Weekly Vulnerabilities Reports > June 6 to 12, 2022

Overview

381 new vulnerabilities reported during this period, including 38 critical vulnerabilities and 89 high severity vulnerabilities. This weekly summary report vulnerabilities in 335 products from 217 vendors including Google, Samsung, Fedoraproject, H3C, and Debian. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Cross-Site Request Forgery (CSRF)", and "Path Traversal".

  • 304 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 149 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 250 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 39 reported vulnerabilities.
  • H3C has the most reported critical vulnerabilities, with 17 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

38 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-06-08 CVE-2022-30909 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the CMD parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30910 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the GO parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30912 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateWanParams parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30913 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the ipqos_set_bandwidth parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30914 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateMacClone parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30915 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the UpdateSnat parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30916 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnetDebug parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30917 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddWlanMacList parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30918 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTelnet parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30919 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID_5G parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30920 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Edit_BasicSSID parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30921 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetMobileAPInfoById parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30922 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditWlanMacList parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30923 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the Asp_SetTimingtimeWifiAndLed parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30924 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the SetAPWifiorLedInfoById parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30925 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the AddMacList parameter at /goform/aspForm.

10.0
2022-06-08 CVE-2022-30926 H3C Out-of-bounds Write vulnerability in H3C Magic R100 Firmware

H3C Magic R100 R100V100R005 was discovered to contain a stack overflow vulnerability via the EditMacList parameter at /goform/aspForm.

10.0
2022-06-10 CVE-2022-24376 GIT Promise Project Argument Injection or Modification vulnerability in Git-Promise Project Git-Promise

All versions of package git-promise are vulnerable to Command Injection due to an inappropriate fix of a prior [vulnerability](https://security.snyk.io/vuln/SNYK-JS-GITPROMISE-567476) in this package.

9.8
2022-06-10 CVE-2022-25845 Alibaba
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

The package com.alibaba:fastjson before 1.2.83 are vulnerable to Deserialization of Untrusted Data by bypassing the default autoType shutdown restrictions, which is possible under certain conditions.

9.8
2022-06-09 CVE-2022-31813 Apache
Netapp
Fedoraproject
Insufficient Verification of Data Authenticity vulnerability in multiple products

Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.

9.8
2022-06-09 CVE-2022-31031 Teluu
Debian
Classic Buffer Overflow vulnerability in multiple products

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE.

9.8
2022-06-09 CVE-2022-29013 Razer OS Command Injection vulnerability in Razer Sila Firmware 2.0.441Api2.0.418

A command injection in the command parameter of Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to execute arbitrary commands via a crafted POST request.

9.8
2022-06-08 CVE-2022-30877 Keep Project Unspecified vulnerability in Keep Project Keep 1.2

The keep for python, as distributed on PyPI, included a code-execution backdoor inserted by a third party.

9.8
2022-06-08 CVE-2022-0788 Wpmet SQL Injection vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform 1.4.2

The WP Fundraising Donation and Crowdfunding Platform WordPress plugin before 1.5.0 does not sanitise and escape a parameter before using it in a SQL statement via one of it's REST route, leading to an SQL injection exploitable by unauthenticated users

9.8
2022-06-08 CVE-2022-24065 Cookiecutter Project
Fedoraproject
OS Command Injection vulnerability in multiple products

The package cookiecutter before 2.1.1 are vulnerable to Command Injection via hg argument injection.

9.8
2022-06-06 CVE-2022-32511 Jmespath Project
Fedoraproject
jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable.
9.8
2022-06-06 CVE-2022-31479 Hidglobal
Carrier
OS Command Injection vulnerability in multiple products

An unauthenticated attacker can update the hostname with a specially crafted name that will allow for shell commands to be executed during the core collection process.

9.8
2022-06-07 CVE-2022-30710 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

9.4
2022-06-07 CVE-2022-30711 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

9.4
2022-06-07 CVE-2022-30713 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

9.4
2022-06-09 CVE-2022-28615 Apache
Fedoraproject
Netapp
Integer Overflow or Wraparound vulnerability in multiple products

Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer.

9.1
2022-06-08 CVE-2022-1996 GO Restful Project
Fedoraproject
Authorization Bypass Through User-Controlled Key vulnerability in multiple products

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.

9.1
2022-06-09 CVE-2022-25152 Itarian Unspecified vulnerability in Itarian On-Premise and Saas Service Desk

The ITarian platform (SAAS / on-premise) offers the possibility to run code on agents via a function called procedures.

9.0
2022-06-08 CVE-2022-1703 Sonicwall OS Command Injection vulnerability in Sonicwall products

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Commands which potentially leads to remote command execution vulnerability or denial of service (DoS) attack.

9.0
2022-06-07 CVE-2019-9971 3CX
Debian
Improper Privilege Management vulnerability in multiple products

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password.

9.0
2022-06-07 CVE-2019-9972 3CX
Debian
Command Injection vulnerability in multiple products

PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling.

9.0
2022-06-06 CVE-2022-31483 Hidglobal
Carrier
Path Traversal vulnerability in multiple products

An authenticated attacker can upload a file with a filename including “..” and “/” to achieve the ability to upload the desired file anywhere on the filesystem.

9.0
2022-06-06 CVE-2022-31486 Hidglobal
Carrier
OS Command Injection vulnerability in multiple products

An authenticated attacker can send a specially crafted route to the “edit_route.cgi” binary and have it execute shell commands.

9.0

89 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-06-11 CVE-2021-41738 Zeroshell OS Command Injection vulnerability in Zeroshell 3.9.5

ZeroShell 3.9.5 has a command injection vulnerability in /cgi-bin/kerbynet IP parameter, which may allow an authenticated attacker to execute system commands.

8.8
2022-06-09 CVE-2019-25067 Podman Project
Varlink
A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1.
8.8
2022-06-09 CVE-2021-40961 Cmsmadesimple SQL Injection vulnerability in Cmsmadesimple CMS Made Simple

CMS Made Simple <=2.2.15 is affected by SQL injection in modules/News/function.admin_articlestab.php.

8.8
2022-06-09 CVE-2022-30075 TP Link Unspecified vulnerability in Tp-Link Archer Ax50 Firmware 210730

In TP-Link Router AX50 firmware 210730 and older, import of a malicious backup file via web interface can lead to remote code execution due to improper validation.

8.8
2022-06-09 CVE-2022-31496 Librehealth Unspecified vulnerability in Librehealth EHR 2.0.0

LibreHealth EHR Base 2.0.0 allows incorrect interface/super/manage_site_files.php access.

8.8
2022-06-08 CVE-2021-36710 Toaruos Exposure of Resource to Wrong Sphere vulnerability in Toaruos 1.99.2

ToaruOS 1.99.2 is affected by incorrect access control via the kernel.

8.8
2022-06-07 CVE-2020-36529 IBM Command Injection vulnerability in IBM Sevone Network Performance Management

A vulnerability classified as critical has been found in SevOne Network Management System up to 5.7.2.22.

8.5
2022-06-06 CVE-2022-21745 Google Use After Free vulnerability in Google Android 10.0/11.0/12.0

In WIFI Firmware, there is a possible memory corruption due to a use after free.

