-36546 MISC MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system |
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php. | 2022-08-26 | not yet calculated | CVE-2022-36545 MISC MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system |
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php. | 2022-08-26 | not yet calculated | CVE-2022-36544 MISC MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system |
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php. | 2022-08-26 | not yet calculated | CVE-2022-36543 MISC MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system |
An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data. | 2022-08-26 | not yet calculated | CVE-2022-36542 MISC MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system |
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. | 2022-08-26 | not yet calculated | CVE-2022-36547 MISC MISC |
elastic — elasticsearch |
A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystore | 2022-08-25 | not yet calculated | CVE-2022-23715 MISC MISC |
emerson — proficy_machine_edition | Emerson Electric’s Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol. | 2022-08-19 | not yet calculated | CVE-2022-2793 MISC |
emerson — proficy_machine_edition | Emerson Electric’s Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: ‘\..\Filename’, also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code. | 2022-08-19 | not yet calculated | CVE-2022-2788 MISC |
emerson — proficy_machine_edition | Emerson Electric’s Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. | 2022-08-19 | not yet calculated | CVE-2022-2792 MISC |
emerson — proficy_machine_edition | Emerson Electric’s Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files). | 2022-08-19 | not yet calculated | CVE-2022-2790 MISC |
emerson — proficy_machine_edition | Emerson Electric’s Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic. | 2022-08-19 | not yet calculated | CVE-2022-2789 MISC |
ericsson — network_manager |
In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation. | 2022-08-26 | not yet calculated | CVE-2021-32570 MISC MISC |
ethereum — eth-account | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method | 2022-08-22 | not yet calculated | CVE-2022-1930 MISC |
ethz — safe_exam_browser | Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers’ print dialog. | 2022-08-19 | not yet calculated | CVE-2022-36220 MISC MISC |
eurosoft — eurosoft_bootloader | A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 2022-08-26 | not yet calculated | CVE-2022-34303 MISC MISC |
exceedone — exment | Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | 2022-08-24 | not yet calculated | CVE-2022-38080 MISC MISC MISC |
exceedone — exment | Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | 2022-08-24 | not yet calculated | CVE-2022-38089 MISC MISC MISC |
exceedone — exment | SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands. | 2022-08-24 | not yet calculated | CVE-2022-37333 MISC MISC MISC |
eyoucms — eyoucms | EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. | 2022-08-19 | not yet calculated | CVE-2022-36225 MISC |
f-secure — elements_endpoint_protection | A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker. | 2022-08-23 | not yet calculated | CVE-2022-28882 MISC |
f-secure — elements_endpoint_protection | A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker. | 2022-08-23 | not yet calculated | CVE-2022-28883 MISC |
fiserv — prologue | Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file (specifically, the LogPassword attribute within appconfig.ini), they would be able to decrypt the password stored within the configuration file. This would yield cleartext credentials for the database (to gain access to financial records of customers stored within the database), and in some cases would allow remote login to the database. | 2022-08-23 | not yet calculated | CVE-2020-35992 MISC MISC |
fishbowlinventory — fishbowl_server | A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload. | 2022-08-19 | not yet calculated | CVE-2022-29805 MISC MISC |
frappe — erpnext | Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. | 2022-08-22 | not yet calculated | CVE-2022-28598 MISC MISC MISC |
freeopcua_project — freeopcua | All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False. | 2022-08-23 | not yet calculated | CVE-2022-24298 CONFIRM CONFIRM |
ge_gas_power — workstationst |
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim’s browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | 2022-08-25 | not yet calculated | CVE-2022-37953 CONFIRM |
ge_gas_power — workstationst |
A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim’s browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater. | 2022-08-25 | not yet calculated | CVE-2022-37952 CONFIRM |
getkirby — kirby | An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages. | 2022-08-24 | not yet calculated | CVE-2018-14520 MISC MISC |
getkirby — kirby | An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page. | 2022-08-24 | not yet calculated | CVE-2018-14519 MISC MISC |
glibc — glibc |
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. | 2022-08-24 | not yet calculated | CVE-2021-3999 MISC MISC MISC MISC MISC MISC |
glibc — glibc |
A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. | 2022-08-24 | not yet calculated | CVE-2021-3998 MISC MISC MISC MISC MISC MISC MISC |
gnu — binutils |
In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. | 2022-08-26 | not yet calculated | CVE-2022-38533 MISC MISC |
google — android | In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848165 | 2022-08-24 | not yet calculated | CVE-2021-0698 MISC |
google — android | In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-236848817 | 2022-08-24 | not yet calculated | CVE-2021-0887 MISC |
google — android | An unprivileged app can trigger PowerVR driver to return an uninitialized heap memory causing information disclosure.Product: AndroidVersions: Android SoCAndroid ID: A-236849490 | 2022-08-24 | not yet calculated | CVE-2021-0891 MISC |
google — android | The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232440670 | 2022-08-24 | not yet calculated | CVE-2021-39815 MISC |
google — android | The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameInt on the heap, fills the contents of the buffer via PMR_PDumpSymbolicAddr, and then copies the buffer to userspace. The method PMR_PDumpSymbolicAddr may fail, and if it does the buffer will be left uninitialized and despite the error will still be copied to userspace. Kernel leak of uninitialized heap data with no privs required.Product: AndroidVersions: Android SoCAndroid ID: A-236846966 | 2022-08-24 | not yet calculated | CVE-2021-0946 MISC |
google — android | The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt on the heap, fills the contents of the buffer via TLServerDiscoverStreamsKM, and then copies the buffer to userspace. The method TLServerDiscoverStreamsKM may fail for several reasons including invalid sizes. If this method fails the buffer will be left uninitialized and despite the error will still be copied to userspace. Kernel leak of uninitialized heap data with no privs required.Product: AndroidVersions: Android SoCAndroid ID: A-236838960 | 2022-08-24 | not yet calculated | CVE-2021-0947 MISC |
google — android | The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-232441339 | 2022-08-24 | not yet calculated | CVE-2022-20122 MISC |
gosecure — titan | Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload. | 2022-08-25 | not yet calculated | CVE-2022-28747 MISC MISC |
gravitee — api_management | HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request. | 2022-08-23 | not yet calculated | CVE-2019-25075 MISC MISC |
grokability– snipe-it | Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. | 2022-08-25 | not yet calculated | CVE-2022-2997 MISC CONFIRM |
h3c — b5_mini | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetMacAccessMode. | 2022-08-25 | not yet calculated | CVE-2022-36471 MISC |
h3c — b5_mini | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function EditMacList.d. | 2022-08-25 | not yet calculated | CVE-2022-36467 MISC |
h3c — b5_mini | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed. | 2022-08-25 | not yet calculated | CVE-2022-36468 MISC |
h3c — b5_mini | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAP5GWifiById. | 2022-08-25 | not yet calculated | CVE-2022-36470 MISC |
h3c — b5_mini | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById. | 2022-08-25 | not yet calculated | CVE-2022-36469 MISC |
h3c — b5_mini | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Edit_BasicSSID. | 2022-08-25 | not yet calculated | CVE-2022-36478 MISC |
h3c — b5_mini | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddWlanMacList. | 2022-08-25 | not yet calculated | CVE-2022-36477 MISC |
h3c — b5_mini | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddMacList. | 2022-08-25 | not yet calculated | CVE-2022-36475 MISC |
h3c — b5_mini | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function WlanWpsSet. | 2022-08-25 | not yet calculated | CVE-2022-36474 MISC |
h3c — b5_mini | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G. | 2022-08-25 | not yet calculated | CVE-2022-36473 MISC |
h3c — b5_mini | H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetMobileAPInfoById. | 2022-08-25 | not yet calculated | CVE-2022-36472 MISC |
h3c — gr-1200w | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switch_debug_info_set. | 2022-08-25 | not yet calculated | CVE-2022-37074 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | 2022-08-25 | not yet calculated | CVE-2022-37070 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateOne2One. | 2022-08-25 | not yet calculated | CVE-2022-37071 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateMacCloneFinal. | 2022-08-25 | not yet calculated | CVE-2022-37068 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanLinkspyMulti. | 2022-08-25 | not yet calculated | CVE-2022-37072 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanModeMulti. | 2022-08-25 | not yet calculated | CVE-2022-37073 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanParamsMulti. | 2022-08-25 | not yet calculated | CVE-2022-37067 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateSnat. | 2022-08-25 | not yet calculated | CVE-2022-37069 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function AddWlanMacList. | 2022-08-25 | not yet calculated | CVE-2022-36519 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateDDNS. | 2022-08-25 | not yet calculated | CVE-2022-37066 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function EditWlanMacList. | 2022-08-25 | not yet calculated | CVE-2022-36518 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function EditApAdvanceInfo. | 2022-08-25 | not yet calculated | CVE-2022-36511 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function edditactionlist. | 2022-08-25 | not yet calculated | CVE-2022-36513 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function addactionlist. | 2022-08-25 | not yet calculated | CVE-2022-36515 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function ap_version_check. | 2022-08-25 | not yet calculated | CVE-2022-36516 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function debug_wlan_advance. | 2022-08-25 | not yet calculated | CVE-2022-36517 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function WanModeSetMultiWan. | 2022-08-25 | not yet calculated | CVE-2022-36514 MISC |
