US-CERT Bulletin (SB22-249):Vulnerability Summary for the Week of August 29, 2022
Bulletins provide weekly summaries of new vulnerabilities. Patch information is provided when available.
The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High: vulnerabilities with a CVSS base score of 7.0–10.0
- Medium: vulnerabilities with a CVSS base score of 4.0–6.9
- Low: vulnerabilities with a CVSS base score of 0.0–3.9
Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis.
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no high vulnerabilities recorded this week. |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no medium vulnerabilities recorded this week. |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
There were no low vulnerabilities recorded this week. |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
advancecomp — advancecomp | Advancecomp v2.3 was discovered to contain a segmentation fault. | 2022-08-29 | not yet calculated | CVE-2022-35019 MISC MISC |
advancecomp — advancecomp | Advancecomp v2.3 was discovered to contain a segmentation fault. | 2022-08-29 | not yet calculated | CVE-2022-35018 MISC MISC |
advancecomp — advancecomp | Advancecomp v2.3 was discovered to contain a heap buffer overflow. | 2022-08-29 | not yet calculated | CVE-2022-35016 MISC MISC |
advancecomp — advancecomp | Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h. | 2022-08-29 | not yet calculated | CVE-2022-35015 MISC MISC |
advancecomp — advancecomp | Advancecomp v2.3 was discovered to contain a heap buffer overflow. | 2022-08-29 | not yet calculated | CVE-2022-35017 MISC MISC |
advancecomp — advancecomp | Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. | 2022-08-29 | not yet calculated | CVE-2022-35020 MISC MISC |
advancecomp — advancecomp | Advancecomp v2.3 contains a segmentation fault. | 2022-08-29 | not yet calculated | CVE-2022-35014 MISC MISC |
aero — aerocms | AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. | 2022-08-31 | not yet calculated | CVE-2022-38812 MISC |
apache — airflow | In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. | 2022-09-02 | not yet calculated | CVE-2022-38054 CONFIRM MLIST |
apache — airflow | In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `–daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. | 2022-09-02 | not yet calculated | CVE-2022-38170 CONFIRM MLIST MLIST |
apache — geode |
Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. If upgrading to Java 11 is not possible, then upgrade to Apache Geode 1.15 and specify “–J=-Dgeode.enableGlobalSerialFilter=true” when starting any Locators or Servers. Follow the documentation for details on specifying any user classes that may be serialized/deserialized with the “serializable-object-filter” configuration option. Using a global serial filter will impact performance. | 2022-08-31 | not yet calculated | CVE-2022-37021 CONFIRM |
apache — geode |
Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details on enabling “validate-serializable-objects=true” and specifying any user classes that may be serialized/deserialized with “serializable-object-filter”. Enabling “validate-serializable-objects” may impact performance. | 2022-08-31 | not yet calculated | CVE-2022-37023 CONFIRM |
apache — geode |
Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java 11 will automatically protect JMX over RMI against deserialization attacks. This should have no impact on performance since it only affects JMX/RMI which Gfsh uses to communicate with the JMX Manager which is hosted on a Locator. | 2022-08-31 | not yet calculated | CVE-2022-37022 CONFIRM |
apache — ofbiz |
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS. | 2022-09-02 | not yet calculated | CVE-2022-25370 CONFIRM MLIST MLIST |
apache — ofbiz |
Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier. | 2022-09-02 | not yet calculated | CVE-2022-25371 CONFIRM MLIST MLIST |
apache — ofbiz |
In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the “Contact us” page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible. | 2022-09-02 | not yet calculated | CVE-2022-25813 CONFIRM MLIST |
apache — ofbiz |
Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599 | 2022-09-02 | not yet calculated | CVE-2022-29158 CONFIRM MLIST |
apache — shenyu | Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator’s passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. | 2022-09-01 | not yet calculated | CVE-2022-37435 CONFIRM |
apache — ofbiz |
The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646. | 2022-09-02 | not yet calculated | CVE-2022-29063 CONFIRM MLIST |
apostrophecms — sanitize-html | The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. | 2022-08-30 | not yet calculated | CVE-2022-25887 CONFIRM CONFIRM CONFIRM CONFIRM |
arcsight — micro_focus_arcsight_logger | Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions. | 2022-08-31 | not yet calculated | CVE-2022-26331 MISC MISC |
arcsight — micro_focus_arcsight_logger |
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions. | 2022-08-31 | not yet calculated | CVE-2022-26330 MISC MISC |
armdeveloper — midgard/bifrost/valhall_kernel_driver |
An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1. | 2022-09-01 | not yet calculated | CVE-2022-36449 MISC |
artifex — mupdf | A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream. | 2022-08-26 | not yet calculated | CVE-2021-4216 MISC MISC |
asp.net_core — miniblog.core | Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field. | 2022-09-02 | not yet calculated | CVE-2022-37679 MISC |
automationdirect — c-more_ea9_http_webserver |
AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73; | 2022-08-31 | not yet calculated | CVE-2022-2005 CONFIRM |
automationdirect — directlogic |
AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72; | 2022-08-31 | not yet calculated | CVE-2022-2003 CONFIRM CONFIRM |
automationdirect — directlogic |
AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72; | 2022-08-31 | not yet calculated | CVE-2022-2004 CONFIRM |
automationdirect — directlogic |
AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73; | 2022-08-31 | not yet calculated | CVE-2022-2006 CONFIRM |
automationdirect — stride_field_i/o |
Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets. | 2022-08-31 | not yet calculated | CVE-2022-2485 CONFIRM CONFIRM |
avaya — ip_office_admin_lite_and_usb_creator |
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. | 2022-09-02 | not yet calculated | CVE-2021-25657 CONFIRM |
binary — binary |
Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it’s possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice. | 2022-09-02 | not yet calculated | CVE-2022-36078 CONFIRM MISC MISC |
blogengine — blogengine | BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. | 2022-09-02 | not yet calculated | CVE-2022-36600 MISC |
blue_prism — blue_prism_enterprise | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file. | 2022-08-26 | not yet calculated | CVE-2022-36121 MISC MISC MISC |
blue_prism — blue_prism_enterprise | An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative function. Using a low/no privilege Blue Prism user account, the attacker can alter the server’s settings by abusing the getChartData method, allowing the Blue Prism server to execute any MSSQL stored procedure by name. | 2022-08-26 | not yet calculated | CVE-2022-36120 MISC MISC MISC |
bluez — bluez | BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. | 2022-09-02 | not yet calculated | CVE-2022-39177 MISC MISC |
bluez — bluez | BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. | 2022-09-02 | not yet calculated | CVE-2022-39176 MISC MISC |
broadcom — symantec_privileged_access_management | A malicious unauthorized PAM user can access the administration configuration data and change the values. | 2022-08-26 | not yet calculated | CVE-2022-25625 MISC |
canaan — avalon_asic_miner |
An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request. | 2022-09-01 | not yet calculated | CVE-2022-36604 MISC |
carel — pcoweb_hvac_bacnet_gateway |
Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 – B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the ‘file’ GET parameter through the ‘logdownload.cgi’ Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. | 2022-08-31 | not yet calculated | CVE-2022-37122 MISC MISC MISC |
centreon — centreon | Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. | 2022-08-29 | not yet calculated | CVE-2022-36194 MISC MISC |
clinic’s_patient_management_system — clinic’s_patient_management_system | Clinic’s Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php. | 2022-09-02 | not yet calculated | CVE-2022-36609 MISC |
clusterlabs — hawk | An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive “shell” that isn’t limited to the commands specified in hawk_invoke, allowing escalation to root. | 2022-08-26 | not yet calculated | CVE-2021-3020 MISC MISC MISC |
cobub — razor | Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel(). | 2022-08-30 | not yet calculated | CVE-2022-36747 MISC |
contiki-ng — contiki-ng |
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer’s boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker. | 2022-09-01 | not yet calculated | CVE-2022-36054 MISC CONFIRM |
contiki-ng — contiki-ng |
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet’s end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8. | 2022-09-01 | not yet calculated | CVE-2022-36053 MISC CONFIRM |
contiki-ng — contiki-ng |
Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. The problem has been patched in Contiki-NG version 4.8. | 2022-09-01 | not yet calculated | CVE-2022-36052 MISC CONFIRM |
cskefu — cskefu | Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts. | 2022-08-26 | not yet calculated | CVE-2022-36521 MISC |
d-link — dir-816_a2 | D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection. | 2022-08-31 | not yet calculated | CVE-2022-37129 MISC MISC |
d-link — dir-816_a2 | In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. | 2022-08-31 | not yet calculated | CVE-2022-37128 MISC MISC |
d-link — dir-816_a2 | In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. | 2022-08-31 | not yet calculated | CVE-2022-36619 MISC MISC |