8.3
2022-06-06 CVE-2022-27438 Caphyon
Realdefense
Prusa3D
Plagiarismcheckerx
Vigem
Nefarius
Moonsoftware
Getmailbird
Krylack
Jpsoft
JKI
Honeygain
Guzogo
Gamecaster
Gainedge
Fxsound
Freesnippingtool
Flamory
Emeditor
Codesector
Boom
3CX
Vpnhood
Vrdesktop
Urban VPN
Xsplit
Rovio
Rstinstruments
Download of Code Without Integrity Check vulnerability in multiple products

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function.

8.1
2022-06-12 CVE-2022-2054 Nuitka Code Injection vulnerability in Nuitka

Code Injection in GitHub repository nuitka/nuitka prior to 0.9.

7.8
2022-06-10 CVE-2022-2042 VIM
Apple
Use After Free vulnerability in multiple products

Use After Free in GitHub repository vim/vim prior to 8.2.

7.8
2022-06-09 CVE-2022-25153 Itarian Unspecified vulnerability in Itarian Endpoint Manager Communication Client 6.43.41148.21120

The ITarian Endpoint Manage Communication Client, prior to version 6.43.41148.21120, is compiled using insecure OpenSSL settings.

7.8
2022-06-09 CVE-2022-2000 VIM
Fedoraproject
Apple
Debian
Out-of-bounds Write vulnerability in multiple products

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

7.8
2022-06-09 CVE-2022-31214 Firejail Project
Fedoraproject
Debian
Improper Privilege Management vulnerability in multiple products

A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68.

7.8
2022-06-09 CVE-2022-1998 Linux
Fedoraproject
Redhat
Netapp
Use After Free vulnerability in multiple products

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user().

7.8
2022-06-06 CVE-2022-21757 Google Improper Validation of Integrity Check Value vulnerability in Google Android 11.0/12.0

In WIFI Firmware, there is a possible system crash due to a missing count check.

7.8
2022-06-06 CVE-2022-31482 Hidglobal
Carrier
Classic Buffer Overflow vulnerability in multiple products

An unauthenticated attacker can send a specially crafted unauthenticated HTTP request to the device that can overflow a buffer.

7.8
2022-06-10 CVE-2022-29095 Dell Cross-site Scripting vulnerability in Dell products

Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability.

7.6
2022-06-12 CVE-2021-41749 Nystudio107 Code Injection vulnerability in Nystudio107 Seomatic

In the SEOmatic plugin up to 3.4.11 for Craft CMS 3, it is possible for unauthenticated attackers to perform a Server-Side Template Injection, allowing for remote code execution.

7.5
2022-06-11 CVE-2022-30780 Lighttpd Incorrect Calculation vulnerability in Lighttpd 1.4.56/1.4.57/1.4.58

Lighttpd 1.4.56 through 1.4.58 allows a remote attacker to cause a denial of service (CPU consumption from stuck connections) because connection_read_header_more in connections.c has a typo that disrupts use of multiple read operations on large headers.

7.5
2022-06-11 CVE-2017-20038 Sicunet Unspecified vulnerability in Sicunet Access Control 0.3205Z

A vulnerability was found in SICUNET Access Controller 0.32-05z and classified as critical.

7.5
2022-06-11 CVE-2017-20039 Sicunet Use of Hard-coded Credentials vulnerability in Sicunet Access Control 0.3205Z

A vulnerability was found in SICUNET Access Controller 0.32-05z.

7.5
2022-06-10 CVE-2021-41755 Dynamicvision SQL Injection vulnerability in Dynamicvision Dynamicmarkt 3.10

dynamicMarkt <= 3.10 is affected by SQL injection in the kat1 parameter of index.php.

7.5
2022-06-10 CVE-2021-41756 Dynamicvision SQL Injection vulnerability in Dynamicvision Dynamicmarkt 3.10

dynamicMarkt <= 3.10 is affected by SQL injection in the kat parameter of index.php.

7.5
2022-06-10 CVE-2021-41754 Dynamicvision SQL Injection vulnerability in Dynamicvision Dynamicmarkt 3.10

dynamicMarkt <= 3.10 is affected by SQL injection in the parent parameter of index.php.

7.5
2022-06-10 CVE-2022-24278 Convert SVG Project Path Traversal vulnerability in Convert-Svg Project Convert-Svg

The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags.

7.5
2022-06-10 CVE-2022-25863 Gatsbyjs Deserialization of Untrusted Data vulnerability in Gatsbyjs Gatsby

The package gatsby-plugin-mdx before 2.14.1, from 3.0.0 and before 3.15.2 are vulnerable to Deserialization of Untrusted Data when passing input through to the gray-matter package, due to its default configurations that are missing input sanitization.

7.5
2022-06-10 CVE-2022-31788 Ideaco SQL Injection vulnerability in Ideaco Idealms 2022

IdeaLMS 2022 allows SQL injection via the IdeaLMS/ChatRoom/ClassAccessControl/6?isBigBlueButton=0&ClassID= pathname.

7.5
2022-06-10 CVE-2017-20029 Phplist SQL Injection vulnerability in PHPlist 3.2.6

A vulnerability was found in PHPList 3.2.6 and classified as critical.

7.5
2022-06-10 CVE-2017-20032 Phplist SQL Injection vulnerability in PHPlist 3.2.6

A vulnerability was found in PHPList 3.2.6.

7.5
2022-06-10 CVE-2022-31042 Guzzlephp
Drupal
Debian
Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products

Guzzle is an open source PHP HTTP client.

7.5
2022-06-10 CVE-2022-31043 Guzzlephp
Drupal
Debian
Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products

Guzzle is an open source PHP HTTP client.

7.5
2022-06-09 CVE-2017-20021 Solar LOG Unrestricted Upload of File with Dangerous Type vulnerability in Solar-Log products

A vulnerability, which was classified as critical, was found in Solare Solar-Log 2.8.4-56/3.5.2-85.

7.5
2022-06-09 CVE-2017-20022 Solar LOG Unspecified vulnerability in Solar-Log products

A vulnerability has been found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as problematic.

7.5
2022-06-09 CVE-2017-20023 Solar LOG Unspecified vulnerability in Solar-Log products

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical.

7.5
2022-06-09 CVE-2017-20025 Solar LOG Unspecified vulnerability in Solar-Log products

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85.

7.5
2022-06-09 CVE-2017-20028 Humhub Improper Privilege Management vulnerability in Humhub 0.20.1/1.0.0

A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3.

7.5
2022-06-09 CVE-2022-31045 Istio Out-of-bounds Read vulnerability in Istio

Istio is an open platform to connect, manage, and secure microservices.

7.5
2022-06-09 CVE-2022-29227 Envoyproxy Use After Free vulnerability in Envoyproxy Envoy

Envoy is a cloud-native high-performance edge/middle/service proxy.

7.5
2022-06-09 CVE-2022-29228 Envoyproxy Use After Free vulnerability in Envoyproxy Envoy

Envoy is a cloud-native high-performance proxy.

7.5
2022-06-09 CVE-2022-31033 Mechanize Project
Fedoraproject
Information Exposure vulnerability in multiple products

The Mechanize library is used for automating interaction with websites.

7.5
2022-06-09 CVE-2019-25065 Opennetadmin OS Command Injection vulnerability in Opennetadmin 18.1.1

A vulnerability was found in OpenNetAdmin 18.1.1.

7.5
2022-06-09 CVE-2022-1986 Gogs OS Command Injection vulnerability in Gogs

OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.

7.5
2022-06-09 CVE-2022-25151 Itarian Incorrect Permission Assignment for Critical Resource vulnerability in Itarian On-Premise and Saas Service Desk

Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker can obtain sensitive information, caused by the failure to set the HTTP Only flag.