h3c — gr-1200w |
H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function DEleteusergroup. | 2022-08-25 | not yet calculated | CVE-2022-36520 MISC |
h3c — gr2200 | H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | 2022-08-25 | not yet calculated | CVE-2022-36510 MISC |
h3c — gr3200 | H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | 2022-08-25 | not yet calculated | CVE-2022-36509 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPInfoById. | 2022-08-25 | not yet calculated | CVE-2022-37097 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateMacClone. | 2022-08-25 | not yet calculated | CVE-2022-37100 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateSnat. | 2022-08-25 | not yet calculated | CVE-2022-37099 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateIpv6Params. | 2022-08-25 | not yet calculated | CVE-2022-37098 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetMobileAPInfoById. | 2022-08-25 | not yet calculated | CVE-2022-37087 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EnableIpv6. | 2022-08-25 | not yet calculated | CVE-2022-37096 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function AddMacList. | 2022-08-25 | not yet calculated | CVE-2022-37093 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateWanParams. | 2022-08-25 | not yet calculated | CVE-2022-37095 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID. | 2022-08-25 | not yet calculated | CVE-2022-37090 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G. | 2022-08-25 | not yet calculated | CVE-2022-37094 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditWlanMacList. | 2022-08-25 | not yet calculated | CVE-2022-37091 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed. | 2022-08-25 | not yet calculated | CVE-2022-37086 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById. | 2022-08-25 | not yet calculated | CVE-2022-37092 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAP5GWifiById. | 2022-08-25 | not yet calculated | CVE-2022-37088 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditMacList. | 2022-08-25 | not yet calculated | CVE-2022-37089 MISC |
h3c — h200 |
H3C H200 H200V100R004 was discovered to contain a stack overflow via the AddWlanMacList function. | 2022-08-25 | not yet calculated | CVE-2022-37085 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditMacList. | 2022-08-25 | not yet calculated | CVE-2022-36490 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function DEleteusergroup. | 2022-08-25 | not yet calculated | CVE-2022-36499 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EnableIpv6. | 2022-08-25 | not yet calculated | CVE-2022-36489 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPInfoById. | 2022-08-25 | not yet calculated | CVE-2022-36508 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddWlanMacList. | 2022-08-25 | not yet calculated | CVE-2022-36507 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMacAccessMode. | 2022-08-25 | not yet calculated | CVE-2022-36506 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID. | 2022-08-25 | not yet calculated | CVE-2022-36504 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateMacClone. | 2022-08-25 | not yet calculated | CVE-2022-36503 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateWanParams. | 2022-08-25 | not yet calculated | CVE-2022-36502 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateSnat. | 2022-08-25 | not yet calculated | CVE-2022-36501 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditWlanMacList. | 2022-08-25 | not yet calculated | CVE-2022-36500 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EDitusergroup. | 2022-08-25 | not yet calculated | CVE-2022-36505 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed. | 2022-08-25 | not yet calculated | CVE-2022-36498 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMobileAPInfoById. | 2022-08-25 | not yet calculated | CVE-2022-36496 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function addactionlist. | 2022-08-25 | not yet calculated | CVE-2022-36495 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function edditactionlist. | 2022-08-25 | not yet calculated | CVE-2022-36494 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById. | 2022-08-25 | not yet calculated | CVE-2022-36493 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddMacList. | 2022-08-25 | not yet calculated | CVE-2022-36492 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateIpv6Params. | 2022-08-25 | not yet calculated | CVE-2022-36491 MISC |
h3c — magic_nx18_plus | H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G. | 2022-08-25 | not yet calculated | CVE-2022-36497 MISC |
hdfgroup — hdf5 | A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-26061 MISC |
hdfgroup — hdf5 | An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-25972 MISC |
hdfgroup — hdf5 | An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. A specially-crafted GIF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-25942 MISC |
honda — remote_keyless_entry_receiving_unit |
The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely. | 2022-08-24 | not yet calculated | CVE-2022-37305 MISC MISC MISC MISC MISC |
htmly — htmly |
htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php. | 2022-08-26 | not yet calculated | CVE-2021-40285 MISC |
ibm — datapower_gateway |
IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357. | 2022-08-26 | not yet calculated | CVE-2022-31773 XF CONFIRM |
ibm — maximo_asset_management | IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116. | 2022-08-26 | not yet calculated | CVE-2022-35714 CONFIRM XF |
ibm — mq | IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226339. | 2022-08-19 | not yet calculated | CVE-2022-22489 XF CONFIRM |
ibm — openbmc_op910_and_op940 | IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221. | 2022-08-22 | not yet calculated | CVE-2021-29891 XF CONFIRM |
icewarp — lenovo_pcmanager | A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. | 2022-08-23 | not yet calculated | CVE-2022-1513 MISC |
icewarp — webclient_dc2 | IceWarp WebClient DC2 – Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php. | 2022-08-23 | not yet calculated | CVE-2022-35115 MISC MISC |
imagemagick — imagemagick |
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. | 2022-08-26 | not yet calculated | CVE-2021-3574 MISC MISC MISC |
imagemagick — imagemagick |
An integer overflow issue was discovered in ImageMagick’s ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the ‘unsigned char’. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash. | 2022-08-25 | not yet calculated | CVE-2021-20224 MISC MISC MISC |
ingredients_stock_management — ingredients_stock_management | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/view_item.php. | 2022-08-25 | not yet calculated | CVE-2022-36701 MISC |
jenkins — collabnet | Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2022-08-23 | not yet calculated | CVE-2022-38665 CONFIRM MLIST |
jenkins — git | Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. | 2022-08-23 | not yet calculated | CVE-2022-38663 CONFIRM MLIST |
jenkins — job_configuration_history | Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names. | 2022-08-23 | not yet calculated | CVE-2022-38664 CONFIRM MLIST |
jfinal_cms — jfinal_cms | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. | 2022-08-23 | not yet calculated | CVE-2022-37199 MISC |
jfinal_cms — jfinal_cms | JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. | 2022-08-23 | not yet calculated | CVE-2022-37223 MISC |
jfinal_cms — jfinal_cms | Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. | 2022-08-25 | not yet calculated | CVE-2022-36527 MISC |
jizhicms — jizhicms | An issue was discovered in jizhicms v2.3.1. There is a CSRF vulnerability that can add a admin. | 2022-08-19 | not yet calculated | CVE-2022-36577 MISC |
jizhicms — jizhicms | jizhicms v2.3.1 has SQL injection in the background. | 2022-08-19 | not yet calculated | CVE-2022-36578 MISC |
jsonxx — jsonxx | Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement. | 2022-08-19 | not yet calculated | CVE-2022-23459 CONFIRM |
jsonxx — jsonxx | Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement. | 2022-08-19 | not yet calculated | CVE-2022-23460 CONFIRM |
kensite_cms — kensite_cms |
Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. | 2022-08-26 | not yet calculated | CVE-2022-36529 MISC MISC |
laravel — laravel | A vulnerability, which was classified as critical, was found in Laravel 5.1. Affected is an unknown function. The manipulation leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-206688. | 2022-08-19 | not yet calculated | CVE-2022-2886 N/A N/A |
lexmark — multiple_products | Various Lexmark products through 2022-04-27 allow External Control of a System or Configuration Setting because of Improper Input Validation. | 2022-08-26 | not yet calculated | CVE-2022-29850 MISC MISC |
libarchive — libarchive | An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system. | 2022-08-23 | not yet calculated | CVE-2021-31566 MISC MISC MISC MISC |
libarchive — libarchive | An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges. | 2022-08-23 | not yet calculated | CVE-2021-23177 MISC MISC MISC MISC |
libpng — pngcheck | A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file. | 2022-08-23 | not yet calculated | CVE-2020-35511 MISC |
libpngs — pngimage.c | A heap overflow flaw was found in libpngs’ pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service. | 2022-08-24 | not yet calculated | CVE-2021-4214 MISC MISC MISC MISC |
library_management — library_management | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Textbook parameter at /admin/modify.php. | 2022-08-25 | not yet calculated | CVE-2022-36721 MISC |
library_management — library_management | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the ok parameter at /admin/history.php. | 2022-08-25 | not yet calculated | CVE-2022-36719 MISC |
library_management — library_management | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/modify1.php. | 2022-08-25 | not yet calculated | CVE-2022-36720 MISC |