d-link — dir-816_a2 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. | 2022-08-31 | not yet calculated | CVE-2022-37125 MISC MISC |
d-link — dir-816_a2 | In D-Link DIR-816 A2_v1.10CNB04.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability | 2022-08-31 | not yet calculated | CVE-2022-37130 MISC MISC |
d-link — dir-816_a2 | D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. | 2022-08-31 | not yet calculated | CVE-2022-37123 MISC MISC |
d-link — dir-816_a2 |
D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/addRouting. | 2022-08-31 | not yet calculated | CVE-2022-36620 MISC MISC |
d-link — dir845l | D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | 2022-08-28 | not yet calculated | CVE-2022-38557 MISC MISC |
d-link — dir845l_a1 | DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | 2022-08-28 | not yet calculated | CVE-2022-36756 MISC MISC |
d-link — dir845l_a1 | D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | 2022-08-28 | not yet calculated | CVE-2022-36755 MISC MISC |
d-link — go-rt-ac750 | D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, | 2022-08-28 | not yet calculated | CVE-2022-37056 MISC MISC |
d-link — go-rt-ac750 | D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, | 2022-08-28 | not yet calculated | CVE-2022-37055 MISC MISC |
d-link — go-rt-ac750 | D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. | 2022-08-28 | not yet calculated | CVE-2022-37057 MISC MISC |
databasir — databasir |
Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7. | 2022-09-02 | not yet calculated | CVE-2022-31196 MISC CONFIRM MISC |
debian — schroot | Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. | 2022-08-27 | not yet calculated | CVE-2022-2787 MISC MISC MISC |
dedecms — dedecms | DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. | 2022-09-01 | not yet calculated | CVE-2022-36583 MISC |
dell — cloudlink | Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system. | 2022-09-01 | not yet calculated | CVE-2022-34379 CONFIRM |
dell — cloudlink | Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. | 2022-09-01 | not yet calculated | CVE-2022-34380 CONFIRM |
dell — command_integration_suite | Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system. | 2022-08-31 | not yet calculated | CVE-2022-34373 CONFIRM |
dell — container_storage_modules | Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system. | 2022-08-30 | not yet calculated | CVE-2022-34374 MISC |
dell — container_storage_modules |
Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory. | 2022-08-30 | not yet calculated | CVE-2022-34375 MISC |
dell — edge_gateway |
Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM. | 2022-08-31 | not yet calculated | CVE-2022-34383 CONFIRM |
dell — emc_data_protection_advisor |
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | 2022-08-30 | not yet calculated | CVE-2022-33935 MISC |
dell — emc_networker |
Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources. | 2022-08-30 | not yet calculated | CVE-2022-34368 MISC |
dell — multiple_products | Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. | 2022-09-02 | not yet calculated | CVE-2022-34382 MISC |
dell — powermax |
Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. | 2022-08-31 | not yet calculated | CVE-2022-31233 CONFIRM |
dell — powerprotect | Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality | 2022-09-01 | not yet calculated | CVE-2022-34372 CONFIRM |
dell — powerscale | Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. | 2022-09-02 | not yet calculated | CVE-2022-34371 MISC |
dell — powerscale |
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. | 2022-09-02 | not yet calculated | CVE-2022-34369 MISC |
dell — powerscale |
Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. | 2022-09-02 | not yet calculated | CVE-2022-34378 MISC |
dell — smartfabric_storage |
SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. | 2022-08-30 | not yet calculated | CVE-2022-31232 MISC |
delta_electronics — cncsoft | CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. | 2022-08-31 | not yet calculated | CVE-2022-1405 MISC |
delta_electronics — cncsoft |
Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. | 2022-08-31 | not yet calculated | CVE-2022-1404 MISC |
delta_electronics — robot_automation_studio | Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host. | 2022-08-31 | not yet calculated | CVE-2022-2759 MISC |
deluge-torrent — deluge_web-ui | The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it’s interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user’s browser session. | 2022-08-26 | not yet calculated | CVE-2021-3427 MISC MISC |
discourse — discourse | Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate. | 2022-09-02 | not yet calculated | CVE-2022-37458 MISC MISC MISC |
dlink — wireless_ac1200_dual_band_vdsl_adsl_modem_router_dsl-3782 | D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp. | 2022-08-26 | not yet calculated | CVE-2022-35192 MISC MISC MISC MISC |
doctor’s_appointment_system — doctor’s_appointment_system | Doctor’s Appointment System 1.0 is vulnerable to SQL Injection via booking.php has ?id=. | 2022-08-31 | not yet calculated | CVE-2022-36201 MISC MISC MISC |
doctor’s_appointment_system — doctor’s_appointment_system | Doctor’s Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS. | 2022-08-31 | not yet calculated | CVE-2022-36203 MISC MISC MISC |
doctor’s_appointment_system — doctor’s_appointment_system | Doctor’s Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter. | 2022-08-31 | not yet calculated | CVE-2022-36202 MISC MISC MISC |
dpdk — dpdk | A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. | 2022-08-29 | not yet calculated | CVE-2022-0669 MISC MISC MISC MISC MISC |
dpdk — dpdk |
A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. | 2022-08-31 | not yet calculated | CVE-2022-2132 MISC MISC MLIST |
dpdk– dpdk |
NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. | 2022-09-01 | not yet calculated | CVE-2022-28199 MISC |
draytek — vigor3910 | An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field. | 2022-08-29 | not yet calculated | CVE-2022-32548 MISC MISC |
eclipse_foundation — jasminer-x4-server |
The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. This issue allows unauthenticated attackers to gain root privileges on the affected device and access sensitive data or execute arbitrary commands. | 2022-09-01 | not yet calculated | CVE-2022-36601 MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php. | 2022-08-26 | not yet calculated | CVE-2022-36544 MISC MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field. | 2022-08-26 | not yet calculated | CVE-2022-36548 MISC MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php. | 2022-08-26 | not yet calculated | CVE-2022-36543 MISC MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php. | 2022-08-26 | not yet calculated | CVE-2022-36545 MISC MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. | 2022-08-26 | not yet calculated | CVE-2022-36546 MISC MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system | Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. | 2022-08-26 | not yet calculated | CVE-2022-36547 MISC MISC |
edoc-doctor-appointment-system — edoc-doctor-appointment-system | An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data. | 2022-08-26 | not yet calculated | CVE-2022-36542 MISC MISC |
ericsson — network_manager | In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation. | 2022-08-26 | not yet calculated | CVE-2021-32570 MISC MISC |
eurosoft-uk — uefi_bootloader | A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 2022-08-26 | not yet calculated | CVE-2022-34303 MISC MISC |
exotel — exotel | The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party. | 2022-08-27 | not yet calculated | CVE-2022-38792 MISC MISC MISC MISC |
fast_food_ordering_system — fast_food_ordering_system | A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-207425 was assigned to this vulnerability. | 2022-08-27 | not yet calculated | CVE-2022-3015 N/A |
fast_food_ordering_system — fast_food_ordering_system | A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207422 is the identifier assigned to this vulnerability. | 2022-08-27 | not yet calculated | CVE-2022-3012 N/A N/A |
fatek — fvdesigner | FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution. | 2022-08-31 | not yet calculated | CVE-2022-2866 CONFIRM |
fiberhome — vdsl2_modem_hg150-ub_v3.0 | In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed. | 2022-08-29 | not yet calculated | CVE-2022-36200 MISC MISC |
flux — flux |
Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the improper handling of user-supplied input, which results in a path traversal that can be controlled by the attacker. Users sharing the same shell between other applications and the Flux CLI commands could be affected by this vulnerability. In some scenarios no errors may be presented, which may cause end users not to realize that something is amiss. A safe workaround is to execute Flux CLI in ephemeral and isolated shell environments, which can ensure no persistent values exist from previous processes. However, upgrading to the latest version of the CLI is still the recommended mitigation strategy. | 2022-08-31 | not yet calculated | CVE-2022-36035 CONFIRM MISC |
font-converter — font-converter | All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function. | 2022-08-29 | not yet calculated | CVE-2022-21165 CONFIRM CONFIRM |
foxit — multiple_products | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | 2022-08-29 | not yet calculated | CVE-2021-41783 MISC |
foxit — multiple_products | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification. | 2022-08-29 | not yet calculated | CVE-2021-40326 MISC |
foxit — multiple_products | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | 2022-08-29 | not yet calculated | CVE-2021-41784 MISC |
foxit — multiple_products | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | 2022-08-29 | not yet calculated | CVE-2021-41785 MISC |
foxit — multiple_products | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | 2022-08-29 | not yet calculated | CVE-2021-41782 MISC |