7.5
2022-06-09 CVE-2022-26377 Apache
Fedoraproject
Netapp
HTTP Request Smuggling vulnerability in multiple products

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to.

7.5
2022-06-09 CVE-2022-29404 Apache
Fedoraproject
Netapp
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.

7.5
2022-06-09 CVE-2022-30522 Apache
Netapp
Fedoraproject
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.

7.5
2022-06-09 CVE-2022-30556 Apache
Netapp
Fedoraproject
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.
7.5
2022-06-09 CVE-2022-2019 Prison Management System Project Unspecified vulnerability in Prison Management System Project Prison Management System 1.0

A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0.

7.5
2022-06-09 CVE-2022-32272 Opswat Improper Privilege Management vulnerability in Opswat Metadefender

OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.

7.5
2022-06-09 CVE-2022-31019 Vapor Uncontrolled Recursion vulnerability in Vapor

Vapor is a server-side Swift HTTP web framework.

7.5
2022-06-09 CVE-2022-29255 Vyperlang Always-Incorrect Control Flow Implementation vulnerability in Vyperlang Vyper

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine.

7.5
2022-06-09 CVE-2022-24840 Django S3File Project Path Traversal vulnerability in Django-S3File Project Django-S3File

django-s3file is a lightweight file upload input for Django and Amazon S3 .

7.5
2022-06-09 CVE-2022-31649 Owncloud Exposure of Resource to Wrong Sphere vulnerability in Owncloud

ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer.

7.5
2022-06-08 CVE-2022-30882 Pyanxdns Project Unspecified vulnerability in Pyanxdns Project Pyanxdns 0.2

pyanxdns package in PyPI version 0.2 is vulnerable to code execution backdoor.

7.5
2022-06-08 CVE-2022-31313 API RES PY Project Unspecified vulnerability in Api-Res-Py Project Api-Res-Py 0.1

api-res-py package in PyPI 0.1 is vulnerable to a code execution backdoor in the request package.

7.5
2022-06-08 CVE-2021-40589 Zangband Data Project Integer Underflow (Wrap or Wraparound) vulnerability in Zangband-Data Project Zangband-Data 2.7.5

ZAngband zangband-data 2.7.5 is affected by an integer underflow vulnerability in src/tk/plat.c through the variable fileheader.bfOffBits.

7.5
2022-06-08 CVE-2022-28382 Verbatim Use of a Broken or Risky Cryptographic Algorithm vulnerability in Verbatim products

An issue was discovered in certain Verbatim drives through 2022-03-31.

7.5
2022-06-08 CVE-2022-1692 Dwbooster SQL Injection vulnerability in Dwbooster CP Image Store With Slideshow

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the ordering_by query parameter before using it in a SQL statement in pages where the [codepeople-image-store] is embed, allowing unauthenticated users to perform an SQL injection attack

7.5
2022-06-08 CVE-2022-21122 Metarhia Code Injection vulnerability in Metarhia Metacalc 0.0.1

The package metacalc before 0.0.2 are vulnerable to Arbitrary Code Execution when it exposes JavaScript's Math class to the v8 context.

7.5
2022-06-07 CVE-2022-30746 Samsung Missing Authorization vulnerability in Samsung Smartthings 1.7.73.22

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.

7.5
2022-06-07 CVE-2020-36533 Klapp Improper Authentication vulnerability in Klapp APP

A vulnerability was found in Klapp App and classified as problematic.

7.5
2022-06-07 CVE-2020-36539 Logicoycreativo SQL Injection vulnerability in Logicoycreativo Logico Y Creativo 1.0

A vulnerability was found in Lógico y Creativo 1.0 and classified as critical.

7.5
2022-06-07 CVE-2020-36540 Neetai SQL Injection vulnerability in Neetai Tech

A vulnerability, which was classified as critical, was found in Neetai Tech.

7.5
2022-06-07 CVE-2020-36541 Demokratian SQL Injection vulnerability in Demokratian

A vulnerability was found in Demokratian.

7.5
2022-06-07 CVE-2020-36542 Demokratian Improper Privilege Management vulnerability in Demokratian

A vulnerability classified as critical has been found in Demokratian.

7.5
2022-06-07 CVE-2022-1708 Kubernetes
Fedoraproject
Redhat
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API.

7.5
2022-06-07 CVE-2022-30717 Google Unspecified vulnerability in Google Android 10.0/11.0

Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.

7.5
2022-06-07 CVE-2022-30722 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.

7.5
2022-06-07 CVE-2021-37589 Virtuasoftware SQL Injection vulnerability in Virtuasoftware Cobranca

Virtua Cobranca before 12R allows SQL Injection on the login page.

7.5
2022-06-07 CVE-2022-29564 Jamf Unspecified vulnerability in Jamf Private Access

Jamf Private Access before 2022-05-16 has Incorrect Access Control, in which an unauthorized user can reach a system in the internal infrastructure, aka WND-44801.

7.5
2022-06-06 CVE-2022-30927 Simple Task Scheduling System Project SQL Injection vulnerability in Simple Task Scheduling System Project Simple Task Scheduling System 1.0

A SQL injection vulnerability exists in Simple Task Scheduling System 1.0 when MySQL is being used as the application database.

7.5
2022-06-06 CVE-2022-29631 Jodd Injection vulnerability in Jodd Http

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send.

7.5
2022-06-06 CVE-2022-30587 Gradle Insufficiently Protected Credentials vulnerability in Gradle Enterprise 2022.2

Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to information disclosure.

7.5
2022-06-06 CVE-2022-31768 IBM SQL Injection vulnerability in IBM Infosphere Information Server 11.7

IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection.

7.5
2022-06-06 CVE-2022-32275 Grafana Path Traversal vulnerability in Grafana 8.4.3

Grafana 8.4.3 allows reading files via (for example) a /dashboard/snapshot/%7B%7Bconstructor.constructor'/..

7.5
2022-06-06 CVE-2022-23712 Elastic Unspecified vulnerability in Elastic Elasticsearch

A Denial of Service flaw was discovered in Elasticsearch.

7.5
2022-06-06 CVE-2021-39947 Gitlab Unspecified vulnerability in Gitlab Runner

In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs

7.5
2022-06-06 CVE-2022-31481 Hidglobal
Carrier
Classic Buffer Overflow vulnerability in multiple products

An unauthenticated attacker can send a specially crafted update file to the device that can overflow a buffer.

7.5
2022-06-10 CVE-2022-29092 Dell Uncontrolled Search Path Element vulnerability in Dell products

Dell SupportAssist Client Consumer versions (3.11.0 and versions prior) and Dell SupportAssist Client Commercial versions (3.2.0 and versions prior) contain a privilege escalation vulnerability.

7.2
2022-06-10 CVE-2022-27502 Realvnc Unspecified vulnerability in Realvnc VNC Server

RealVNC VNC Server 6.9.0 through 5.1.0 for Windows allows local privilege escalation because an installer repair operation executes %TEMP% files as SYSTEM.

7.2
2022-06-09 CVE-2022-2017 Prison Management System Project SQL Injection vulnerability in Prison Management System Project Prison Management System 1.0

A vulnerability was found in SourceCodester Prison Management System 1.0.

7.2
2022-06-09 CVE-2022-2018 Prison Management System Project SQL Injection vulnerability in Prison Management System Project Prison Management System 1.0

A vulnerability classified as critical has been found in SourceCodester Prison Management System 1.0.