library_management — library_management | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/changestock.php. | 2022-08-25 | not yet calculated | CVE-2022-36716 MISC |
library_management — library_management | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/search.php. | 2022-08-25 | not yet calculated | CVE-2022-36715 MISC |
linksys — mr8300_router |
Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router’s web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. This issue affects: Linksys MR8300 Router 1.0. | 2022-08-24 | not yet calculated | CVE-2022-38132 MISC |
linux — linux_kernel | A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. This flaw allows a local user to crash the system. The highest threat from this vulnerability is to system availability. | 2022-08-22 | not yet calculated | CVE-2021-3659 MISC MISC MISC |
linux — linux_kernel | A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information. | 2022-08-23 | not yet calculated | CVE-2021-3736 MISC MISC MISC |
linux — linux_kernel | A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability. | 2022-08-23 | not yet calculated | CVE-2021-3759 MISC MISC MISC |
linux — linux_kernel | A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local attacker with local access to cause a denial of service while the system reboots. The issue is specific to CentOS/RHEL. | 2022-08-24 | not yet calculated | CVE-2021-4218 MISC MISC MISC |
linux — linux_kernel | A memory leak flaw was found in the Linux kernel’s ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability. | 2022-08-23 | not yet calculated | CVE-2021-3764 MISC MISC MISC MISC |
linux — linux_kernel | An out-of-bounds (OOB) memory access flaw was found in the Linux kernel’s eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information. | 2022-08-24 | not yet calculated | CVE-2021-4204 MISC MISC MISC MISC |
linux — linux_kernel | An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. | 2022-08-22 | not yet calculated | CVE-2022-2873 MISC |
linux — linux_kernel |
A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | 2022-08-24 | not yet calculated | CVE-2022-2978 MISC |
linux — linux_kernel |
A flaw in the Linux kernel’s implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system. | 2022-08-24 | not yet calculated | CVE-2021-4028 MISC MISC MISC MISC MISC |
linux — linux_kernel |
A race condition was found in the Linux kernel’s watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system. | 2022-08-25 | not yet calculated | CVE-2022-2959 MISC MISC |
linux — linux_kernel |
A heap-based buffer overflow was found in the Linux kernel’s LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability. | 2022-08-25 | not yet calculated | CVE-2022-2991 MISC MISC |
linux — linux_kernel |
A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged. | 2022-08-23 | not yet calculated | CVE-2021-3714 MISC MISC MISC MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). | 2022-08-26 | not yet calculated | CVE-2022-0171 MISC MISC MISC |
linux — linux_kernel |
A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. | 2022-08-26 | not yet calculated | CVE-2022-0168 MISC MISC MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | 2022-08-26 | not yet calculated | CVE-2021-3669 MISC MISC MISC MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel’s implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. | 2022-08-23 | not yet calculated | CVE-2022-2938 MISC |
linux — linux_kernel |
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. | 2022-08-24 | not yet calculated | CVE-2021-4037 MISC MISC MISC MISC MISC |
linux — linux_kernel |
A vulnerability was found in the Linux kernel’s EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. | 2022-08-24 | not yet calculated | CVE-2021-4159 MISC MISC MISC MISC |
litejs — uri-template-lite | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the “URI.expand” method | 2022-08-24 | not yet calculated | CVE-2021-43309 MISC |
logitech — streamlabs_desktop | StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. An attacker can execute arbitrary code via a crafted .exe file. | 2022-08-19 | not yet calculated | CVE-2022-36263 MISC |
malighting — grandma2_light | MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor’s position is that the product was designed for isolated networks. Also, the successor product, grandMA3, is not affected by this vulnerability. | 2022-08-21 | not yet calculated | CVE-2022-30036 MISC MISC |
mapgis — igserver | MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. | 2022-08-19 | not yet calculated | CVE-2022-36171 MISC |
mapgis — igserver | MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. | 2022-08-19 | not yet calculated | CVE-2022-36170 MISC MISC |
mariadb — mariadb |
The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party. | 2022-08-27 | not yet calculated | CVE-2022-38792 MISC MISC MISC MISC |
mariadb — mariadb |
In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | 2022-08-27 | not yet calculated | CVE-2022-38791 MISC |
matrix — dendrite | gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the `”events_default”` key of the `m.room.power_levels` event, defaulting the event default power level to zero in all cases. Power levels are the matrix terminology for user access level. In rooms where the `”events_default”` power level had been changed, this could result in events either being incorrectly authorised or rejected by Dendrite servers. gomatrixserverlib contains a fix as of commit `723fd49` and Dendrite 0.9.3 has been updated accordingly. Matrix rooms where the `”events_default”` power level has not been changed from the default of zero are not vulnerable. Users are advised to upgrade. There are no known workarounds for this issue. | 2022-08-19 | not yet calculated | CVE-2022-36009 MISC MISC CONFIRM |
mazda — remote_keyless_entry_receiving_unit |
The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely. | 2022-08-24 | not yet calculated | CVE-2022-36945 MISC MISC MISC MISC MISC |
mdaemon_technologies — security_gateway_for_email_servers | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint. | 2022-08-25 | not yet calculated | CVE-2022-37243 MISC MISC |
mdaemon_technologies — security_gateway_for_email_servers | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint. | 2022-08-25 | not yet calculated | CVE-2022-37241 MISC MISC |
mdaemon_technologies — security_gateway_for_email_servers | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter. | 2022-08-25 | not yet calculated | CVE-2022-37240 MISC MISC |
mdaemon_technologies — security_gateway_for_email_servers | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter. | 2022-08-25 | not yet calculated | CVE-2022-37238 MISC MISC |
mdaemon_technologies — security_gateway_for_email_servers | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint. | 2022-08-25 | not yet calculated | CVE-2022-37239 MISC MISC |
mdaemon_technologies — security_gateway_for_email_servers | MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint. | 2022-08-25 | not yet calculated | CVE-2022-37245 MISC MISC |
mdaemon_technologies — security_gateway_for_email_servers |
MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection. | 2022-08-25 | not yet calculated | CVE-2022-37244 MISC MISC |
mdaemon_technologies — security_gateway_for_email_servers |
MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter. | 2022-08-25 | not yet calculated | CVE-2022-37242 MISC MISC |
mealie — mealie | Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request. | 2022-08-19 | not yet calculated | CVE-2022-34624 MISC MISC MISC |
mealie — mealie | Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter. | 2022-08-19 | not yet calculated | CVE-2022-34621 MISC MISC MISC MISC MISC |
mealie — mealie | Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | 2022-08-19 | not yet calculated | CVE-2022-34615 MISC MISC MISC MISC |
mealie — mealie | Mealie1.0.0beta3 is vulnerable to user enumeration via timing response discrepancy between users and non-users when an invalid password message is displayed during an authentication attempt. | 2022-08-19 | not yet calculated | CVE-2022-34623 MISC MISC MISC MISC |
mikrotik — routeros |
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host. | 2022-08-25 | not yet calculated | CVE-2022-34960 MISC MISC |
mikrotik — routeros |
Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | 2022-08-26 | not yet calculated | CVE-2022-36522 MISC |
mm-wiki — mm-wiki |
mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor. | 2022-08-26 | not yet calculated | CVE-2021-39393 MISC |
mm-wiki — mm-wiki |
mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information. | 2022-08-26 | not yet calculated | CVE-2021-39394 MISC |
mod_wsgi — mod_wsgi |
A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing. | 2022-08-25 | not yet calculated | CVE-2022-2255 MISC MISC MISC |
mongoose — mongoose |
Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable to prototype pollution. | 2022-08-26 | not yet calculated | CVE-2022-24304 MISC CONFIRM CONFIRM |
monospace — directus | Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`. | 2022-08-19 | not yet calculated | CVE-2022-36031 CONFIRM |
moveable_type — moveable_type |
Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability. | 2022-08-24 | not yet calculated | CVE-2022-38078 MISC MISC |
multiple_vendors — remote_keyless_entry_receiving_unit |
The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely. | 2022-08-24 | not yet calculated | CVE-2022-37418 MISC MISC MISC MISC MISC |
mumara_classic — mumara_classic | Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using ‘trust’ authentication with a ‘clientcert’ requirement or to use ‘cert’ authentication, a man-in-the-middle attacker can inject false responses to the client’s first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL. | 2022-08-25 | not yet calculated | CVE-2021-43767 MISC MISC |
mumara_classic — mumara_classic | Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL. | 2022-08-25 | not yet calculated | CVE-2021-43766 MISC MISC |
mumara_classic — mumara_classic |
A SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter. | 2022-08-25 | not yet calculated | CVE-2021-43329 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
mupdf — mupdf | A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream. | 2022-08-26 | not yet calculated | CVE-2021-4216 MISC MISC |
myscada — mypro |
An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. | 2022-08-24 | not yet calculated | CVE-2022-2234 CONFIRM |
new_horizon_datasys — new_horizon_datasys_bootloader |
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 2022-08-26 | not yet calculated | CVE-2022-34302 MISC MISC |
node-opcua_project — node-opcua | The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False. | 2022-08-24 | not yet calculated | CVE-2022-24375 CONFIRM CONFIRM CONFIRM CONFIRM |