foxit — multiple_products | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | 2022-08-29 | not yet calculated | CVE-2021-41781 MISC |
foxit — multiple_products | Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. | 2022-08-29 | not yet calculated | CVE-2021-41780 MISC |
foxit — pdf_editor | Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack. | 2022-08-29 | not yet calculated | CVE-2022-25641 MISC |
freeciv — freeciv | Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility’s handling of the modpack URL. | 2022-08-31 | not yet calculated | CVE-2022-39047 MISC MISC MISC MLIST |
freedesktop — poppler | Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. | 2022-08-30 | not yet calculated | CVE-2022-38784 CONFIRM MISC MISC CONFIRM MISC MLIST |
froxlor — froxlor | Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38. | 2022-08-28 | not yet calculated | CVE-2022-3017 CONFIRM MISC |
fuji_electric — alpha_7_pc_loader |
Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code. | 2022-08-31 | not yet calculated | CVE-2022-1888 MISC |
garage management system — garage management system | The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. | 2022-08-31 | not yet calculated | CVE-2022-37184 MISC |
garage_management_system — garage_management_system | Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. | 2022-09-02 | not yet calculated | CVE-2022-36636 MISC MISC |
garage_management_system — garage_management_system | Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. | 2022-09-02 | not yet calculated | CVE-2022-36637 MISC MISC |
garage_management_system — garage_management_system | An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. | 2022-09-02 | not yet calculated | CVE-2022-36638 MISC MISC |
garage_management_system — garage_management_system | A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | 2022-09-02 | not yet calculated | CVE-2022-36639 MISC MISC |
garage_management_system — garage_management_system | An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-08-31 | not yet calculated | CVE-2022-36582 MISC |
gcc — gcc |
In gcc, a crafted input source file could cause g++ to crash during compilation when provided certain optimization flags. The problem resides in the ipcp_store_vr_results function in gcc/ipa-cp.c. | 2022-08-31 | not yet calculated | CVE-2020-35537 MISC |
gcc — gcc |
In gcc, an internal compiler error in match_reload function at lra-constraints.c may cause a crash through a crafted input file. | 2022-08-31 | not yet calculated | CVE-2020-35536 MISC |
gcc — libiberty |
Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. | 2022-09-01 | not yet calculated | CVE-2021-3826 MISC MISC |
get-process-by-name — get-process-by-name | All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function. | 2022-08-29 | not yet calculated | CVE-2022-25644 CONFIRM CONFIRM |
glyphandcog — xpdfreader | In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the ‘interleaved’ flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. | 2022-08-30 | not yet calculated | CVE-2022-24106 CONFIRM CONFIRM CONFIRM CONFIRM |
glyphandcog — xpdfreader | Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. | 2022-08-30 | not yet calculated | CVE-2022-24107 CONFIRM CONFIRM CONFIRM CONFIRM |
gnu — binutils | Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service. | 2022-09-01 | not yet calculated | CVE-2022-38126 MISC |
gnu — binutils | A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data. | 2022-09-01 | not yet calculated | CVE-2022-38127 MISC |
gnu — binutils | An infinite loop may be triggered in display_debug_abbrev() function in binutils/dwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker. | 2022-09-01 | not yet calculated | CVE-2022-38128 MISC |
gnu — binutils | In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. | 2022-08-26 | not yet calculated | CVE-2022-38533 MISC MISC |
gnu — glibc | An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. | 2022-08-31 | not yet calculated | CVE-2022-39046 MISC |
gnu — zgrep |
An arbitrary file write vulnerability was found in GNU gzip’s zgrep utility. When zgrep is applied on the attacker’s chosen file name (for example, a crafted file name), this can overwrite an attacker’s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. | 2022-08-31 | not yet calculated | CVE-2022-1271 MISC MISC MISC MISC MISC MISC MISC |
grafana — image_renderer |
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer). | 2022-09-02 | not yet calculated | CVE-2022-31176 CONFIRM MISC |
gvim — gvim | An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\Program.exe. | 2022-08-30 | not yet calculated | CVE-2022-37173 MISC |
hashicorp — boundary |
HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2. | 2022-09-01 | not yet calculated | CVE-2022-36130 MISC MISC |
hcltech — inotes | HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. | 2022-08-29 | not yet calculated | CVE-2022-27558 CONFIRM |
hcltech — inotes | HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc. | 2022-08-29 | not yet calculated | CVE-2022-27547 CONFIRM |
hcltech — inotes | HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s web browser within the security context of the hosting web site and/or steal the victim’s cookie-based authentication credentials. | 2022-08-29 | not yet calculated | CVE-2022-27546 CONFIRM |
hcltech — versionvault_express | An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service. | 2022-08-30 | not yet calculated | CVE-2022-27563 MISC |
hcltech — versionvault_express | HCL VersionVault Express exposes administrator credentials. | 2022-08-30 | not yet calculated | CVE-2022-27560 MISC |
helm — helm |
Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns strings in to Go structures. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with input to `–set`, `–set-string`, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been resolved in 3.9.4. SDK users can validate strings supplied by users won’t create large arrays causing significant memory usage before passing them to the _strvals_ functions. | 2022-09-01 | not yet calculated | CVE-2022-36055 MISC CONFIRM |
hgiga — oaklouds_portal | OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service. | 2022-08-30 | not yet calculated | CVE-2022-38118 MISC |
hitachi_kokusai_electric — isnex_hc-ip9100hd | An access control issue in Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. | 2022-08-29 | not yet calculated | CVE-2022-37680 MISC MISC |
hitachi_kokusai_electric — isnex_hc-ip9100hd | Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. | 2022-08-29 | not yet calculated | CVE-2022-37681 MISC MISC |
honeywell — experion_lx |
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). The potential impact is: Firmware manipulation, Denial of service. The Honeywell Experion LX Distributed Control System (DCS) utilizes the Control Data Access (CDA) EpicMo protocol (55565/TCP) for device diagnostics and maintenance purposes. This protocol does not have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocol in question. An attacker capable of invoking the protocols’ functionalities could issue firmware download commands potentially allowing for firmware manipulation and reboot devices causing denial of service. | 2022-08-31 | not yet calculated | CVE-2022-30317 MISC MISC |
honeywell — controledge |
Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service. | 2022-08-31 | not yet calculated | CVE-2022-30318 MISC MISC |
horizondatasys — uefi_bootloader | A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 2022-08-26 | not yet calculated | CVE-2022-34302 MISC MISC |
hpe — oneview |
A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView. | 2022-08-31 | not yet calculated | CVE-2022-28625 MISC |
htmly — htmly | htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php. | 2022-08-26 | not yet calculated | CVE-2021-40285 MISC |
hytec_inter — hwl-2511-ss | Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. | 2022-08-29 | not yet calculated | CVE-2022-36555 MISC MISC MISC |
hytec_inter — hwl-2511-ss | A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges. | 2022-08-29 | not yet calculated | CVE-2022-36554 MISC MISC MISC |
hytec_inter — hwl-2511-ss | Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi. | 2022-08-29 | not yet calculated | CVE-2022-36553 MISC MISC MISC |
ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465. | 2022-09-01 | not yet calculated | CVE-2021-29823 CONFIRM XF |
ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609. | 2022-09-01 | not yet calculated | CVE-2020-4301 CONFIRM XF |
ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591. | 2022-09-01 | not yet calculated | CVE-2022-30614 CONFIRM XF |
ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571. | 2022-09-01 | not yet calculated | CVE-2022-36773 CONFIRM XF |
ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345. | 2022-09-01 | not yet calculated | CVE-2021-39045 CONFIRM XF |
ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554. | 2022-09-01 | not yet calculated | CVE-2021-39009 CONFIRM XF |
ibm — cognos_analytics |
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825. | 2022-09-01 | not yet calculated | CVE-2021-20468 CONFIRM XF |
ibm — datapower_gateway | IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357. | 2022-08-26 | not yet calculated | CVE-2022-31773 XF CONFIRM |
ibm — engineering_test_management | IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671. | 2022-08-29 | not yet calculated | CVE-2021-38934 CONFIRM XF |
ibm — maximo_asset_management | IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116. | 2022-08-26 | not yet calculated | CVE-2022-35714 CONFIRM XF |
ibm — security_identity_manager | IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089 | 2022-08-30 | not yet calculated | CVE-2021-29864 CONFIRM XF |
imagemagick — imagemagick | A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. | 2022-08-26 | not yet calculated | CVE-2021-3574 MISC MISC MISC |
imagemagick — imagemagick | A heap-based-buffer-over-read flaw was found in ImageMagick’s GetPixelAlpha() function of ‘pixel-accessor.h’. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. | 2022-08-29 | not yet calculated | CVE-2022-0284 MISC MISC MISC MISC |
imagemagick — imagemagick |