7.2
2022-06-08 CVE-2022-31325 Churchcrm SQL Injection vulnerability in Churchcrm 4.4.5

There is a SQL Injection vulnerability in ChurchCRM 4.4.5 via the 'PersonID' field in /churchcrm/WhyCameEditor.php.

7.2
2022-06-08 CVE-2022-30790 Denx Out-of-bounds Write vulnerability in Denx U-Boot 2022.01

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.

7.2
2022-06-08 CVE-2019-25062 Sricam Out-of-bounds Write vulnerability in Sricam Deviceviewer 3.12.0.1

A vulnerability was found in Sricam IP CCTV Camera and classified as critical.

7.2
2022-06-08 CVE-2019-25063 Sricam Out-of-bounds Write vulnerability in Sricam Deviceviewer 3.12.0.1

A vulnerability was found in Sricam IP CCTV Camera.

7.2
2022-06-07 CVE-2021-35532 ABB Unrestricted Upload of File with Dangerous Type vulnerability in ABB Txpert HUB Coretec 4 Firmware

A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4 product.

7.2
2022-06-06 CVE-2022-30586 Gradle Information Exposure vulnerability in Gradle

Gradle Enterprise through 2022.2.2 has Incorrect Access Control that leads to code execution.

7.2

180 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-06-10 CVE-2022-24429 Convert SVG Core Project Code Injection vulnerability in Convert-Svg-Core Project Convert-Svg-Core

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file.

6.8
2022-06-10 CVE-2022-22479 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Spectrum Copy Data Management

IBM Spectrum Copy Data Management 2.2.0.0through 2.2.15.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2022-06-10 CVE-2021-44117 Thedaylightstudio Cross-Site Request Forgery (CSRF) vulnerability in Thedaylightstudio Fuel CMS 1.5.0

A Cross Site Request Forgery (CSRF) vulnerability exists in TheDayLightStudio Fuel CMS 1.5.0 via a POST call to /fuel/sitevariables/delete/4.

6.8
2022-06-10 CVE-2022-32563 Couchbase Improper Certificate Validation vulnerability in Couchbase Sync Gateway 3.0.0

An issue was discovered in Couchbase Sync Gateway 3.x before 3.0.2.

6.8
2022-06-09 CVE-2017-20020 Solar LOG Cross-Site Request Forgery (CSRF) vulnerability in Solar-Log products

A vulnerability, which was classified as problematic, has been found in Solare Solar-Log 2.8.4-56/3.5.2-85.

6.8
2022-06-09 CVE-2019-25064 Theaccessgroup Cross-Site Request Forgery (CSRF) vulnerability in Theaccessgroup Corehr Core Portal

A vulnerability was found in CoreHR Core Portal up to 27.0.7.

6.8
2022-06-09 CVE-2021-27786 Hcltech Incorrect Comparison vulnerability in Hcltech Onetest Server 10.0/10.1/10.2

Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner.

6.8
2022-06-08 CVE-2022-28383 Verbatim Improper Input Validation vulnerability in Verbatim products

An issue was discovered in certain Verbatim drives through 2022-03-31.

6.8
2022-06-09 CVE-2022-21499 Oracle
Debian
Out-of-bounds Write vulnerability in multiple products

KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.

6.7
2022-06-09 CVE-2022-26363 XEN
Fedoraproject
Debian
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count.
6.7
2022-06-09 CVE-2022-26364 XEN
Fedoraproject
Debian
x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count.
6.7
2022-06-07 CVE-2021-35530 Hitachienergy Unspecified vulnerability in Hitachienergy Txpert HUB Coretec 4 Firmware

A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's TXpert Hub CoreTec 4, that depends on a token validation of the session identifier, allows an unauthorized modified message to be executed in the server enabling an unauthorized actor to change an existing user password, and further gain authorized access into the system via login mechanism.

6.7
2022-06-07 CVE-2021-35531 Hitachienergy OS Command Injection vulnerability in Hitachienergy Txpert HUB Coretec 4 Firmware

Improper Input Validation vulnerability in a particular configuration setting field of Hitachi Energy TXpert Hub CoreTec 4 product, allows an attacker with access to an authorized user with ADMIN or ENGINEER role rights to inject an OS command that is executed by the system.

6.7
2022-06-11 CVE-2017-20037 Sicunet Unspecified vulnerability in Sicunet Access Control 0.3205Z

A vulnerability has been found in SICUNET Access Controller 0.32-05z and classified as critical.

6.5
2022-06-10 CVE-2021-44582 Money Transfer Management System Project Forced Browsing vulnerability in Money Transfer Management System Project Money Transfer Management System 1.0

A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1.0, which allows a remote malicious user to gain elevated privileges to the Admin role via any URL.

6.5
2022-06-10 CVE-2017-20030 Phplist SQL Injection vulnerability in PHPlist 3.2.6

A vulnerability was found in PHPList 3.2.6.

6.5
2022-06-09 CVE-2016-15002 Ideracorp Reliance on Cookies without Validation and Integrity Checking vulnerability in Ideracorp Webyog Monyog Ultimate 6.63

A vulnerability, which was classified as critical, was found in MONyog Ultimate 6.63.

6.5
2022-06-09 CVE-2019-25066 Ajenti OS Command Injection vulnerability in Ajenti 2.1.31

A vulnerability has been found in ajenti 2.1.31 and classified as critical.

6.5
2022-06-09 CVE-2019-25068 Axiositalia Improper Privilege Management vulnerability in Axiositalia Registro Elettronico 1.7.0/7.0.0

A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0.

6.5
2022-06-09 CVE-2022-25806 Igel Use of Hard-coded Credentials vulnerability in Igel Universal Management Suite 6.07.100

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100.

6.5
2022-06-08 CVE-2017-20017 Tngsitebuilding SQL Injection vulnerability in Tngsitebuilding the Next Generation of Genealogy Sitebuilding

A vulnerability, which was classified as critical, has been found in The Next Generation of Genealogy Sitebuilding up to 11.1.0.

6.5
2022-06-08 CVE-2022-1570 Files Download Delay Project Missing Authorization vulnerability in Files Download Delay Project Files Download Delay

The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.

6.5
2022-06-08 CVE-2022-1683 Amtythumb Project SQL Injection vulnerability in Amtythumb Project Amtythumb

The amtyThumb WordPress plugin through 4.2.0 does not sanitise and escape a parameter before using it in a SQL statement via its shortcode, leading to an SQL injection and is exploitable by any authenticated user (and not just Author+ like the original advisory mention) due to the fact that they can execute shortcodes via an AJAX action

6.5
2022-06-08 CVE-2020-36543 Sialweb SQL Injection vulnerability in Sialweb CMS

A vulnerability, which was classified as critical, was found in SialWeb CMS.

6.5
2022-06-07 CVE-2022-29620 Filezilla Project Cleartext Storage of Sensitive Information vulnerability in Filezilla-Project Filezilla Client 3.59.0

FileZilla v3.59.0 allows attackers to obtain cleartext passwords of connected SSH or FTP servers via a memory dump.- NOTE: the vendor does not consider this a vulnerability

6.5
2022-06-07 CVE-2020-36535 Minmax SQL Injection vulnerability in Minmax

A vulnerability classified as critical has been found in MINMAX.