node-opcua_project — node-opcua | The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks – per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | 2022-08-23 | not yet calculated | CVE-2022-21208 CONFIRM CONFIRM CONFIRM CONFIRM |
node-opcua — node-opcua | The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit. | 2022-08-23 | not yet calculated | CVE-2022-25231 CONFIRM CONFIRM CONFIRM |
nortek_control — linear_emerge_devices |
Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building’s doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.) | 2022-08-25 | not yet calculated | CVE-2022-31269 MISC MISC MISC MISC |
nortek_control — linear_emerge_devices |
Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account. | 2022-08-25 | not yet calculated | CVE-2022-31798 MISC MISC MISC |
nortek_control — linear_emerge_devices |
Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256. | 2022-08-25 | not yet calculated | CVE-2022-31499 MISC MISC MISC |
notrinos — notrinoserp | Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7. | 2022-08-23 | not yet calculated | CVE-2022-2965 MISC CONFIRM |
notrinos — notrinoserp | Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. This results in privilege escalation to a system administrator account. An attacker can gain access to protected functionality such as create/update companies, install/update languages, install/activate extensions, install/activate themes and other permissive actions. | 2022-08-21 | not yet calculated | CVE-2022-2921 MISC CONFIRM |
notrinos — notrinoserp | Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7. | 2022-08-22 | not yet calculated | CVE-2022-2927 CONFIRM MISC |
noxen — noxen | A vulnerability classified as problematic has been found in ConsoleTVs Noxen. Affected is an unknown function of the file /Noxen-master/users.php. The manipulation of the argument create_user_username with the input “><script>alert(/xss/)</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-207000. | 2022-08-23 | not yet calculated | CVE-2022-2956 MISC MISC |
octoprint — octoprint | Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3. | 2022-08-22 | not yet calculated | CVE-2022-2930 CONFIRM MISC |
online_diagnostic_lab_management_system — online_diagnostic_lab_management_system | An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via “dob” parameter in “/classes/Users.php?f=save_client” | 2022-08-26 | not yet calculated | CVE-2022-37152 MISC MISC |
online_diagnostic_lab_management_system — online_diagnostic_lab_management_system | There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0. | 2022-08-26 | not yet calculated | CVE-2022-37151 MISC MISC |
online_diagnostic_lab_management_system — online_diagnostic_lab_management_system | An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters. | 2022-08-26 | not yet calculated | CVE-2022-37150 MISC MISC |
opc_ua_stack — opc_ua_stack | All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA message with a special encoded NodeId. | 2022-08-23 | not yet calculated | CVE-2022-25302 CONFIRM |
opcfoundation — ua_.net_standard_reference_server | OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information. | 2022-08-23 | not yet calculated | CVE-2022-33916 MISC MISC |
opcua-asyncio — opcua-asyncio | All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks – per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | 2022-08-23 | not yet calculated | CVE-2022-25304 CONFIRM CONFIRM CONFIRM |
opcua — opcua | The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed. | 2022-08-24 | not yet calculated | CVE-2022-25903 CONFIRM CONFIRM CONFIRM |
opcua — opcua | The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks – per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | 2022-08-23 | not yet calculated | CVE-2022-25888 CONFIRM CONFIRM CONFIRM |
open62541 — open62541 | The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks – per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk. | 2022-08-23 | not yet calculated | CVE-2022-25761 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
openexr — openexr | A flaw was found in OpenEXR’s B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability. | 2022-08-23 | not yet calculated | CVE-2021-20298 MISC MISC MISC MISC MISC |
openexr — openexr | A flaw was found in OpenEXR’s hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability. | 2022-08-23 | not yet calculated | CVE-2021-20304 MISC MISC MISC MISC MISC |
openvswitch — openvswitch | A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments. | 2022-08-23 | not yet calculated | CVE-2021-3905 MISC MISC MISC MISC MISC |
oretnom23 — fast_food_ordering_system | A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207422 is the identifier assigned to this vulnerability. | 2022-08-27 | not yet calculated | CVE-2022-3012 N/A N/A |
oretnom23 — fast_food_ordering_system | A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-207425 was assigned to this vulnerability. | 2022-08-27 | not yet calculated | CVE-2022-3015 N/A |
parity — frontier | Frontier is Substrate’s Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause an overflow panic. No action is needed unless you have a bridge node that needs to distinguish different reversion exit reasons and you used RPC for this. There are currently no known workarounds. | 2022-08-19 | not yet calculated | CVE-2022-36008 MISC MISC CONFIRM |
pega — pega_platform | Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | 2022-08-22 | not yet calculated | CVE-2022-35654 MISC |
pega — pega_platform | Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. | 2022-08-22 | not yet calculated | CVE-2022-35656 MISC |
pega — pega_platform | Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. | 2022-08-22 | not yet calculated | CVE-2022-35655 MISC |
pimcore — pimcore | Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.5.4. | 2022-08-23 | not yet calculated | CVE-2022-2796 MISC CONFIRM |
planex — mzk-dp150n | Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp. | 2022-08-22 | not yet calculated | CVE-2021-37289 MISC MISC MISC |
powerdns — recursor | PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. | 2022-08-23 | not yet calculated | CVE-2022-37428 MISC MISC |
printerlogic — printerlogic |
PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content. | 2022-08-25 | not yet calculated | CVE-2022-32427 MISC MISC |
project-nexus — project-nexus | Project-nexus is a general-purpose blog website framework. Affected versions are subject to SQL injection due to a lack of sensitization of user input. This issue has not yet been patched. Users are advised to restrict user input and to upgrade when a new release becomes available. | 2022-08-20 | not yet calculated | CVE-2022-36030 CONFIRM |
prosody — prosody |
It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611). | 2022-08-26 | not yet calculated | CVE-2022-0217 MISC MISC MISC |
pukiwiki — pukiwiki | Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attacker with an administrative privilege to execute a malicious script via unspecified vectors. | 2022-08-23 | not yet calculated | CVE-2022-34486 MISC MISC |
pukiwiki — pukiwiki | Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 2022-08-23 | not yet calculated | CVE-2022-36350 MISC MISC |
pukiwiki — pukiwiki | Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 2022-08-23 | not yet calculated | CVE-2022-27637 MISC MISC |
python — python | A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible. | 2022-08-24 | not yet calculated | CVE-2021-4189 MISC MISC MISC MISC MISC MISC |
qt — qt | A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability. | 2022-08-22 | not yet calculated | CVE-2021-3481 MISC MISC MISC MISC |
radare — radare2 | An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. This could allow an attacker to cause a crash, and perform a denail of service attack. | 2022-08-19 | not yet calculated | CVE-2020-27793 MISC MISC |
radare — radare2 | A segmentation fault was discovered in radare2 with adf command. In libr/core/cmd_anal.c, when command “adf” has no or wrong argument, anal_fcn_data (core, input + 1) –> RAnalFunction *fcn = r_anal_get_fcn_in (core->anal, core->offset, -1); returns null pointer for fcn causing segmentation fault later in ensure_fcn_range (fcn). | 2022-08-19 | not yet calculated | CVE-2020-27795 MISC MISC MISC |
radare — radare2 | A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash. | 2022-08-19 | not yet calculated | CVE-2020-27794 MISC MISC |
redhat — amq_broker | A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity. | 2022-08-23 | not yet calculated | CVE-2021-3763 MISC MISC MISC |
redhat — amq_broker |
A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability. | 2022-08-24 | not yet calculated | CVE-2021-4040 MISC MISC MISC MISC |
redhat — ansible-runner | A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner’s private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality. | 2022-08-23 | not yet calculated | CVE-2021-3702 MISC MISC MISC |
redhat — ansible-runner |
A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host’s shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment. | 2022-08-24 | not yet calculated | CVE-2021-4041 MISC MISC MISC |
redhat — ansible-tower |
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment. | 2022-08-25 | not yet calculated | CVE-2021-4112 MISC MISC |
redhat — ansible_runner | A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity. | 2022-08-23 | not yet calculated | CVE-2021-3701 MISC MISC MISC MISC |
redhat — ceph_storage |
A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks. | 2022-08-25 | not yet calculated | CVE-2021-3979 MISC MISC MISC MISC MISC |
redhat — classloader |
ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available. | 2022-08-26 | not yet calculated | CVE-2021-3856 MISC MISC MISC MISC MISC |
redhat — coreos-installer | A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality. | 2022-08-23 | not yet calculated | CVE-2021-3917 MISC MISC MISC MISC |
redhat — cryptsetup |
It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium. | 2022-08-24 | not yet calculated | CVE-2021-4122 MISC MISC MISC MISC MISC |
redhat — dpdk_vhost_library | A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability. | 2022-08-23 | not yet calculated | CVE-2021-3839 MISC MISC MISC |
redhat — enterprise |
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2022-08-26 | not yet calculated | CVE-2021-35939 MISC MISC MISC MISC MISC |
redhat — fabric_8_kubernetes_client | A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML. | 2022-08-24 | not yet calculated | CVE-2021-4178 MISC MISC MISC MISC |
redhat — foreman | A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2022-08-22 | not yet calculated | CVE-2021-3590 MISC MISC |
redhat — foreman |