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. | 2022-08-29 | not yet calculated | CVE-2022-1115 MISC MISC MISC MISC MISC |
ingredients_stock_management_systemt — ingredients_stock_management_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=. | 2022-08-29 | not yet calculated | CVE-2022-36686 MISC |
ingredients_stock_management_system — ingredients_stock_management_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_waste.php. | 2022-08-28 | not yet calculated | CVE-2022-36705 MISC |
ingredients_stock_management_system — ingredients_stock_management_system | Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. | 2022-08-29 | not yet calculated | CVE-2022-36687 MISC |
ingredients_stock_management_system — ingredients_stock_management_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=. | 2022-08-29 | not yet calculated | CVE-2022-36690 MISC |
ingredients_stock_management_system — ingredients_stock_management_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_stockout.php. | 2022-08-28 | not yet calculated | CVE-2022-36706 MISC |
ingredients_stock_management_system — ingredients_stock_management_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=. | 2022-08-29 | not yet calculated | CVE-2022-36689 MISC |
ingredients_stock_management_system — ingredients_stock_management_system | Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=. | 2022-08-29 | not yet calculated | CVE-2022-36688 MISC |
innosilicon — a10 |
InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function. | 2022-09-01 | not yet calculated | CVE-2022-36602 MISC |
innosilicon — t3t/t2t |
InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function. | 2022-09-01 | not yet calculated | CVE-2022-36603 MISC |
intelliants — subrion_cms | Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field | 2022-08-29 | not yet calculated | CVE-2022-37059 MISC |
jcopy_sample_rows() — jcopy_sample_rows() |
A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. | 2022-08-31 | not yet calculated | CVE-2020-35538 MISC MISC |
jgraph/drawi — jgraph/drawi |
Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. | 2022-09-02 | not yet calculated | CVE-2022-3065 CONFIRM MISC |
joomla — joomla! | An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing ‘_JEXEC or die check’ caused by the PSR12 changes. | 2022-08-31 | not yet calculated | CVE-2022-27911 MISC |
jsoup — jsoup | jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: – disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs – ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.) | 2022-08-29 | not yet calculated | CVE-2022-36033 CONFIRM MISC MISC |
kensite_cms — kensite_cms | Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. | 2022-08-26 | not yet calculated | CVE-2022-36529 MISC MISC |
kidan — cryptopro_securedisk_for_bitlocker | A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. | 2022-08-26 | not yet calculated | CVE-2022-34301 MISC MISC |
kirby — kirby |
kirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting (XSS) is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby’s API with the permissions of the victim. If bad actors gain access to your group of authenticated Panel users they can escalate their privileges via the Panel session of an admin user. Depending on your site, other JavaScript-powered attacks are possible. The multiselect field allows selection of tags from an autocompleted list. Unfortunately, the Panel in Kirby 3.5 used HTML rendering for the raw option value. This allowed **attackers with influence on the options source** to store HTML code. The browser of the victim who visited a page with manipulated multiselect options in the Panel will then have rendered this malicious HTML code when the victim opened the autocomplete dropdown. Users are *not* affected by this vulnerability if you don’t use the multiselect field or don’t use it with options that can be manipulated by attackers. The problem has been patched in Kirby 3.5.8.1. | 2022-08-29 | not yet calculated | CVE-2022-36037 MISC CONFIRM MISC |
kkfileview — kkfileview |
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. | 2022-09-02 | not yet calculated | CVE-2022-36593 MISC |
lexmark — multiple_products | Various Lexmark products through 2022-04-27 allow External Control of a System or Configuration Setting because of Improper Input Validation. | 2022-08-26 | not yet calculated | CVE-2022-29850 MISC MISC |
leyan — personnel_and_salary_management_system | Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service. | 2022-08-30 | not yet calculated | CVE-2022-38116 MISC |
libdwarf — libdwarf | libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. | 2022-09-02 | not yet calculated | CVE-2022-39170 MISC MISC |
libmodbus — libmodbus | A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. | 2022-08-29 | not yet calculated | CVE-2022-0367 MISC MISC MISC MLIST |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /student/bookdetails.php. | 2022-08-28 | not yet calculated | CVE-2022-36708 MISC |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php. | 2022-08-30 | not yet calculated | CVE-2022-36734 MISC |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php. | 2022-08-28 | not yet calculated | CVE-2022-36704 MISC |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/edit_book_details.php. | 2022-08-30 | not yet calculated | CVE-2022-36709 MISC |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php. | 2022-08-30 | not yet calculated | CVE-2022-36735 MISC |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bookdetails.php. | 2022-08-30 | not yet calculated | CVE-2022-36711 MISC |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/studentdetails.php. | 2022-08-30 | not yet calculated | CVE-2022-36712 MISC |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php. | 2022-08-30 | not yet calculated | CVE-2022-36713 MISC |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php. | 2022-08-30 | not yet calculated | CVE-2022-36730 MISC |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /staff/lab.php. | 2022-08-30 | not yet calculated | CVE-2022-36714 MISC |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php. | 2022-08-30 | not yet calculated | CVE-2022-36731 MISC |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php. | 2022-08-30 | not yet calculated | CVE-2022-36657 MISC |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php. | 2022-08-30 | not yet calculated | CVE-2022-36733 MISC |
library_management_system — library_management_system | Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php. | 2022-08-30 | not yet calculated | CVE-2022-36732 MISC |
libraw — libraw |
In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. | 2022-09-01 | not yet calculated | CVE-2020-35531 MISC MISC |
libraw — libraw |
In LibRaw, there is a memory corruption vulnerability within the “crxFreeSubbandData()” function (libraw\src\decoders\crx.cpp) when processing cr3 files. | 2022-09-01 | not yet calculated | CVE-2020-35534 MISC MISC |
libraw — libraw |
In LibRaw, an out-of-bounds read vulnerability exists within the “LibRaw::adobe_copy_pixel()” function (libraw\src\decoders\dng.cpp) when reading data from the image file. | 2022-09-01 | not yet calculated | CVE-2020-35533 MISC MISC |
libraw — libraw |
In LibRaw, an out-of-bounds read vulnerability exists within the “simple_decode_row()” function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. | 2022-09-01 | not yet calculated | CVE-2020-35532 MISC MISC |
libraw — libraw |
In LibRaw, there is an out-of-bounds read vulnerability within the “LibRaw::parseSonySRF()” function (libraw\src\metadata\sony.cpp) when processing srf files. | 2022-09-01 | not yet calculated | CVE-2020-35535 MISC MISC |
libraw — libraw |
In LibRaw, there is an out-of-bounds write vulnerability within the “new_node()” function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file. | 2022-09-01 | not yet calculated | CVE-2020-35530 MISC MISC |
librenms — librenms | LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php. | 2022-08-30 | not yet calculated | CVE-2022-36746 MISC |
librenms — librenms | LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php. | 2022-08-30 | not yet calculated | CVE-2022-36745 MISC |
libtiff — libtiff | There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 | 2022-08-31 | not yet calculated | CVE-2022-2519 MISC MISC |
libtiff — libtiff | LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. | 2022-08-29 | not yet calculated | CVE-2022-2953 MISC MISC CONFIRM |
libtiff — libtiff |
It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. | 2022-08-31 | not yet calculated | CVE-2022-2521 MISC MISC |
libtiff — libtiff |
A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. | 2022-08-31 | not yet calculated | CVE-2022-2520 MISC MISC |
libvnclient — libvnclient |
libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). | 2022-09-02 | not yet calculated | CVE-2020-29260 MISC |
linksys — e1200 | Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. | 2022-08-28 | not yet calculated | CVE-2022-38555 MISC MISC |
linux — kernel | An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. | 2022-09-01 | not yet calculated | CVE-2022-2663 MISC MISC |
linux — kernel |
A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system. | 2022-08-31 | not yet calculated | CVE-2022-2590 MISC MISC |
linux — kernel |
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 2022-09-01 | not yet calculated | CVE-2022-2639 MISC MISC |
linux — linux_kernel | An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. | 2022-09-02 | not yet calculated | CVE-2022-39190 MISC MISC MISC MISC |
linux — linux_kernel | A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | 2022-08-29 | not yet calculated | CVE-2022-1204 MISC MISC MISC MISC |
linux — linux_kernel | A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. | 2022-08-26 | not yet calculated | CVE-2021-3864 MISC MISC MISC MISC MISC MISC MISC |
linux — linux_kernel | A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 2022-08-29 | not yet calculated | CVE-2022-2961 MISC |
linux — linux_kernel | A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. | 2022-08-26 | not yet calculated | CVE-2021-3669 MISC MISC MISC MISC |
linux — linux_kernel | An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. | 2022-08-29 | not yet calculated | CVE-2022-0400 MISC MISC MISC |