6.5
2022-06-07 CVE-2020-36536 Brandbugle SQL Injection vulnerability in Brandbugle

A vulnerability was found in Brandbugle.

6.5
2022-06-07 CVE-2020-36537 Everywhere SQL Injection vulnerability in Everywhere CMS

A vulnerability was found in Everywhere CMS.

6.5
2022-06-07 CVE-2020-36538 Etan SQL Injection vulnerability in Etan CMS

A vulnerability was found in Eatan CMS.

6.5
2022-06-06 CVE-2022-30469 Afian SQL Injection vulnerability in Afian Filerun 2022.02.02

In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman&section=get&page=grid` leads to SQL injection.

6.5
2022-06-06 CVE-2022-29617 SAP Improper Handling of Exceptional Conditions vulnerability in SAP Contributor License Agreement Assistant

Due to improper error handling an authenticated user can crash CLA assistant instance.

6.5
2022-06-06 CVE-2022-1680 Gitlab Unspecified vulnerability in Gitlab

An account takeover issue has been discovered in GitLab EE affecting all versions starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1.

6.5
2022-06-06 CVE-2021-41932 Wolterskluwer SQL Injection vulnerability in Wolterskluwer Teammate+ Audit 28.0.19.0

A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc.

6.5
2022-06-06 CVE-2022-30860 Fudforum Unrestricted Upload of File with Dangerous Type vulnerability in Fudforum

FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel.

6.5
2022-06-09 CVE-2022-29226 Envoyproxy Missing Authentication for Critical Function vulnerability in Envoyproxy Envoy

Envoy is a cloud-native high-performance proxy.

6.4
2022-06-09 CVE-2022-1992 Gogs Path Traversal vulnerability in Gogs

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

6.4
2022-06-09 CVE-2022-26362 XEN
Fedoraproject
Debian
Race Condition vulnerability in multiple products

x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count.

6.4
2022-06-09 CVE-2022-31386 Nbnbk Project Server-Side Request Forgery (SSRF) vulnerability in Nbnbk Project Nbnbk 3

A Server-Side Request Forgery (SSRF) in the getFileBinary function of nbnbk cms 3 allows attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the URL parameter.

6.4
2022-06-09 CVE-2022-31390 Jizhicms Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 2.2.5

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Update function in app/admin/c/TemplateController.php.

6.4
2022-06-09 CVE-2022-31393 Jizhicms Server-Side Request Forgery (SSRF) vulnerability in Jizhicms 2.2.5

Jizhicms v2.2.5 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Index function in app/admin/c/PluginsController.php.

6.4
2022-06-09 CVE-2022-31827 Monstaftp Server-Side Request Forgery (SSRF) vulnerability in Monstaftp 2.10.3

MonstaFTP v2.10.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the function performFetchRequest at HTTPFetcher.php.

6.4
2022-06-09 CVE-2022-31830 Baidu Server-Side Request Forgery (SSRF) vulnerability in Baidu Kity Minder 1.3.5

Kity Minder v1.3.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the init function at ImageCapture.class.php.

6.4
2022-06-07 CVE-2022-30712 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

6.4
2022-06-07 CVE-2022-25361 Watchguard Unspecified vulnerability in Watchguard Fireware

WatchGuard Firebox and XTM appliances allow an unauthenticated remote attacker to delete arbitrary files from a limited set of directories on the system.

6.4
2022-06-09 CVE-2022-0823 Zyxel Unspecified vulnerability in Zyxel products

An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.

6.2
2022-06-09 CVE-2019-25070 Wolfcms Cross-site Scripting vulnerability in Wolfcms Wolf CMS

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1.

6.1
2022-06-08 CVE-2022-30875 Dolibarr Cross-site Scripting vulnerability in Dolibarr Erp/Crm 12.0.5

Dolibarr 12.0.5 is vulnerable to Cross Site Scripting (XSS) via Sql Error Page.

6.1
2022-06-07 CVE-2022-31470 Axigen Cross-site Scripting vulnerability in Axigen Mobile Webmail

An XSS vulnerability in the index_mobile_changepass.hsp reset-password section of Axigen Mobile WebMail before 10.2.3.12 and 10.3.x before 10.3.3.47 allows attackers to run arbitrary Javascript code that, using an active end-user session (for a logged-in user), can access and retrieve mailbox content.

6.1
2022-06-09 CVE-2022-2037 Tooljet Unspecified vulnerability in Tooljet

Excessive Attack Surface in GitHub repository tooljet/tooljet prior to v1.16.0.

6.0
2022-06-07 CVE-2020-36530 IBM SQL Injection vulnerability in IBM Sevone Network Performance Management

A vulnerability classified as critical was found in SevOne Network Management System up to 5.7.2.22.

6.0
2022-06-07 CVE-2020-36531 IBM Improper Neutralization of Formula Elements in a CSV File vulnerability in IBM Sevone Network Performance Management

A vulnerability, which was classified as critical, has been found in SevOne Network Management System up to 5.7.2.22.

6.0
2022-06-09 CVE-2022-29224 Envoyproxy NULL Pointer Dereference vulnerability in Envoyproxy Envoy

Envoy is a cloud-native high-performance proxy.

5.9
2022-06-09 CVE-2022-24969 Apache Server-Side Request Forgery (SSRF) vulnerability in Apache Dubbo

bypass CVE-2021-25640 > In Apache Dubbo prior to 2.6.12 and 2.7.15, the usage of parseURL method will lead to the bypass of the white host check which can cause open redirect or SSRF vulnerability.

5.8
2022-06-09 CVE-2022-29254 Silverstripe Interpretation Conflict vulnerability in Silverstripe Silverstripe-Omnipay

silverstripe-omnipay is a SilverStripe integration with Omnipay PHP payments library.

5.8
2022-06-08 CVE-2022-1577 Deliciousbrains Cross-Site Request Forgery (CSRF) vulnerability in Deliciousbrains Database Backup

The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack.

5.8
2022-06-09 CVE-2022-1993 Gogs Path Traversal vulnerability in Gogs

Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.

5.5
2022-06-09 CVE-2022-31030 Linuxfoundation
Debian
Fedoraproject
Resource Exhaustion vulnerability in multiple products

containerd is an open source container runtime.

5.5
2022-06-09 CVE-2021-40668 Http File Server Project Path Traversal vulnerability in Http File Server Project Http File Server 1.4.1

The Android application HTTP File Server (Version 1.4.1) by 'slowscript' is affected by a path traversal vulnerability that permits arbitrary directory listing, file read, and file write.

5.5
2022-06-08 CVE-2021-40592 Gpac Infinite Loop vulnerability in Gpac

GPAC version before commit 71460d72ec07df766dab0a4d52687529f3efcf0a (version v1.0.1 onwards) contains loop with unreachable exit condition ('infinite loop') vulnerability in ISOBMFF reader filter, isoffin_read.c.

5.5
2022-06-08 CVE-2022-28384 Verbatim Improper Restriction of Excessive Authentication Attempts vulnerability in Verbatim products

An issue was discovered in certain Verbatim drives through 2022-03-31.

5.5
2022-06-07 CVE-2022-30731 Samsung Unspecified vulnerability in Samsung MY Files

Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application.

5.5
2022-06-07 CVE-2022-30745 Samsung Unspecified vulnerability in Samsung Quick Share 3.5.14.18/3.5.16.20

Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share.

5.5
2022-06-06 CVE-2022-28478 Seeddms Path Traversal vulnerability in Seeddms 5.1.24/6.0.17

SeedDMS 6.0.17 and 5.1.24 are vulnerable to Directory Traversal.