A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2022-08-26 | not yet calculated | CVE-2021-20260 MISC MISC |
redhat — glib |
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition. | 2022-08-23 | not yet calculated | CVE-2021-3800 MISC MISC MISC MISC |
redhat — gnutls | A NULL pointer dereference flaw was found in GnuTLS. As Nettle’s hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances. | 2022-08-24 | not yet calculated | CVE-2021-4209 MISC MISC MISC MISC MISC |
redhat — jboss_core_services_http_server |
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | 2022-08-26 | not yet calculated | CVE-2021-3688 MISC MISC |
redhat — jss | A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service. | 2022-08-24 | not yet calculated | CVE-2021-4213 MISC MISC MISC MISC MISC |
redhat — keycloak | A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. This is due to a wrong error message displayed when wrong credentials are entered. The highest threat from this vulnerability is to confidentiality. | 2022-08-22 | not yet calculated | CVE-2021-3513 MISC MISC |
redhat — keycloak | A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity. | 2022-08-23 | not yet calculated | CVE-2020-35509 MISC |
redhat — keycloak |
A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow. | 2022-08-26 | not yet calculated | CVE-2021-3632 MISC MISC MISC MISC MISC |
redhat — keycloak |
A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. | 2022-08-26 | not yet calculated | CVE-2022-0225 MISC MISC |
redhat — keycloak |
A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. | 2022-08-26 | not yet calculated | CVE-2021-3754 MISC MISC |
redhat — libvirt | A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash. | 2022-08-23 | not yet calculated | CVE-2021-3975 MISC MISC MISC MISC |
redhat — opencryptoki |
A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack. | 2022-08-23 | not yet calculated | CVE-2021-3798 MISC MISC MISC MISC |
redhat — openshift_api_management | A flaw was found in the Red Hat OpenShift API Management product. User input is not validated allowing an authenticated user to inject scripts into some text boxes leading to a XSS attack. The highest threat from this vulnerability is to data confidentiality. | 2022-08-22 | not yet calculated | CVE-2021-3442 MISC MISC |
redhat — openshift_container_platform | A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.. | 2022-08-22 | not yet calculated | CVE-2020-27836 MISC MISC MISC MISC |
redhat — openshift_metering_hive_container | It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6. | 2022-08-24 | not yet calculated | CVE-2021-4125 MISC MISC MISC MISC MISC MISC MISC |
redhat — openshift_service_mesh | A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2022-08-22 | not yet calculated | CVE-2021-3586 MISC MISC |
redhat — openstack-keystone |
A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. | 2022-08-26 | not yet calculated | CVE-2021-3563 MISC MISC MISC MISC |
redhat — openstack-tripleo-heate-templates |
A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. | 2022-08-26 | not yet calculated | CVE-2021-3585 MISC MISC MISC MISC MISC |
redhat — qemu |
A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. | 2022-08-24 | not yet calculated | CVE-2021-4158 MISC MISC MISC MISC MISC |
redhat — qemu |
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host. | 2022-08-25 | not yet calculated | CVE-2021-3929 MISC MISC MISC MISC MISC |
redhat — qemu |
A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. | 2022-08-26 | not yet calculated | CVE-2021-3735 MISC MISC MISC |
redhat — rpm |
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2022-08-25 | not yet calculated | CVE-2021-35937 MISC MISC MISC MISC |
redhat — rpm |
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2022-08-25 | not yet calculated | CVE-2021-35938 MISC MISC MISC MISC MISC MISC |
redhat — satellite |
The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin. | 2022-08-24 | not yet calculated | CVE-2021-4142 MISC MISC MISC MISC MISC |
redhat — satellite |
A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality. | 2022-08-26 | not yet calculated | CVE-2021-3414 MISC MISC |
redhat — serverless_and_serverless_client_kn |
It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0. | 2022-08-26 | not yet calculated | CVE-2021-3703 MISC MISC |
redhat — single_sign-on | A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user’s credentials. The highest threat from this vulnerability is to confidentiality and integrity. | 2022-08-23 | not yet calculated | CVE-2021-3827 MISC MISC MISC MISC |
redhat — smallrye_health_metrics |
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks. | 2022-08-25 | not yet calculated | CVE-2021-3914 MISC MISC |
redhat — sox |
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash. | 2022-08-25 | not yet calculated | CVE-2021-23159 MISC MISC MISC MISC |
redhat — sox |
A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash. | 2022-08-25 | not yet calculated | CVE-2021-23172 MISC MISC MISC MISC |
redhat — sox |
A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash. | 2022-08-25 | not yet calculated | CVE-2021-33844 MISC MISC MISC MISC |
redhat — sox |
A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash. | 2022-08-25 | not yet calculated | CVE-2021-23210 MISC MISC MISC MISC |
redhat — suid_binary |
A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. | 2022-08-26 | not yet calculated | CVE-2021-3864 MISC MISC MISC MISC MISC MISC MISC |
redhat — undertow | A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability. | 2022-08-23 | not yet calculated | CVE-2021-3690 MISC MISC MISC MISC |
redhat — undertow |
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. | 2022-08-26 | not yet calculated | CVE-2021-3859 MISC MISC MISC MISC MISC |
redhat — unzip |
A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | 2022-08-24 | not yet calculated | CVE-2021-4217 MISC MISC MISC |
redhat — vdsm |
A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. | 2022-08-26 | not yet calculated | CVE-2022-0207 MISC MISC MISC MISC MISC |
redhat — wildfly-core |
A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity. | 2022-08-26 | not yet calculated | CVE-2021-3644 MISC MISC MISC MISC MISC MISC |
redhat — xfs_filesystem |
A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. | 2022-08-24 | not yet calculated | CVE-2021-4155 MISC MISC MISC MISC MISC |
redhat — xnio | A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. | 2022-08-26 | not yet calculated | CVE-2022-0084 MISC MISC MISC MISC |
redhat — qemu |
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. | 2022-08-26 | not yet calculated | CVE-2022-0216 MISC MISC MISC MISC MISC |
rhonabwy — rhonabwy | Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn’t check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. | 2022-08-20 | not yet calculated | CVE-2022-38493 MISC |
rizin — rizin |
A vulnerability was found in rizin. The bug involves an ELF64 binary for the HPPA architecture. When a specially crafted binarygets analysed by rizin, it causes rizin to crash by freeing an uninitialized (and potentially user controlled, depending on the build) memory address. | 2022-08-25 | not yet calculated | CVE-2021-4022 MISC |
rockwellautomation — isagraf_workbench | Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful. | 2022-08-25 | not yet calculated | CVE-2022-2463 MISC |
rockwellautomation — isagraf_workbench | Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful. | 2022-08-25 | not yet calculated | CVE-2022-2464 MISC |
rockwellautomation — isagraf_workbench | Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited. | 2022-08-25 | not yet calculated | CVE-2022-2465 MISC |
rpm — rpm | There is a flaw in RPM’s signature functionality. OpenPGP subkeys are associated with a primary key via a “binding signature.” RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. | 2022-08-22 | not yet calculated | CVE-2021-3521 MISC MISC MISC MISC |
rubrik — rubrik_cdm | A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent. | 2022-08-26 | not yet calculated | CVE-2022-30984 MISC MISC |
ruoyi — ruoyi |
RuoYi v3.8.3 has a Weak password vulnerability in the management system. | 2022-08-25 | not yet calculated | CVE-2022-37158 MISC |
samba — samba | A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl. | 2022-08-25 | not yet calculated | CVE-2022-32746 MISC |
samba — samba | A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault. | 2022-08-25 | not yet calculated | CVE-2022-32745 MISC |
samba — samba | A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users’ passwords, enabling full domain takeover. | 2022-08-25 | not yet calculated | CVE-2022-32744 MISC |
samba — samba | A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share. | 2022-08-23 | not yet calculated | CVE-2021-20316 MISC MISC MISC MISC MISC |
samba — samba | A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer). | 2022-08-25 | not yet calculated | CVE-2022-32742 MISC |
samba — samba |
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other’s tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services. | 2022-08-25 | not yet calculated | CVE-2022-2031 MISC |
samba — samba |
MaxQueryDuration not honoured in Samba AD DC LDAP | 2022-08-23 | not yet calculated | CVE-2021-3670 MISC MISC MISC MISC MISC MISC MISC MISC MISC |
schroot — schroot | Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. | 2022-08-27 | not yet calculated | CVE-2022-2787 MISC MISC MISC |
servicenow — servicenow | ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard. | 2022-08-23 | not yet calculated | CVE-2022-38172 CONFIRM |
servicenow — servicenow | ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. | 2022-08-23 | not yet calculated | CVE-2022-38463 CONFIRM |
simple_task_scheduling_system — simple_task_scheduling_system | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. | 2022-08-26 | not yet calculated | CVE-2022-36680 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. | 2022-08-26 | not yet calculated | CVE-2022-36679 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment. | 2022-08-26 | not yet calculated | CVE-2022-36683 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account. | 2022-08-26 | not yet calculated | CVE-2022-36681 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_item. | 2022-08-25 | not yet calculated | CVE-2022-36693 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockin. | 2022-08-25 | not yet calculated | CVE-2022-36695 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_waste. | 2022-08-25 | not yet calculated | CVE-2022-36697 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php. | 2022-08-25 | not yet calculated | CVE-2022-36698 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/manage_category.php. | 2022-08-25 | not yet calculated | CVE-2022-36699 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/manage_item.php. | 2022-08-25 | not yet calculated | CVE-2022-36700 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /stocks/manage_stockin.php. | 2022-08-25 | not yet calculated | CVE-2022-36703 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | 2022-08-25 | not yet calculated | CVE-2022-36692 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student. | 2022-08-26 | not yet calculated | CVE-2022-36682 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockout. | 2022-08-25 | not yet calculated | CVE-2022-36696 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | 2022-08-26 | not yet calculated | CVE-2022-36678 MISC |