linux — linux_kernel | A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) | 2022-08-29 | not yet calculated | CVE-2022-21385 MISC |
linux — linux_kernel | A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges. | 2022-08-29 | not yet calculated | CVE-2022-1043 MISC MISC MISC MISC |
linux — linux_kernel | An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. | 2022-09-02 | not yet calculated | CVE-2022-39188 MISC MISC MISC MISC MISC |
linux — linux_kernel | A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. | 2022-08-29 | not yet calculated | CVE-2022-1184 MISC MISC MISC |
linux — linux_kernel | A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. | 2022-08-26 | not yet calculated | CVE-2022-0168 MISC MISC MISC |
linux — linux_kernel | A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). | 2022-08-26 | not yet calculated | CVE-2022-0171 MISC MISC MISC |
linux — linux_kernel | A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks. | 2022-08-29 | not yet calculated | CVE-2022-0480 MISC MISC MISC MISC MISC MISC |
linux — linux_kernel | An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. | 2022-09-02 | not yet calculated | CVE-2022-39189 MISC MISC MISC MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. | 2022-08-31 | not yet calculated | CVE-2022-2153 MISC MISC MISC MISC MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c. | 2022-09-01 | not yet calculated | CVE-2022-3078 MISC |
linux — linux_kernel |
A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). | 2022-09-01 | not yet calculated | CVE-2020-27784 MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation. | 2022-08-31 | not yet calculated | CVE-2022-1976 MISC |
linux — linux_kernel |
Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn’t check the value of ‘pixclock’, so it may cause a divide by zero error. | 2022-09-01 | not yet calculated | CVE-2022-3061 MISC |
linux — linux_kernel |
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | 2022-08-29 | not yet calculated | CVE-2022-0850 MISC MISC MISC MISC |
linux — linux_kernel |
There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. | 2022-08-31 | not yet calculated | CVE-2022-1975 MISC |
linux — linux_kernel |
A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. | 2022-08-29 | not yet calculated | CVE-2022-1198 MISC MISC MISC MISC |
linux — linux_kernel |
A race condition was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. | 2022-08-31 | not yet calculated | CVE-2022-3028 MISC MISC FEDORA FEDORA FEDORA |
linux — linux_kernel |
A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. | 2022-09-01 | not yet calculated | CVE-2022-1729 MISC MISC |
linux — linux_kernel |
An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero. | 2022-08-31 | not yet calculated | CVE-2022-1247 MISC MISC |
linux — linux_kernel |
A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. | 2022-08-31 | not yet calculated | CVE-2022-1205 MISC MISC MISC MISC MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. | 2022-08-29 | not yet calculated | CVE-2022-1199 MISC MISC MISC MISC MISC MISC |
linux — linux_kernel |
A use-after-free flaw was found in the Linux kernel’s NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. | 2022-08-31 | not yet calculated | CVE-2022-1974 MISC |
linux — linux_kernel |
An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds. | 2022-08-31 | not yet calculated | CVE-2022-1508 MISC MISC MISC MISC |
linux — linux_kernel |
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. | 2022-08-29 | not yet calculated | CVE-2022-0812 MISC MISC MISC MISC MISC |
linux — linux_kernel |
A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle ‘return’ with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. | 2022-08-29 | not yet calculated | CVE-2022-1016 MISC MISC MISC MISC |
ls_industrial_systems — electric_plcs_and_xg5000_plc |
All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming software are affected where passwords are not adequately encrypted during the communication process between the XG5000 software and the affected PLC. This would allow an attacker to identify and decrypt the affected PLC’s password by sniffing the traffic. | 2022-08-31 | not yet calculated | CVE-2022-2758 MISC |
mariadb — mariadb | In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | 2022-08-27 | not yet calculated | CVE-2022-38791 MISC |
matrix — synapse |
Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround. | 2022-09-02 | not yet calculated | CVE-2022-31152 MISC MISC MISC CONFIRM |
mdx-mermaid — mdx-mermaid | mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds. | 2022-08-29 | not yet calculated | CVE-2022-36036 CONFIRM MISC |
measuresoft — scadapro_server | Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. | 2022-08-31 | not yet calculated | CVE-2022-2892 MISC |
measuresoft — scadapro_server | Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file. | 2022-08-31 | not yet calculated | CVE-2022-2894 MISC |
measuresoft — scadapro_server | Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file. | 2022-08-31 | not yet calculated | CVE-2022-2895 MISC |
measuresoft — scadapro_server | Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file. | 2022-08-31 | not yet calculated | CVE-2022-2896 MISC |
measuresoft — scadapro_server | Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. | 2022-08-31 | not yet calculated | CVE-2022-2897 MISC |
measuresoft — scadapro_server | Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition. | 2022-08-31 | not yet calculated | CVE-2022-2898 MISC |
mediawiki — mediawiki | An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed. | 2022-09-02 | not yet calculated | CVE-2022-39194 MISC |
mikrotik — routeros | Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. | 2022-08-26 | not yet calculated | CVE-2022-36522 MISC MISC |
mit — krb5 | telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a “telnet/tcp server failing (looping), service terminated” error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | 2022-08-30 | not yet calculated | CVE-2022-39028 MISC MISC MISC |
mm-wiki — mm-wiki | mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor. | 2022-08-26 | not yet calculated | CVE-2021-39393 MISC |
mm-wiki — mm-wiki | mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information. | 2022-08-26 | not yet calculated | CVE-2021-39394 MISC |
modsecurity — owasp-modsecurity-crs |
Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. | 2022-09-02 | not yet calculated | CVE-2020-22669 CONFIRM MISC |
mongoose — mongoose | Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable to prototype pollution. | 2022-08-26 | not yet calculated | CVE-2022-24304 MISC CONFIRM CONFIRM |
morgan-json — morgan-json | All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. | 2022-08-29 | not yet calculated | CVE-2022-25921 CONFIRM CONFIRM |
moxa — nport_5110 |
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device. | 2022-08-31 | not yet calculated | CVE-2022-2044 MISC |
moxa — nport_5110 |
MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive. | 2022-08-31 | not yet calculated | CVE-2022-2043 MISC |
msys2 — msys2 | Incorrect access control in the install directory (C:\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | 2022-08-30 | not yet calculated | CVE-2022-37172 MISC |
mybatis — mapper | Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function. | 2022-09-02 | not yet calculated | CVE-2022-36594 MISC |
next.js — next.js |
Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn’t being shared across requests. | 2022-08-31 | not yet calculated | CVE-2022-36046 CONFIRM MISC |
nitrado.js — nitrado.js | nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds. | 2022-08-29 | not yet calculated | CVE-2022-36034 MISC CONFIRM |
node.js — node.js |
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2. | 2022-09-02 | not yet calculated | CVE-2022-36076 MISC CONFIRM MISC |
node.js — node.js |
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. `utils.generateUUID`, a helper function available in essentially all versions of NodeBB (as far back as v1.0.1 and potentially earlier) used a cryptographically insecure Pseudo-random number generator (`Math.random()`), which meant that a specially crafted script combined with multiple invocations of the password reset functionality could enable an attacker to correctly calculate the reset code for an account they do not have access to. This vulnerability impacts all installations of NodeBB. The vulnerability allows for an attacker to take over any account without the involvement of the victim, and as such, the remediation should be applied immediately (either via NodeBB upgrade or cherry-pick of the specific changeset. The vulnerability has been patched in version 2.x and 1.19.x. There is no known workaround, but the patch sets listed above will fully patch the vulnerability. | 2022-08-31 | not yet calculated | CVE-2022-36045 MISC CONFIRM MISC |
novel-plus — novel-plus | Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session. | 2022-09-01 | not yet calculated | CVE-2022-36672 MISC |
novel-plus — novel-plus | Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API. | 2022-09-01 | not yet calculated | CVE-2022-36671 MISC |
nvidia — nvflare | NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. | 2022-08-29 | not yet calculated | CVE-2022-34668 CONFIRM |
oauth2-server — oauth2-server |
In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern (“[a-zA-Z][a-zA-Z0-9+.-]+:”) before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741. | 2022-08-29 | not yet calculated | CVE-2020-26938 MISC MISC MISC MISC MISC |
oliver_v5_library_server — oliver_v5_library_server |
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input. | 2022-09-01 | not yet calculated | CVE-2021-45027 MISC MISC |
online_food_ordering system — online_food ordering_system |
Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. | 2022-09-02 | not yet calculated | CVE-2022-36759 MISC |
online_ordering_system — online_ordering_system | Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php. | 2022-08-31 | not yet calculated | CVE-2022-36581 MISC |
online_ordering_system — online_ordering_system | An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. | 2022-08-31 | not yet calculated | CVE-2022-36580 MISC |