5.5
2022-06-06 CVE-2022-21748 Google Missing Authorization vulnerability in Google Android 11.0/12.0

In telephony, there is a possible information disclosure due to a missing permission check.

5.5
2022-06-06 CVE-2022-21749 Google Missing Authorization vulnerability in Google Android 11.0/12.0

In telephony, there is a possible information disclosure due to a missing permission check.

5.5
2022-06-06 CVE-2022-28224 Tigera Improper Input Validation vulnerability in Tigera Calico Enterprise and Calico OS

Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature.

5.5
2022-06-12 CVE-2018-25034 Technicolor Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Technicolor Thomson Tcw710 Firmware St5D.10.05

A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05.

5.4
2022-06-10 CVE-2022-31769 IBM Unspecified vulnerability in IBM Spectrum Copy Data Management

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system.

5.3
2022-06-09 CVE-2022-28614 Apache
Fedoraproject
Netapp
Integer Overflow or Wraparound vulnerability in multiple products

The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.

5.3
2022-06-08 CVE-2022-1598 2Code Missing Authentication for Critical Function vulnerability in 2Code Wpqa Builder 5.2

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.

5.3
2022-06-07 CVE-2022-30715 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.

5.3
2022-06-07 CVE-2022-31025 Discourse Unspecified vulnerability in Discourse

Discourse is an open source platform for community discussion.

5.3
2022-06-10 CVE-2022-21211 Posix Project Unchecked Return Value vulnerability in Posix Project Posix

This affects all versions of package posix.

5.0
2022-06-10 CVE-2022-25851 Jpeg JS Project Infinite Loop vulnerability in Jpeg-Js Project Jpeg-Js

The package jpeg-js before 0.4.4 are vulnerable to Denial of Service (DoS) where a particular piece of input will cause to enter an infinite loop and never return.

5.0
2022-06-10 CVE-2018-17240 Netwavepr Memory Leak vulnerability in Netwavepr products

There is a memory dump vulnerability on Netwave IP camera devices at //proc/kcore that allows an unauthenticated attacker to exfiltrate sensitive information from the network configuration (e.g., username and password).

5.0
2022-06-09 CVE-2017-20019 Solar LOG Unspecified vulnerability in Solar-Log products

A vulnerability classified as problematic was found in Solare Solar-Log 2.8.4-56/3.5.2-85.

5.0
2022-06-09 CVE-2017-20024 Solar LOG Unspecified vulnerability in Solar-Log products

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85.

5.0
2022-06-09 CVE-2022-29225 Envoyproxy Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Envoyproxy Envoy

Envoy is a cloud-native high-performance proxy.

5.0
2022-06-09 CVE-2022-31051 Semantic Release Project Information Exposure vulnerability in Semantic-Release Project Semantic-Release

semantic-release is an open source npm package for automated version management and package publishing.

5.0
2022-06-09 CVE-2019-25069 Axiositalia Information Exposure vulnerability in Axiositalia Registro Elettronico 1.7.0/7.0.0

A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0.

5.0
2022-06-09 CVE-2022-28330 Apache Out-of-bounds Read vulnerability in Apache Http Server

Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.

5.0
2022-06-09 CVE-2022-23138 ZTE Use of Insufficiently Random Values vulnerability in ZTE Mf297D Firmware Mf297Dnordic1B05

ZTE's MF297D product has cryptographic issues vulnerability.

5.0
2022-06-09 CVE-2022-31026 Trilogy Project Use of Uninitialized Resource vulnerability in Trilogy Project Trilogy 0.0.1/2.0.0/2.1.0

Trilogy is a client library for MySQL.

5.0
2022-06-09 CVE-2022-29014 Razer Unspecified vulnerability in Razer Sila Firmware 2.0.441Api2.0.418

A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files.

5.0
2022-06-08 CVE-2020-14125 MI Out-of-bounds Write vulnerability in MI Miui 2020.01.15

A denial of service vulnerability exists in some Xiaomi models of phones.

5.0
2022-06-08 CVE-2022-24296 Mitsubishi Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mitsubishi products

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Air Conditioning System G-150AD Ver.

5.0
2022-06-07 CVE-2022-30732 Samsung Exposure of Resource to Wrong Sphere vulnerability in Samsung Account

Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult.

5.0
2022-06-07 CVE-2022-30733 Samsung Information Exposure Through Log Files vulnerability in Samsung Account

Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.

5.0
2022-06-07 CVE-2022-30734 Samsung Exposure of Resource to Wrong Sphere vulnerability in Samsung Account

Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.

5.0
2022-06-07 CVE-2022-30735 Samsung Improper Privilege Management vulnerability in Samsung Account

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission.

5.0
2022-06-07 CVE-2022-30736 Samsung Improper Privilege Management vulnerability in Samsung Account

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.

5.0
2022-06-07 CVE-2022-30737 Samsung Unspecified vulnerability in Samsung Account

Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID.

5.0
2022-06-07 CVE-2022-30743 Samsung Improper Privilege Management vulnerability in Samsung Account

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.

5.0
2022-06-07 CVE-2022-30709 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

5.0
2022-06-07 CVE-2022-30716 Google Improper Handling of Exceptional Conditions vulnerability in Google Android 10.0/11.0/12.0

Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.

5.0
2022-06-07 CVE-2022-30719 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

5.0
2022-06-07 CVE-2022-30720 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

5.0
2022-06-07 CVE-2022-30721 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

5.0
2022-06-07 CVE-2022-31028 Minio Resource Exhaustion vulnerability in Minio

MinIO is a multi-cloud object storage solution.

5.0
2022-06-06 CVE-2022-22396 IBM Insufficiently Protected Credentials vulnerability in IBM Spectrum Protect Plus

Credentials are printed in clear text in the IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.3 virgo log file in certain cases.

5.0
2022-06-06 CVE-2022-31480 Hidglobal
Carrier
Forced Browsing vulnerability in multiple products

An unauthenticated attacker could arbitrarily upload firmware files to the target device, ultimately causing a Denial-of-Service (DoS).

5.0
2022-06-06 CVE-2022-31484 Hidglobal
Carrier
Forced Browsing vulnerability in multiple products

An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface.

5.0
2022-06-06 CVE-2022-31485 Hidglobal
Carrier
Forced Browsing vulnerability in multiple products

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of the home page of the web interface.

5.0
2022-06-08 CVE-2022-1691 Realtyworkstation SQL Injection vulnerability in Realtyworkstation Realty Workstation

The Realty Workstation WordPress plugin before 1.0.15 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection

4.9
2022-06-06 CVE-2022-21760 Google Integer Overflow or Wraparound vulnerability in Google Android 12.0

In apusys driver, there is a possible system crash due to an integer overflow.

4.9
2022-06-06 CVE-2022-21761 Google Integer Overflow or Wraparound vulnerability in Google Android 10.0/11.0/12.0

In apusys driver, there is a possible system crash due to an integer overflow.

4.9
2022-06-06 CVE-2022-21762 Google Integer Overflow or Wraparound vulnerability in Google Android 12.0

In apusys driver, there is a possible system crash due to an integer overflow.