siteservercms — siteservercms | SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. | 2022-08-26 | not yet calculated | CVE-2022-36226 MISC MISC |
sonic_wall — sma100 |
A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. | 2022-08-26 | not yet calculated | CVE-2022-2915 CONFIRM |
sourcecodester — gym_management | A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-206451. | 2022-08-22 | not yet calculated | CVE-2022-2842 MISC MISC |
sourcecodester — simple_and_nice_shopping_cart_script | A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207001 was assigned to this vulnerability. | 2022-08-25 | not yet calculated | CVE-2022-2957 N/A N/A |
sourcecodester — simple_and_nice_shopping_cart_script | A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206845 was assigned to this vulnerability. | 2022-08-20 | not yet calculated | CVE-2022-2909 MISC MISC |
sourcecodester — simple_task_managing_system | A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424. | 2022-08-27 | not yet calculated | CVE-2022-3014 N/A N/A |
sourcecodester — simple_task_managing_system | A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423. | 2022-08-27 | not yet calculated | CVE-2022-3013 N/A |
sqlite — sqlite |
An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode “control-characters” (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later. | 2022-08-25 | not yet calculated | CVE-2021-20223 MISC MISC MISC |
stormshield — network_security | Flooding SNS firewall 3.7.0 to 3.7.26 with udp or icmp randomizing the source through an internal to internal or external to internal interfaces will lead the firewall to overwork. It will consume 100% CPU, 100 RAM and won’t be available and can crash. | 2022-08-24 | not yet calculated | CVE-2022-27812 MISC |
symantec — multiple_products |
A malicious unauthorized PAM user can access the administration configuration data and change the values. | 2022-08-26 | not yet calculated | CVE-2022-25625 MISC |
systemd — systemd | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | 2022-08-23 | not yet calculated | CVE-2021-3997 MISC MISC MISC MISC |
tabit_technologies — tabit | Tabit – password enumeration. Description: Tabit – password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 – Rate limiting. | 2022-08-22 | not yet calculated | CVE-2022-34772 MISC |
tabit_technologies — tabit | Tabit – HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query – can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 – Injection. | 2022-08-22 | not yet calculated | CVE-2022-34773 MISC |
tabit_technologies — tabit | Tabit – Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant’s loyalty program. Possibly allowing account takeover (the mail can be used to reset password). | 2022-08-22 | not yet calculated | CVE-2022-34774 MISC |
tabit_technologies — tabit | Tabit – Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack. | 2022-08-22 | not yet calculated | CVE-2022-34775 MISC |
tabit_technologies — tabit | Tabit – giftcard stealth. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described APIs, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a ‘tiny URL’ in tabits domain, in the form of https://tbit.be/{suffix} with suffix being a 5 character long string containing numbers, lower and upper case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information. | 2022-08-22 | not yet calculated | CVE-2022-34776 MISC |
tabit_technologies — tabit | Tabit – sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a ‘tiny URL’ in Tabit’s domain, in the form of https://tbit.be/{suffix} with suffix being a 5 characters long string containing numbers, lower- and upper-case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. This is both an example of OWASP: API4 – rate limiting and OWASP: API1 – Broken object level authorization. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information. For example: The URL https://tabitisrael.co.il/online-reservations/health-statement?orgId={org_id}&healthStatementId={health_statement_id} is used to invite friends to fill a health statement before attending the restaurant. We can use the health_statement_id to access the https://tgm-api.tabit.cloud/health-statement/{health_statement_id} API which disclose medical information as well as id number. | 2022-08-22 | not yet calculated | CVE-2022-34770 MISC |
tabit_technologies — tabit | Tabit – arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system – the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the system. In addition, the API probably has some kind of template injection potential. When entering {{OTP}} in the custom message field it is formatted into an OTP. | 2022-08-22 | not yet calculated | CVE-2022-34771 MISC |
taogogo — taocms | An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt | 2022-08-23 | not yet calculated | CVE-2022-36261 MISC MISC |
tcpdump — tcpdump |
The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. | 2022-08-27 | not yet calculated | CVE-2019-15167 CONFIRM |
teleport — teleport |
Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload. | 2022-08-24 | not yet calculated | CVE-2022-36633 MISC MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement. | 2022-08-25 | not yet calculated | CVE-2022-37799 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function fromSetRouteStatic. | 2022-08-25 | not yet calculated | CVE-2022-37800 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand. | 2022-08-25 | not yet calculated | CVE-2022-37801 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer. | 2022-08-25 | not yet calculated | CVE-2022-37798 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromNatStaticSetting. | 2022-08-25 | not yet calculated | CVE-2022-37802 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the firewallEn parameter in the function formSetFirewallCfg. | 2022-08-25 | not yet calculated | CVE-2022-37812 MISC |
tenda — ac1206 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind. | 2022-08-25 | not yet calculated | CVE-2022-37817 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind. | 2022-08-25 | not yet calculated | CVE-2022-37816 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex. | 2022-08-25 | not yet calculated | CVE-2022-37815 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter. | 2022-08-25 | not yet calculated | CVE-2022-37814 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime. | 2022-08-25 | not yet calculated | CVE-2022-37813 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in the function formSetPPTPServer. | 2022-08-25 | not yet calculated | CVE-2022-37811 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo. | 2022-08-25 | not yet calculated | CVE-2022-37804 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. | 2022-08-25 | not yet calculated | CVE-2022-37810 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the speed_dir parameter in the function formSetSpeedWan. | 2022-08-25 | not yet calculated | CVE-2022-37809 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the function formWifiWpsOOB. | 2022-08-25 | not yet calculated | CVE-2022-37808 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function formSetClientState. | 2022-08-25 | not yet calculated | CVE-2022-37807 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient. | 2022-08-25 | not yet calculated | CVE-2022-37806 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHandle. | 2022-08-25 | not yet calculated | CVE-2022-37805 MISC |
tenda — ac1206 | Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat. | 2022-08-25 | not yet calculated | CVE-2022-37803 MISC |
tenda — ac15_firmware | Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet. | 2022-08-19 | not yet calculated | CVE-2022-37175 MISC MISC |
tenda — ac18 | Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. | 2022-08-19 | not yet calculated | CVE-2022-35201 MISC MISC MISC |
tenda — ax12 | Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the request of the upper-level interface function sub_430124, that is, handles the post request under /goform/SetIpMacBind. | 2022-08-25 | not yet calculated | CVE-2022-37292 MISC |
tenda — ax1803 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ProvinceCode parameter in the function formSetProvince. | 2022-08-25 | not yet calculated | CVE-2022-37821 MISC |
tenda — ax1803 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. | 2022-08-25 | not yet calculated | CVE-2022-37824 MISC |
tenda — ax1803 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime. | 2022-08-25 | not yet calculated | CVE-2022-37819 MISC |
tenda — ax1803 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ddnsEn parameter in the function formSetSysToolDDNS. | 2022-08-25 | not yet calculated | CVE-2022-37820 MISC |
tenda — ax1803 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand. | 2022-08-25 | not yet calculated | CVE-2022-37818 MISC |
tenda — ax1803 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic. | 2022-08-25 | not yet calculated | CVE-2022-37822 MISC |
tenda — ax1803 | Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetVirtualSer. | 2022-08-25 | not yet calculated | CVE-2022-37823 MISC |
totolink — a3600r | TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | 2022-08-25 | not yet calculated | CVE-2022-36455 MISC |
totolink — a3700r | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the pppoeUser parameter. | 2022-08-25 | not yet calculated | CVE-2022-36465 MISC |
totolink — a3700r | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules. | 2022-08-25 | not yet calculated | CVE-2022-36464 MISC |
totolink — a3700r | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg. | 2022-08-25 | not yet calculated | CVE-2022-36463 MISC |
totolink — a3700r | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. | 2022-08-25 | not yet calculated | CVE-2022-36462 MISC |
totolink — a3700r | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | 2022-08-25 | not yet calculated | CVE-2022-36461 MISC |
totolink — a3700r | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | 2022-08-25 | not yet calculated | CVE-2022-36460 MISC |
totolink — a3700r | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. | 2022-08-25 | not yet calculated | CVE-2022-36466 MISC |