openscad — openscad | A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations. | 2022-08-29 | not yet calculated | CVE-2022-0497 MISC MISC MISC |
openscad — openscad | A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import(). | 2022-08-29 | not yet calculated | CVE-2022-0496 MISC MISC MISC MISC |
ovirt — vdsm | A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. | 2022-08-26 | not yet calculated | CVE-2022-0207 MISC MISC MISC MISC MISC |
ovirt-log-collector/sosreport — ovirt-log-collector/sosreport |
It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev | 2022-09-01 | not yet calculated | CVE-2022-2806 MISC |
pagekit — pagekit | A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit. | 2022-08-29 | not yet calculated | CVE-2022-36573 MISC |
perl — strawberry_perl |
Incorrect access control in the install directory (C:\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | 2022-08-30 | not yet calculated | CVE-2022-36564 MISC |
picuploader — picuploader | PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php. | 2022-08-30 | not yet calculated | CVE-2022-36748 MISC |
pinniped_supervisor — pinniped_supervisor |
An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow. | 2022-08-29 | not yet calculated | CVE-2022-31677 MISC |
piwigo — piwigo | Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. | 2022-08-31 | not yet calculated | CVE-2022-37183 MISC |
pkuvcl_davs2 — pkuvcl_davs2 | PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269. | 2022-09-02 | not yet calculated | CVE-2022-36647 MISC |
prestashop — prestashop |
This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator’s cookie. The issue is fixed in version 5.0.2. | 2022-09-02 | not yet calculated | CVE-2022-35933 CONFIRM MISC |
prestashop– prestashop | A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. | 2022-08-29 | not yet calculated | CVE-2022-22897 MISC |
prosody — prosody | It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611). | 2022-08-26 | not yet calculated | CVE-2022-0217 MISC MISC MISC |
publiccms — publiccms |
Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. | 2022-09-02 | not yet calculated | CVE-2021-27693 MISC MISC |
python — python-scciclient |
A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server’s certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks. | 2022-09-01 | not yet calculated | CVE-2022-2996 MISC |
qemu — qemu | A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system. | 2022-08-29 | not yet calculated | CVE-2022-0358 MISC MISC MISC |
qemu — qemu | A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. | 2022-08-26 | not yet calculated | CVE-2022-0216 MISC MISC MISC MISC MISC |
qemu — qemu | A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. | 2022-08-26 | not yet calculated | CVE-2021-3735 MISC MISC MISC |
qualcomm — snapdragon | Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2022-22061 CONFIRM |
qualcomm — snapdragon | Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-25680 CONFIRM |
qualcomm — snapdragon |
Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22106 CONFIRM |
qualcomm — snapdragon |
Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2022-22067 CONFIRM |
qualcomm — snapdragon |
Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22104 CONFIRM |
qualcomm — snapdragon |
Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22102 CONFIRM |
qualcomm — snapdragon |
Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22101 CONFIRM |
qualcomm — snapdragon |
Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22100 CONFIRM |
qualcomm — snapdragon |
Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2022-22069 CONFIRM |
qualcomm — snapdragon |
Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22099 CONFIRM |
qualcomm — snapdragon |
Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto | 2022-09-02 | not yet calculated | CVE-2022-22098 CONFIRM |
qualcomm — snapdragon |
An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-09-02 | not yet calculated | CVE-2022-22062 CONFIRM |
qualcomm — snapdragon |
Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT | 2022-09-02 | not yet calculated | CVE-2022-22097 CONFIRM |
qualcomm — snapdragon |
Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2022-22096 CONFIRM |
qualcomm — snapdragon |
Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 2022-09-02 | not yet calculated | CVE-2022-22080 CONFIRM |
qualcomm — snapdragon |
Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2022-22059 CONFIRM |
qualcomm — snapdragon |
Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2022-22070 CONFIRM |
qualcomm — snapdragon |
A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2021-35135 CONFIRM |
qualcomm — snapdragon |
Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2021-35109 CONFIRM |
qualcomm — snapdragon |
Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2021-35134 CONFIRM |
qualcomm — snapdragon |
Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2021-35133 CONFIRM |
qualcomm — snapdragon |
Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2021-35132 CONFIRM |
qualcomm — snapdragon |
Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2021-35122 CONFIRM |
qualcomm — snapdragon |
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2021-35113 CONFIRM |
qualcomm — snapdragon |
Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2022-25657 CONFIRM |
qualcomm — snapdragon |
Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2022-25658 CONFIRM |
qualcomm — snapdragon |
Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2022-25659 CONFIRM |
qualcomm — snapdragon |
Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2022-25668 CONFIRM |
qualcomm — snapdragon |
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-09-02 | not yet calculated | CVE-2021-35097 CONFIRM |
qualcomm — snapdragon |
Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile | 2022-09-02 | not yet calculated | CVE-2021-35108 CONFIRM |
realtek — bluetooth_mesh_software_development_kit | Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. | 2022-08-30 | not yet calculated | CVE-2022-26527 MISC |
realtek — bluetooth_mesh_software_development_kit | Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service. | 2022-08-30 | not yet calculated | CVE-2022-25635 MISC |
realtek — bluetooth_mesh_software_development_kit | Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. | 2022-08-30 | not yet calculated | CVE-2022-26529 MISC |
realtek — bluetooth_mesh_software_development_kit | Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. | 2022-08-30 | not yet calculated | CVE-2022-26528 MISC |
redhat — openshift_container_platform | A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate. | 2022-09-01 | not yet calculated | CVE-2022-2403 MISC MISC |
redhat — podman | The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables. | 2022-09-01 | not yet calculated | CVE-2022-2739 MISC MISC |
redhat — podman | The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification. | 2022-09-01 | not yet calculated | CVE-2022-2738 MISC MISC |
redhat — clmg |
A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer. | 2022-08-31 | not yet calculated | CVE-2022-1325 MISC MISC MISC MISC MISC MISC |
redhat — convert2rhel |
There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel. | 2022-08-29 | not yet calculated | CVE-2022-0852 MISC MISC MISC MISC MISC |
redhat — convert2rhel |
There is a flaw in convert2rhel. When the –activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager. | 2022-08-29 | not yet calculated | CVE-2022-0851 MISC MISC |
redhat — dnsmasq | A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. | 2022-08-29 | not yet calculated | CVE-2022-0934 MISC MISC MISC MISC |
redhat — fapolicyd | A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution. | 2022-08-29 | not yet calculated | CVE-2022-1117 MISC MISC MISC MISC |
redhat — jboss_core_services_http_server | A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | 2022-08-26 | not yet calculated | CVE-2021-3688 MISC MISC |
redhat — keycloak | A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. | 2022-08-26 | not yet calculated | CVE-2022-0225 MISC MISC |
redhat — keycloak | A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. | 2022-09-01 | not yet calculated | CVE-2022-2256 MISC MISC |
redhat — keycloak | A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow. | 2022-08-26 | not yet calculated | CVE-2021-3632 MISC MISC MISC MISC MISC |
redhat — keycloak | A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. | 2022-08-26 | not yet calculated | CVE-2021-3754 MISC MISC |
redhat — keycloak | ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available. | 2022-08-26 | not yet calculated | CVE-2021-3856 MISC MISC MISC MISC MISC |
redhat — kubernetes |
A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting. | 2022-09-01 | not yet calculated | CVE-2022-2238 MISC MISC |
redhat — kubernetes |
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges. | 2022-09-01 | not yet calculated | CVE-2022-1902 MISC MISC MISC |
redhat — kvm |
A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. | 2022-08-31 | not yet calculated | CVE-2022-1263 MISC MISC MISC MISC |
redhat — libnbd | A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image. | 2022-08-29 | not yet calculated | CVE-2022-0485 MISC MISC MISC MISC MISC |
redhat — libtiff |
A heap buffer overflow flaw was found in Libtiffs’ tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. | 2022-08-31 | not yet calculated | CVE-2022-1354 MISC MISC MISC MISC |
redhat — libtiff |
A stack buffer overflow flaw was found in Libtiffs’ tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. | 2022-08-31 | not yet calculated | CVE-2022-1355 MISC MISC MISC MISC |
redhat — openshift |
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router’s HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control. | 2022-09-01 | not yet calculated | CVE-2022-1677 MISC MISC |
redhat — openshift |