4.9
2022-06-06 CVE-2022-1944 Gitlab Incorrect Authorization vulnerability in Gitlab

When the feature is configured, improper authorization in the Interactive Web Terminal in GitLab CE/EE affecting all versions from 11.3 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows users with the Developer role to open terminals on other Developers' running jobs

4.9
2022-06-09 CVE-2022-2020 Prison Management System Project Cross-site Scripting vulnerability in Prison Management System Project Prison Management System 1.0

A vulnerability, which was classified as problematic, has been found in SourceCodester Prison Management System 1.0.

4.8
2022-06-10 CVE-2022-32981 Linux Classic Buffer Overflow vulnerability in Linux Kernel 5.19

An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms.

4.6
2022-06-10 CVE-2022-29948 Lepin EP Kp001 Project Unspecified vulnerability in Lepin Ep-Kp001 Project Lepinep-Kp001 Firmware

Due to an insecure design, the Lepin EP-KP001 flash drive through KP001_V19 is vulnerable to an authentication bypass attack that enables an attacker to gain access to the stored encrypted data.

4.6
2022-06-09 CVE-2022-30703 Trendmicro Unspecified vulnerability in Trendmicro Security 2021/2022

Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an exposed dangerous method vulnerability that could allow an attacker to obtain access to leaked kernel addresses and disclose sensitive information.

4.6
2022-06-08 CVE-2022-28386 Verbatim Improper Restriction of Excessive Authentication Attempts vulnerability in Verbatim products

An issue was discovered in certain Verbatim drives through 2022-03-31.

4.6
2022-06-07 CVE-2022-30730 Samsung Unspecified vulnerability in Samsung Pass

Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.

4.6
2022-06-07 CVE-2022-30749 Samsung Improper Authentication vulnerability in Samsung Smartthings 1.7.73.22/1.7.85.12

Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.

4.6
2022-06-07 CVE-2022-30726 Google Unspecified vulnerability in Google Android 12.0

Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.

4.6
2022-06-06 CVE-2022-21750 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

In WLAN driver, there is a possible out of bounds write due to a missing bounds check.

4.6
2022-06-06 CVE-2022-21751 Google Out-of-bounds Write vulnerability in Google Android 11.0

In WLAN driver, there is a possible out of bounds write due to a missing bounds check.

4.6
2022-06-06 CVE-2022-21752 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

In WLAN driver, there is a possible out of bounds write due to a missing bounds check.

4.6
2022-06-06 CVE-2022-21753 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

In WLAN driver, there is a possible out of bounds write due to a missing bounds check.

4.6
2022-06-06 CVE-2022-21754 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

In WLAN driver, there is a possible out of bounds write due to a missing bounds check.

4.6
2022-06-06 CVE-2022-21758 Google Double Free vulnerability in Google Android 11.0/12.0

In ccu, there is a possible memory corruption due to a double free.

4.6
2022-06-06 CVE-2022-21759 Google Out-of-bounds Write vulnerability in Google Android 11.0/12.0

In power service, there is a possible out of bounds write due to a missing bounds check.

4.6
2022-06-09 CVE-2017-20018 Apachefriends Uncontrolled Search Path Element vulnerability in Apachefriends Xampp 7.1.10Vc14

A vulnerability was found in XAMPP 7.1.1-0-VC14.

4.4
2022-06-07 CVE-2022-30744 Samsung Uncontrolled Search Path Element vulnerability in Samsung Kies

DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code.

4.4
2022-06-12 CVE-2021-41750 Nystudio107 Cross-site Scripting vulnerability in Nystudio107 Seomatic 3.4.10

A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension.

4.3
2022-06-11 CVE-2021-44266 Gunet Cross-site Scripting vulnerability in Gunet Open Eclass Platform

GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter.

4.3
2022-06-10 CVE-2022-31282 Axiosys Unspecified vulnerability in Axiosys Bento4 1.2

Bento4 MP4Dump v1.2 was discovered to contain a segmentation violation via an unknown address at /Source/C++/Core/Ap4DataBuffer.cpp:175.

4.3
2022-06-10 CVE-2022-31285 Axiosys Allocation of Resources Without Limits or Throttling vulnerability in Axiosys Bento4 1.2

An issue was discovered in Bento4 1.2.

4.3
2022-06-10 CVE-2022-31287 Axiosys Allocation of Resources Without Limits or Throttling vulnerability in Axiosys Bento4 1.2

An issue was discovered in Bento4 v1.2.

4.3
2022-06-10 CVE-2022-31402 Combodo Cross-site Scripting vulnerability in Combodo Itop 3.0.1

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/webservices/export-v2.php.

4.3
2022-06-10 CVE-2022-32978 Jpeg Reachable Assertion vulnerability in Jpeg Libjpeg

There is an assertion failure in SingleComponentLSScan::ParseMCU in singlecomponentlsscan.cpp in libjpeg before 1.64 via an empty JPEG-LS scan.

4.3
2022-06-10 CVE-2017-20033 Phplist Cross-site Scripting vulnerability in PHPlist 3.2.6

A vulnerability classified as problematic has been found in PHPList 3.2.6.

4.3
2022-06-09 CVE-2017-20026 Humhub Cross-site Scripting vulnerability in Humhub

A vulnerability has been found in HumHub up to 1.0.1 and classified as problematic.

4.3
2022-06-09 CVE-2017-20027 Humhub Cross-site Scripting vulnerability in Humhub

A vulnerability was found in HumHub up to 1.0.1 and classified as problematic.

4.3
2022-06-09 CVE-2022-30898 Chshcms Cross-Site Request Forgery (CSRF) vulnerability in Chshcms Cscms 4.2

A Cross-site request forgery (CSRF) vulnerability in Cscms music portal system v4.2 allows remote attackers to change the administrator's username and password.

4.3
2022-06-09 CVE-2022-2035 Ltgplc Cross-site Scripting vulnerability in Ltgplc Rustici Software Scorm Engine

A reflected cross-site scripting (XSS) vulnerability exists in the playerConfUrl parameter in the /defaultui/player/modern.html file for SCORM Engine versions < 20.1.45.914, 21.1.x < 21.1.7.219.

4.3
2022-06-09 CVE-2022-32195 EDX Cross-site Scripting vulnerability in EDX Open EDX 20150127/20190315

Open edX platform before 2022-06-06 allows XSS via the "next" parameter in the logout URL.

4.3
2022-06-08 CVE-2022-31497 Librehealth Cross-site Scripting vulnerability in Librehealth EHR 2.0.0

LibreHealth EHR Base 2.0.0 allows interface/main/finder/finder_navigation.php patient XSS.

4.3
2022-06-08 CVE-2022-1005 Veronalabs Cross-site Scripting vulnerability in Veronalabs WP Statistics

The WP Statistics WordPress plugin before 13.2.2 does not sanitise the REQUEST_URI parameter before outputting it back in the rendered page, leading to Cross-Site Scripting (XSS) in web browsers which do not encode characters

4.3
2022-06-08 CVE-2022-1241 2Code Cross-site Scripting vulnerability in 2Code ASK ME

The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues

4.3
2022-06-08 CVE-2022-1421 2Code Cross-Site Request Forgery (CSRF) vulnerability in 2Code Discy

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack

4.3
2022-06-08 CVE-2022-1422 2Code Cross-Site Request Forgery (CSRF) vulnerability in 2Code Discy

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discy_reset_options, allowing an attacker to trick an admin into resetting the site settings back to defaults.

4.3
2022-06-08 CVE-2022-1424 2Code Cross-Site Request Forgery (CSRF) vulnerability in 2Code ASK ME

The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site.