totolink — a3700r | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. | 2022-08-25 | not yet calculated | CVE-2022-36459 MISC |
totolink — a3700r | TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | 2022-08-25 | not yet calculated | CVE-2022-36458 MISC |
totolink — a7000r | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | 2022-08-25 | not yet calculated | CVE-2022-37079 MISC |
totolink — a7000r | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg. | 2022-08-25 | not yet calculated | CVE-2022-37078 MISC |
totolink — a7000r | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg. | 2022-08-25 | not yet calculated | CVE-2022-37083 MISC |
totolink — a7000r | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost. | 2022-08-25 | not yet calculated | CVE-2022-37082 MISC |
totolink — a7000r | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. | 2022-08-25 | not yet calculated | CVE-2022-37081 MISC |
totolink — a7000r | TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. | 2022-08-25 | not yet calculated | CVE-2022-37075 MISC |
totolink — a7000r | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | 2022-08-25 | not yet calculated | CVE-2022-37076 MISC |
totolink — a7000r | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg. | 2022-08-25 | not yet calculated | CVE-2022-37080 MISC |
totolink — a7000r | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter. | 2022-08-25 | not yet calculated | CVE-2022-37077 MISC |
totolink — a7000r | TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function. | 2022-08-25 | not yet calculated | CVE-2022-37084 MISC |
totolink — a720r | TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | 2022-08-25 | not yet calculated | CVE-2022-36456 MISC |
totolink — n350rt | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg. | 2022-08-25 | not yet calculated | CVE-2022-36484 MISC |
totolink — n350rt | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg. | 2022-08-25 | not yet calculated | CVE-2022-36481 MISC |
totolink — n350rt | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | 2022-08-25 | not yet calculated | CVE-2022-36486 MISC |
totolink — n350rt | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser parameter. | 2022-08-25 | not yet calculated | CVE-2022-36483 MISC |
totolink — n350rt | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | 2022-08-25 | not yet calculated | CVE-2022-36485 MISC |
totolink — n350rt | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. | 2022-08-25 | not yet calculated | CVE-2022-36479 MISC |
totolink — n350rt | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | 2022-08-25 | not yet calculated | CVE-2022-36487 MISC |
totolink — n350rt | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules. | 2022-08-25 | not yet calculated | CVE-2022-36488 MISC |
totolink — n350rt | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg. | 2022-08-25 | not yet calculated | CVE-2022-36480 MISC |
totolink — n350rt | TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg. | 2022-08-25 | not yet calculated | CVE-2022-36482 MISC |
tp-link — archer_a7 | TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router. | 2022-08-23 | not yet calculated | CVE-2021-42232 MISC MISC MISC |
trendnet — tv-ip572p | An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information. | 2022-08-23 | not yet calculated | CVE-2022-35203 MISC MISC MISC |
unimo — udr-ja1004 | Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier) allows a remote unauthenticated attacker to execute an arbitrary OS command by sending a specially crafted request to the affected device web interface. | 2022-08-23 | not yet calculated | CVE-2022-35733 MISC MISC |
uninett — mod_auth_mellon | A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity. | 2022-08-22 | not yet calculated | CVE-2021-3639 MISC MISC MISC |
upx — upx | An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | 2022-08-25 | not yet calculated | CVE-2020-27798 MISC |
upx– upx | An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | 2022-08-25 | not yet calculated | CVE-2020-27802 MISC |
upx — upx | A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file. | 2022-08-25 | not yet calculated | CVE-2020-27801 MISC |
upx — upx | A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file. | 2022-08-25 | not yet calculated | CVE-2020-27800 MISC |
upx — upx | A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file. | 2022-08-25 | not yet calculated | CVE-2020-27799 MISC |
upx — upx | An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | 2022-08-25 | not yet calculated | CVE-2020-27797 MISC |
upx — upx | A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | 2022-08-25 | not yet calculated | CVE-2020-27796 MISC |
util-linux — util-linux |
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. | 2022-08-23 | not yet calculated | CVE-2021-3995 MISC MISC MISC MISC |
util-linux — util-linux |
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users’ filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. | 2022-08-23 | not yet calculated | CVE-2021-3996 MISC MISC MISC MISC MISC |
vim — vim | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. | 2022-08-22 | not yet calculated | CVE-2022-2923 CONFIRM MISC |
vim — vim | Use After Free in GitHub repository vim/vim prior to 9.0.0246. | 2022-08-23 | not yet calculated | CVE-2022-2946 CONFIRM MISC |
vim — vim | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. | 2022-08-25 | not yet calculated | CVE-2022-2980 MISC CONFIRM |
vim — vim | Use After Free in GitHub repository vim/vim prior to 9.0.0260. | 2022-08-25 | not yet calculated | CVE-2022-2982 MISC CONFIRM |
virgl — virtual_opengl_renderer |
A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. | 2022-08-26 | not yet calculated | CVE-2022-0175 MISC MISC MISC MISC MISC |
virgl — virtual_opengl_renderer |
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution. | 2022-08-25 | not yet calculated | CVE-2022-0135 MISC |
vmware — multiple_products |
Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled. | 2022-08-25 | not yet calculated | CVE-2022-23235 MISC |
vmware — vmware_tools |
VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine. | 2022-08-23 | not yet calculated | CVE-2022-31676 MISC MLIST DEBIAN MLIST |
vtk — vtk |
There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn’t check the return value of libxml2 API ‘xmlDocGetRootElement’, and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application. | 2022-08-25 | not yet calculated | CVE-2021-42521 MISC |
wellcms — wellcms | Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). | 2022-08-19 | not yet calculated | CVE-2022-36579 MISC |
wkhtmltopdf — wkhtmltopdf | wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target’s system by injecting iframe tag with initial asset IP address on it’s source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets. | 2022-08-22 | not yet calculated | CVE-2022-35583 MISC MISC MISC |
wordpress — wordpress | PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. | 2022-08-22 | not yet calculated | CVE-2022-33900 CONFIRM CONFIRM |
wordpress — wordpress | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress. | 2022-08-22 | not yet calculated | CVE-2021-36847 CONFIRM CONFIRM |
wordpress — wordpress | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-29476 CONFIRM CONFIRM |
wordpress — wordpress | The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced. | 2022-08-22 | not yet calculated | CVE-2022-2198 MISC |
wordpress — wordpress | The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack | 2022-08-22 | not yet calculated | CVE-2022-2275 MISC |
wordpress — wordpress | The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog | 2022-08-22 | not yet calculated | CVE-2022-2276 CONFIRM MISC |
wordpress — wordpress | The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting | 2022-08-22 | not yet calculated | CVE-2022-2312 MISC |
wordpress — wordpress | The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. | 2022-08-22 | not yet calculated | CVE-2022-2361 MISC |
wordpress — wordpress | The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor’s IP from certain HTTP headers over PHP’s REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions. | 2022-08-22 | not yet calculated | CVE-2022-2362 MISC |
wordpress — wordpress | The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues | 2022-08-22 | not yet calculated | CVE-2022-2375 MISC |
wordpress — wordpress | The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog | 2022-08-22 | not yet calculated | CVE-2022-2377 MISC |
wordpress — wordpress | The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options. | 2022-08-22 | not yet calculated | CVE-2022-2382 MISC |
wordpress — wordpress | The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 2022-08-22 | not yet calculated | CVE-2022-2383 MISC |
wordpress — wordpress | The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack | 2022-08-22 | not yet calculated | CVE-2022-2388 MISC |
wordpress — wordpress | The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations | 2022-08-22 | not yet calculated | CVE-2022-2389 MISC |
wordpress — wordpress | The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scripting issue which will be executed in the context of a logged in admin | 2022-08-22 | not yet calculated | CVE-2021-24912 MISC |
wordpress — wordpress | The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin “Who can translate ?” setting. | 2022-08-22 | not yet calculated | CVE-2021-24911 MISC |
wordpress — wordpress | Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-33142 CONFIRM CONFIRM |
wordpress — wordpress | The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with “Contributor” permissions or higher. | 2022-08-22 | not yet calculated | CVE-2022-2392 MISC |
wordpress — wordpress | The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-08-22 | not yet calculated | CVE-2022-2407 MISC |
wordpress — wordpress | The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 2022-08-22 | not yet calculated | CVE-2022-2532 MISC |
wordpress — wordpress | The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes. | 2022-08-22 | not yet calculated | CVE-2022-2544 CONFIRM MISC |
wordpress — wordpress | The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating. | 2022-08-22 | not yet calculated | CVE-2022-2551 MISC MISC |
wordpress — wordpress | The Duplicator WordPress plugin before 1.4.7.1 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. | 2022-08-22 | not yet calculated | CVE-2022-2552 MISC MISC |
wordpress — wordpress | The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel=”noopener noreferer” on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object. | 2022-08-22 | not yet calculated | CVE-2022-2600 MISC |
wordpress — wordpress | The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. This vulnerability was introduced in the 5.0 rewrite and did not exist prior to that release. | 2022-08-22 | not yet calculated | CVE-2022-2594 MISC MISC |