OpenShift doesn’t properly verify subdomain ownership, which allows route takeover. Once a custom route is created, the user must update the DNS provider by creating a canonical name (CNAME) record (if he likes to expose this route externally). The CNAME record should point the custom domain to the OpenShift router as the alias. In a case that the CNAME is not removed when the route is not in use anymore we are dealing with a dangling route. A malicious actor may take over the route. | 2022-08-31 | not yet calculated | CVE-2022-2220 MISC |
redhat — openshift |
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality. | 2022-09-01 | not yet calculated | CVE-2022-1632 MISC MISC |
redhat — openstack |
A flaw was found in OpenStack. The application credential tokens can be used even after they have expired. This flaw allows an authenticated remote attacker to obtain access despite the defender’s efforts to remove access. | 2022-09-01 | not yet calculated | CVE-2022-2447 MISC MISC |
redhat — openstack-barbican |
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service. | 2022-09-01 | not yet calculated | CVE-2022-23452 MISC MISC MISC MISC MISC |
redhat — openstack-tripleo_heat_templates | A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. | 2022-08-26 | not yet calculated | CVE-2021-3585 MISC MISC MISC MISC MISC |
redhat — openstack_keystone | A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. | 2022-08-26 | not yet calculated | CVE-2021-3563 MISC MISC MISC MISC |
redhat — postgresql |
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user’s objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. | 2022-08-31 | not yet calculated | CVE-2022-1552 MISC MISC MISC MISC |
redhat — python-oslo-utils | A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( ” ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. | 2022-08-29 | not yet calculated | CVE-2022-0718 MISC MISC MISC MISC MISC |
redhat — quarkus |
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. | 2022-08-31 | not yet calculated | CVE-2022-2466 MISC |
redhat — satellite | A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality. | 2022-08-26 | not yet calculated | CVE-2021-3414 MISC MISC |
redhat — serverless | It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0. | 2022-08-26 | not yet calculated | CVE-2021-3703 MISC MISC |
redhat — undertow | A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. | 2022-08-26 | not yet calculated | CVE-2021-3859 MISC MISC MISC MISC MISC |
redhat — undertow |
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. | 2022-08-31 | not yet calculated | CVE-2022-1259 MISC MISC |
redhat — undertow |
A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. | 2022-08-31 | not yet calculated | CVE-2022-1319 MISC MISC MISC MISC MISC |
redhat — vdpa |
A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers. | 2022-09-01 | not yet calculated | CVE-2022-2308 MISC |
redhat — wildfly-core | A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity. | 2022-08-26 | not yet calculated | CVE-2021-3644 MISC MISC MISC MISC MISC MISC |
redhat — xino | A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. | 2022-08-26 | not yet calculated | CVE-2022-0084 MISC MISC MISC MISC |
redhat — xorg-x11-server |
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. | 2022-09-01 | not yet calculated | CVE-2022-2320 MISC MISC MISC |
redhat — xorg-x11-server |
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. | 2022-09-01 | not yet calculated | CVE-2022-2319 MISC MISC |
redhat–undertow |
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. | 2022-09-01 | not yet calculated | CVE-2022-2764 MISC |
rengine — rengine |
Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function. | 2022-08-31 | not yet calculated | CVE-2022-36566 MISC |
rosariosis — rosariosis | Cross-site Scripting (XSS) – Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. | 2022-09-01 | not yet calculated | CVE-2022-3072 CONFIRM MISC |
rpi-jukebox-rfid — rpi-jukebox-rfid |
RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file. | 2022-08-30 | not yet calculated | CVE-2022-36749 MISC |
rpm — rpm | It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2022-08-26 | not yet calculated | CVE-2021-35939 MISC MISC MISC MISC MISC |
rubrik — cdm | A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent. | 2022-08-26 | not yet calculated | CVE-2022-30984 MISC MISC |
rubyinstaller — rubyinstaller2 |
Incorrect access control in the install directory (C:\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | 2022-08-30 | not yet calculated | CVE-2022-36562 MISC |
rubyinstaller — rubyinstaller2 |
Incorrect access control in the install directory (C:\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | 2022-08-30 | not yet calculated | CVE-2022-36563 MISC |
samba — samba | The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. | 2022-08-29 | not yet calculated | CVE-2022-0336 MISC MISC MISC MISC MISC MISC |
samba — samba |
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. | 2022-09-01 | not yet calculated | CVE-2022-1615 MISC MISC |
samba — samba |
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | 2022-09-01 | not yet calculated | CVE-2022-32743 MISC MISC |
samsung — mtower |
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject. | 2022-09-01 | not yet calculated | CVE-2022-36621 MISC MISC MISC |
samsung — mtower |
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1. | 2022-09-01 | not yet calculated | CVE-2022-36622 MISC MISC MISC MISC |
sangoma — asterix |
res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation. | 2022-08-30 | not yet calculated | CVE-2021-46837 MISC |
seiko_solutions — skybridge_mb-a100 | Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01. | 2022-08-29 | not yet calculated | CVE-2022-36556 MISC MISC |
seiko_solutions — skybridge_mb-a100 | Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file. | 2022-08-29 | not yet calculated | CVE-2022-36557 MISC MISC |
seiko_solutions — skybridge_mb-a200 | Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi. | 2022-08-29 | not yet calculated | CVE-2022-36559 MISC MISC |
seiko_solutions — skybridge_mb-a200 | Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh. | 2022-08-29 | not yet calculated | CVE-2022-36560 MISC MISC |
seiko_solutions– skybridge_mb-a100 | Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg. | 2022-08-29 | not yet calculated | CVE-2022-36558 MISC MISC |
sensormatic_electronics — istar_ultra |
All versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable to a command injection that could allow an unauthenticated user root access to the system. | 2022-08-31 | not yet calculated | CVE-2022-21941 CERT CONFIRM |
sftpgo — sftpgo |
SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP. In SFTPGo versions from version 2.2.0 to 2.3.3 recovery codes can be generated before enabling two-factor authentication. An attacker who knows the user’s password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time. This issue has been fixed in version 2.3.4. Recovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it. | 2022-09-02 | not yet calculated | CVE-2022-36071 MISC CONFIRM |
simple_task_managing_system — simple_task_managing_system | A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423. | 2022-08-27 | not yet calculated | CVE-2022-3013 N/A |
simple_task_managing_system — simple_task_managing_system | A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424. | 2022-08-27 | not yet calculated | CVE-2022-3014 N/A N/A |
simple_task_scheduling_system — simple_task_scheduling_system | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php. | 2022-09-01 | not yet calculated | CVE-2022-36674 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php. | 2022-09-01 | not yet calculated | CVE-2022-36676 MISC |
simple_task_scheduling_system — simple_task_scheduling_system | Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php. | 2022-09-01 | not yet calculated | CVE-2022-36675 MISC |
sinsiu — enterprise_website_system | Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/. | 2022-08-29 | not yet calculated | CVE-2022-36572 MISC |
siteservercms — siteservercms | SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. | 2022-08-26 | not yet calculated | CVE-2022-36226 MISC MISC |
snakeyaml — snakeyaml | The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. | 2022-08-30 | not yet calculated | CVE-2022-25857 CONFIRM CONFIRM CONFIRM CONFIRM |
snipeitapp — snipe-it | Cross-site Scripting (XSS) – Stored in GitHub repository snipe/snipe-it prior to v6.0.11. | 2022-08-29 | not yet calculated | CVE-2022-3035 MISC CONFIRM |
sonicwall — sma100 | A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. | 2022-08-26 | not yet calculated | CVE-2022-2915 CONFIRM |
sourcecodester — expense_management_system | Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. | 2022-09-02 | not yet calculated | CVE-2022-36754 MISC |
sqlite — sqlite |
In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. | 2022-09-01 | not yet calculated | CVE-2020-35527 MISC |
sqlite — sqlite |
In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. | 2022-09-01 | not yet calculated | CVE-2020-35525 MISC |
subsys/net/ip/tcp.c — subsys/net/ip/tcp.c |
In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. | 2022-08-31 | not yet calculated | CVE-2022-1841 MISC |
tcpdump — tcpdump | The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. | 2022-08-27 | not yet calculated | CVE-2019-15167 CONFIRM |
telos_alliance — omnia mpx node | A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands. | 2022-09-02 | not yet calculated | CVE-2022-36642 MISC MISC MISC MISC |
tenda — ac6(ac1200) | Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request. | 2022-08-30 | not yet calculated | CVE-2022-36552 MISC MISC MISC |
tenda — ac6(ac1200) | Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard. | 2022-08-30 | not yet calculated | CVE-2022-37176 MISC MISC MISC |
tenda — ac9 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg. | 2022-08-31 | not yet calculated | CVE-2022-36570 MISC |
tenda — ac9 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting. | 2022-08-31 | not yet calculated | CVE-2022-36571 MISC |
tenda — ac9 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList. | 2022-08-31 | not yet calculated | CVE-2022-36568 MISC |
tenda — ac9 | Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg. | 2022-08-31 | not yet calculated | CVE-2022-36569 MISC |