wordpress — wordpress | The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks | 2022-08-22 | not yet calculated | CVE-2022-2593 MISC |
wordpress — wordpress | The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE | 2022-08-22 | not yet calculated | CVE-2022-25812 MISC |
wordpress — wordpress | The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection | 2022-08-22 | not yet calculated | CVE-2022-25811 MISC |
wordpress — wordpress | The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_resetâ€? under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations. | 2022-08-22 | not yet calculated | CVE-2022-25810 MISC |
wordpress — wordpress | The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations. | 2022-08-22 | not yet calculated | CVE-2022-2558 MISC |
wordpress — wordpress | The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack. | 2022-08-22 | not yet calculated | CVE-2022-2172 CONFIRM MISC |
wordpress — wordpress | The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file | 2022-08-22 | not yet calculated | CVE-2022-1932 MISC |
wordpress — wordpress | The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack. | 2022-08-22 | not yet calculated | CVE-2022-2555 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. | 2022-08-22 | not yet calculated | CVE-2021-36852 CONFIRM CONFIRM |
wordpress — wordpress | Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-36405 CONFIRM CONFIRM |
wordpress — wordpress | Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-36394 CONFIRM CONFIRM |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-36389 CONFIRM CONFIRM |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-36379 CONFIRM CONFIRM |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings. | 2022-08-25 | not yet calculated | CVE-2022-36358 CONFIRM CONFIRM |
wordpress — wordpress | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine PhotoTile for Pinterest plugin <= 1.3.1 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-36347 CONFIRM CONFIRM |
wordpress — wordpress | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress. | 2022-08-22 | not yet calculated | CVE-2022-36346 CONFIRM CONFIRM |
wordpress — wordpress | Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni’s AS – Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-36341 CONFIRM CONFIRM |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-36292 CONFIRM CONFIRM |
wordpress — wordpress | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-36288 CONFIRM CONFIRM |
wordpress — wordpress | Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-36285 CONFIRM CONFIRM |
wordpress — wordpress | Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy’s Search Exclude plugin <= 1.2.6 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-36282 CONFIRM CONFIRM |
wordpress — wordpress | Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. | 2022-08-22 | not yet calculated | CVE-2021-36857 CONFIRM CONFIRM |
wordpress — wordpress | The Coming Soon – Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 2022-08-22 | not yet calculated | CVE-2022-1322 MISC |
wordpress — wordpress | Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-35726 CONFIRM CONFIRM |
wordpress — wordpress | Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-35242 CONFIRM CONFIRM |
wordpress — wordpress | Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-35235 CONFIRM CONFIRM |
wordpress — wordpress | The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue | 2022-08-22 | not yet calculated | CVE-2021-24910 MISC |
wordpress — wordpress | Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-34868 CONFIRM CONFIRM |
wordpress — wordpress | Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. | 2022-08-22 | not yet calculated | CVE-2022-34858 CONFIRM CONFIRM |
wordpress — wordpress | Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress | 2022-08-22 | not yet calculated | CVE-2022-34857 CONFIRM CONFIRM |
wordpress — wordpress | Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-34658 CONFIRM CONFIRM |
wordpress — wordpress | The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its “Simple Banner Text” Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-08-22 | not yet calculated | CVE-2022-0446 MISC |
wordpress — wordpress | Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. | 2022-08-23 | not yet calculated | CVE-2022-34648 CONFIRM CONFIRM |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | 2022-08-22 | not yet calculated | CVE-2022-34347 CONFIRM CONFIRM |
wordpress — wordpress | Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | 2022-08-22 | not yet calculated | CVE-2022-34149 CONFIRM CONFIRM |
wordpress — wordpress | The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request. | 2022-08-22 | not yet calculated | CVE-2022-1251 MISC |
wordpress — wordpress | The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. Furthermore, the file will also be deleted after its content is returned to the user | 2022-08-22 | not yet calculated | CVE-2022-2557 MISC |
wuzhicms — wuzhicms | A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: | 2022-08-26 | not yet calculated | CVE-2022-36168 MISC MISC |
wwbn — avideo | A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-29468 MISC CONFIRM |
wwbn — avideo | A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-26842 CONFIRM MISC |
wwbn — avideo | Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user’s streams. | 2022-08-22 | not yet calculated | CVE-2022-32768 CONFIRM MISC |
wwbn — avideo | A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the description parameter. | 2022-08-22 | not yet calculated | CVE-2022-34652 MISC CONFIRM |
wwbn — avideo | A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the CloneSite plugin, allowing an attacker to inject SQL by manipulating the url parameter. | 2022-08-22 | not yet calculated | CVE-2022-33149 MISC CONFIRM |
wwbn — avideo | A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the title parameter. | 2022-08-22 | not yet calculated | CVE-2022-33148 MISC CONFIRM |
wwbn — avideo | A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder functionality which can be used to add new videos, allowing an attacker to inject SQL by manipulating the videoDownloadedLink or duration parameter. | 2022-08-22 | not yet calculated | CVE-2022-33147 MISC CONFIRM |
wwbn — avideo | An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the session cookie to be leaked over non-HTTPS connections. This could allow an attacker to steal the session cookie via crafted HTTP requests.This vulnerability is for the pass cookie, which contains the hashed password and can be leaked via JavaScript. | 2022-08-22 | not yet calculated | CVE-2022-32778 MISC CONFIRM |
wwbn — avideo | An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the session cookie to be leaked over non-HTTPS connections. This could allow an attacker to steal the session cookie via crafted HTTP requests.This vulnerabilty is for the session cookie which can be leaked via JavaScript. | 2022-08-22 | not yet calculated | CVE-2022-32777 MISC CONFIRM |
wwbn — avideo | A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the “msg” parameter which is inserted into the document with insufficient sanitization. | 2022-08-22 | not yet calculated | CVE-2022-32772 CONFIRM MISC |
wwbn — avideo | A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the “success” parameter which is inserted into the document with insufficient sanitization. | 2022-08-22 | not yet calculated | CVE-2022-32771 CONFIRM MISC |
wwbn — avideo | Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user’s playlists. | 2022-08-22 | not yet calculated | CVE-2022-32769 CONFIRM MISC |
wwbn — avideo | A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the “toast” parameter which is inserted into the document with insufficient sanitization. | 2022-08-22 | not yet calculated | CVE-2022-32770 CONFIRM MISC |
wwbn — avideo | An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-32761 CONFIRM MISC |
wwbn — avideo | An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-32572 CONFIRM MISC |
wwbn — avideo | An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users’ password hash will be able to use it to directly login into the account, leading to increased privileges. | 2022-08-22 | not yet calculated | CVE-2022-32282 MISC CONFIRM |
wwbn — avideo | A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-30690 CONFIRM MISC |
wwbn — avideo | A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-30605 CONFIRM MISC |
wwbn — avideo | A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-30547 CONFIRM MISC |
wwbn — avideo | A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-28712 MISC CONFIRM |
wwbn — avideo | An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-28710 MISC CONFIRM |
wwbn — avideo | An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability. | 2022-08-22 | not yet calculated | CVE-2022-30534 CONFIRM MISC |
xpdfreader — xpdf | Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). | 2022-08-22 | not yet calculated | CVE-2022-38171 MISC MISC CONFIRM MISC CONFIRM CONFIRM MISC |
xunruicms — xunruicms | XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). | 2022-08-19 | not yet calculated | CVE-2022-36224 MISC |
xuxueli — xxl-job | XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account. | 2022-08-19 | not yet calculated | CVE-2022-36157 MISC |
yetiforce — yetiforcecompany/yetiforcecrm | Cross-site Scripting (XSS) – Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | 2022-08-22 | not yet calculated | CVE-2022-2890 CONFIRM MISC |
yetiforce — yetiforcecompany/yetiforcecrm | Cross-site Scripting (XSS) – Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | 2022-08-22 | not yet calculated | CVE-2022-1340 MISC CONFIRM |
yetiforce — yetiforcecompany/yetiforcecrm | Cross-site Scripting (XSS) – Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | 2022-08-21 | not yet calculated | CVE-2022-2885 CONFIRM MISC |
yetiforce — yetiforcecompany/yetiforcecrm | Cross-site Scripting (XSS) – Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | 2022-08-23 | not yet calculated | CVE-2022-2829 MISC CONFIRM |
yimihome — yimioa | Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database. | 2022-08-19 | not yet calculated | CVE-2022-36606 MISC |
yimihome — yimioa | Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter. | 2022-08-19 | not yet calculated | CVE-2022-36605 MISC |
zaver — zaver |
Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. | 2022-08-27 | not yet calculated | CVE-2022-38794 MISC |
zengenti — contensis | The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands. | 2022-08-23 | not yet calculated | CVE-2022-34919 MISC MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.