tenda — m3 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter. | 2022-08-28 | not yet calculated | CVE-2022-38563 MISC |
tenda — m3 | Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter. | 2022-08-28 | not yet calculated | CVE-2022-38564 MISC |
tenda — m3 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter. | 2022-08-28 | not yet calculated | CVE-2022-38565 MISC |
tenda — m3 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter. | 2022-08-28 | not yet calculated | CVE-2022-38566 MISC |
tenda — m3 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter. | 2022-08-28 | not yet calculated | CVE-2022-38567 MISC |
tenda — m3 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter. | 2022-08-28 | not yet calculated | CVE-2022-38568 MISC |
tenda — m3 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd. | 2022-08-28 | not yet calculated | CVE-2022-38569 MISC |
tenda — m3 | Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter. | 2022-08-28 | not yet calculated | CVE-2022-38570 MISC |
tenda — m3 | Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem. | 2022-08-28 | not yet calculated | CVE-2022-38571 MISC |
tenda — m3 | Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter. | 2022-08-28 | not yet calculated | CVE-2022-38562 MISC |
tenda — tx9pro | Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. | 2022-08-29 | not yet calculated | CVE-2022-38510 MISC |
theforeman — foreman | A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2022-08-26 | not yet calculated | CVE-2021-20260 MISC MISC |
tooljet — tooljet | The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id’s might also be an option but I wouldn’t count on it, since it would take a long time to find a valid one). | 2022-08-29 | not yet calculated | CVE-2022-3019 MISC CONFIRM |
totolink — a3000ru | TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 2022-08-29 | not yet calculated | CVE-2022-36615 MISC |
totolink — a7000r |
TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh. | 2022-08-29 | not yet calculated | CVE-2022-32993 MISC MISC |
totolink — a720r | TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 2022-08-29 | not yet calculated | CVE-2022-36610 MISC |
totolink — a800r | TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 2022-08-29 | not yet calculated | CVE-2022-36611 MISC |
totolink — a810r | TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi. | 2022-08-29 | not yet calculated | CVE-2022-38511 MISC |
totolink — a810r | TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 2022-08-29 | not yet calculated | CVE-2022-36616 MISC |
totolink — a860r | TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 2022-08-29 | not yet calculated | CVE-2022-36614 MISC |
totolink — a950rg | TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 2022-08-29 | not yet calculated | CVE-2022-36612 MISC |
totolink — n600r | TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. | 2022-08-29 | not yet calculated | CVE-2022-36613 MISC |
trellix — dlp_endpoint_for_windows |
Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 and 11.6.600 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn’t usually have access to via a carefully constructed XML file, which the DLP Agent doesn’t parse correctly. | 2022-08-30 | not yet calculated | CVE-2022-2330 CONFIRM |
trendnet — tew733gr | Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | 2022-08-28 | not yet calculated | CVE-2022-38556 MISC |
trendnet — tew733gr | TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. | 2022-08-28 | not yet calculated | CVE-2022-37053 MISC MISC |
vim — vim | Use After Free in GitHub repository vim/vim prior to 9.0.0322. | 2022-08-30 | not yet calculated | CVE-2022-3037 CONFIRM MISC FEDORA FEDORA |
vim — vim | Use After Free in GitHub repository vim/vim prior to 9.0.0286. | 2022-08-28 | not yet calculated | CVE-2022-3016 CONFIRM MISC |
vim — vim |
Use After Free in GitHub repository vim/vim prior to 9.0.0360. | 2022-09-03 | not yet calculated | CVE-2022-3099 CONFIRM MISC |
virglrenderer — virglrenderer | A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. | 2022-08-26 | not yet calculated | CVE-2022-0175 MISC MISC MISC MISC MISC |
wamp — wamp_server |
Incorrect access control in the install directory (C:\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. | 2022-08-30 | not yet calculated | CVE-2022-36565 MISC |
wavlink — router | WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter. | 2022-08-30 | not yet calculated | CVE-2022-37149 MISC |
weaveworks — gitops_enterprise | Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim’s permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource. | 2022-09-01 | not yet calculated | CVE-2022-38790 MISC MISC MISC MISC |
wolfssl — wolfssl | An issue was discovered in wolfSSL before 5.5.0 (when –enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a “free(): invalid pointer” message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle. | 2022-08-31 | not yet calculated | CVE-2022-38153 MISC CONFIRM MISC MISC |
wolfssl — wolfssl |
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers. | 2022-09-02 | not yet calculated | CVE-2021-44718 MISC MISC |
wolfssl — wolfssl |
An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL’s compatibility layer and is not enabled by default. It is not part of wolfSSL’s native API. | 2022-08-31 | not yet calculated | CVE-2022-38152 MISC CONFIRM MISC MISC |
wordpress — wordpress | The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting | 2022-08-29 | not yet calculated | CVE-2022-2538 MISC |
wordpress — wordpress | The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example | 2022-08-29 | not yet calculated | CVE-2022-2556 MISC |
wordpress — wordpress | The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request. | 2022-08-29 | not yet calculated | CVE-2022-1663 MISC |
wordpress — wordpress | The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers | 2022-08-29 | not yet calculated | CVE-2022-2034 MISC MISC |
wordpress — wordpress | The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student | 2022-08-29 | not yet calculated | CVE-2022-2080 MISC MISC |
wordpress — wordpress | The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server | 2022-08-29 | not yet calculated | CVE-2022-2638 MISC |
wordpress — wordpress | The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting | 2022-08-29 | not yet calculated | CVE-2022-2599 MISC |
wordpress — wordpress | The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users | 2022-08-29 | not yet calculated | CVE-2022-2559 MISC |
wordpress — wordpress | Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress. | 2022-09-01 | not yet calculated | CVE-2022-36796 CONFIRM CONFIRM |
wordpress — wordpress | The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue. | 2022-08-29 | not yet calculated | CVE-2022-2261 MISC |
wordpress — wordpress | The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2022-08-29 | not yet calculated | CVE-2022-2374 MISC |
wordpress — wordpress | The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example | 2022-08-29 | not yet calculated | CVE-2022-2267 MISC |
wordpress — wordpress | The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address | 2022-08-29 | not yet calculated | CVE-2022-2373 MISC |
wordpress — wordpress | The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting. | 2022-08-29 | not yet calculated | CVE-2022-2537 MISC |
wordpress — wordpress | Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress. | 2022-09-01 | not yet calculated | CVE-2022-36355 CONFIRM CONFIRM |
wordpress — wordpress | The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks. | 2022-08-29 | not yet calculated | CVE-2022-1123 MISC |
wordpress — wordpress | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress. | 2022-09-01 | not yet calculated | CVE-2022-36373 CONFIRM CONFIRM |
wuzhicms — wuzhicms | A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: | 2022-08-26 | not yet calculated | CVE-2022-36168 MISC MISC |
x-data-spreadsheet — x-data-spreadsheet | All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells. | 2022-08-30 | not yet calculated | CVE-2022-25646 CONFIRM CONFIRM CONFIRM |
xpdfreader — xpdf | XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538. | 2022-08-30 | not yet calculated | CVE-2022-36561 MISC |
zaver — zaver | Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. | 2022-08-27 | not yet calculated | CVE-2022-38794 MISC |
zitadel — zitadel |
ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain points during the login. **Actions**, for example, allow creating authorizations (user grants) on newly created users programmatically. Due to a missing authorization check, **Actions** were able to grant authorizations for projects that belong to other organizations inside the same Instance. Granting authorizations via API and Console is not affected by this vulnerability. There is currently no known workaround, users should update. | 2022-08-31 | not yet calculated | CVE-2022-36051 MISC MISC CONFIRM |
zkoss — zk_framework | ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. | 2022-08-26 | not yet calculated | CVE-2022-36537 MISC |
zlmediakit — zlmediakit_server | An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327. | 2022-08-30 | not yet calculated | CVE-2022-37237 MISC |
zohocorp — multiple_products | Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature. | 2022-08-29 | not yet calculated | CVE-2022-38772 MISC MISC |
zulip — zulip |
Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190. | 2022-08-29 | not yet calculated | CVE-2022-35962 CONFIRM MISC MISC |
zulip — zulip |
Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL that tricks the server into embedding a remote image reference directly. This could allow the attacker to infer the viewer’s IP address and browser fingerprinting information. This vulnerability is fixed in Zulip Server 5.6. Zulip organizations with image and link previews [disabled](https://zulip.com/help/allow-image-link-previews) are not affected. | 2022-08-31 | not yet calculated | CVE-2022-36048 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
Please share your thoughts.
CISA recently updated an anonymous product survey;they’d welcome your feedback.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.