4.3
2022-06-08 CVE-2022-1597 2Code Cross-site Scripting vulnerability in 2Code Wpqa Builder 5.2

The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks

4.3
2022-06-08 CVE-2022-1673 Greenwallet Cross-site Scripting vulnerability in Greenwallet Woocommerce Green Wallet Gateway

The WooCommerce Green Wallet Gateway WordPress plugin before 1.0.2 does not escape the error_envision query parameter before outputting it to the page, leading to a Reflected Cross-Site Scripting vulnerability.

4.3
2022-06-08 CVE-2022-1695 Tipsandtricks HQ Cross-Site Request Forgery (CSRF) vulnerability in Tipsandtricks-Hq WP Simple Adsense Insertion

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form.

4.3
2022-06-08 CVE-2022-1709 GTI Cross-Site Request Forgery (CSRF) vulnerability in GTI Throws Spam Away

The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments (either all, spam, or pending), allowing attackers to make a logged in admin delete comments via a CSRF attack

4.3
2022-06-08 CVE-2022-1712 Livesync Project Cross-Site Request Forgery (CSRF) vulnerability in Livesync Project Livesync

The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3
2022-06-07 CVE-2022-30738 Samsung Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Internet

Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script.

4.3
2022-06-07 CVE-2020-36534 Easyiicms Cross-Site Request Forgery (CSRF) vulnerability in Easyiicms

A vulnerability was found in easyii CMS.

4.3
2022-06-07 CVE-2022-31495 Librehealth Cross-site Scripting vulnerability in Librehealth EHR 2.0.0

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS.

4.3
2022-06-06 CVE-2022-29296 Avantune Cross-site Scripting vulnerability in Avantune Genialcloud Proj 10

A reflected cross-site scripting (XSS) vulnerability in the login portal of Avantune Genialcloud ProJ - 10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

4.3
2022-06-06 CVE-2022-31494 Librehealth Cross-site Scripting vulnerability in Librehealth EHR 2.0.0

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php action XSS.

4.3
2022-06-06 CVE-2022-31498 Librehealth Cross-site Scripting vulnerability in Librehealth EHR 2.0.0

LibreHealth EHR Base 2.0.0 allows interface/orders/patient_match_dialog.php key XSS.

4.3
2022-06-06 CVE-2022-31492 Librehealth Cross-site Scripting vulnerability in Librehealth EHR 2.0.0

Cross Site scripting (XSS) vulnerability inLibreHealth EHR Base 2.0.0 via interface/usergroup/usergroup_admin_add.php Username.

4.3
2022-06-06 CVE-2022-31493 Librehealth Cross-site Scripting vulnerability in Librehealth EHR 2.0.0

LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php acl_id XSS.

4.3
2022-06-06 CVE-2022-1821 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1.

4.3
2022-06-06 CVE-2021-42245 Flatcore Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.0.9

FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections.

4.3
2022-06-10 CVE-2021-42811 Thalesgroup Path Traversal vulnerability in Thalesgroup Safenet Keysecure 8.12.0

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in SafeNet KeySecure allows an authenticated user to read arbitrary files from the underlying system on which the product is deployed.

4.0
2022-06-10 CVE-2017-20031 Phplist Unspecified vulnerability in PHPlist 3.2.6

A vulnerability was found in PHPList 3.2.6.

4.0
2022-06-09 CVE-2022-29250 Glpi Project SQL Injection vulnerability in Glpi-Project Glpi 10.0.0

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.

4.0
2022-06-09 CVE-2022-30760 IHB EG Authorization Bypass Through User-Controlled Key vulnerability in Ihb-Eg Fn2Web

An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint.

4.0
2022-06-09 CVE-2022-31027 Jupyter Authorization Bypass Through User-Controlled Key vulnerability in Jupyter Oauthenticator

OAuthenticator is an OAuth token library for the JupyerHub login handler.

4.0
2022-06-09 CVE-2022-24896 Enalean Missing Authorization vulnerability in Enalean Tuleap

Tuleap is a Free & Open Source Suite to manage software developments and collaboration.

4.0
2022-06-09 CVE-2022-25805 Igel Cleartext Transmission of Sensitive Information vulnerability in Igel Universal Management Suite 6.07.100

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100.

4.0
2022-06-08 CVE-2022-32273 Opswat Information Exposure Through Discrepancy vulnerability in Opswat Metadefender

As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core (MDCore) before 5.1.2 could allow an authenticated user to enumerate filenames on the server.

4.0
2022-06-08 CVE-2022-0779 User Meta Path Traversal vulnerability in User-Meta User Meta User Profile Builder and User Management

The User Meta WordPress plugin before 2.4.4 does not validate the filepath parameter of its um_show_uploaded_file AJAX action, which could allow low privileged users such as subscriber to enumerate the local files on the web server via path traversal payloads

4.0
2022-06-08 CVE-2022-1684 Webpsilon SQL Injection vulnerability in Webpsilon Cube Slider

The Cube Slider WordPress plugin through 1.2 does not sanitise and escape the idslider parameter before using it in various SQL queries, leading to SQL Injections exploitable by high privileged users such as admin

4.0
2022-06-08 CVE-2022-1685 Five Minute Webshop Project SQL Injection vulnerability in Five Minute Webshop Project Five Minute Webshop

The Five Minute Webshop WordPress plugin through 1.3.2 does not properly validate and sanitise the orderby parameter before using it in a SQL statement via the Manage Products admin page, leading to an SQL Injection

4.0
2022-06-08 CVE-2022-1686 Five Minute Webshop Project SQL Injection vulnerability in Five Minute Webshop Project Five Minute Webshop

The Five Minute Webshop WordPress plugin through 1.3.2 does not sanitise and escape the id parameter before using it in a SQL statement when editing a product via the admin dashboard, leading to an SQL Injection

4.0
2022-06-08 CVE-2022-1687 Logo Slider Project SQL Injection vulnerability in Logo Slider Project Logo Slider

The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection

4.0
2022-06-08 CVE-2022-1688 Datainterlock SQL Injection vulnerability in Datainterlock Note Press

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the id parameter before using it in various SQL statement via the admin dashboard, leading to SQL Injections

4.0
2022-06-08 CVE-2022-1689 Datainterlock SQL Injection vulnerability in Datainterlock Note Press

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the Update parameter before using it in a SQL statement when updating a note via the admin dashboard, leading to an SQL injection

4.0
2022-06-08 CVE-2022-1690 Datainterlock SQL Injection vulnerability in Datainterlock Note Press

The Note Press WordPress plugin through 0.1.10 does not sanitise and escape the ids from the bulk actions before using them in a SQL statement in an admin page, leading to an SQL injection

4.0
2022-06-07 CVE-2022-30739 Samsung Improper Privilege Management vulnerability in Samsung Account

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission.

4.0
2022-06-07 CVE-2020-36528 Platinumchina Improper Authentication vulnerability in Platinumchina Platinum Mobile 1.0.4.850

A vulnerability, which was classified as critical, was found in Platinum Mobile 1.0.4.850.

4.0
2022-06-07 CVE-2020-36532 Klapp Exposure of Resource to Wrong Sphere vulnerability in Klapp APP

A vulnerability has been found in Klapp App and classified as problematic.

4.0
2022-06-06 CVE-2022-1935 Gitlab Incorrect Authorization vulnerability in Gitlab

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Trigger Token to misuse it from any location even when IP address restrictions were configured

4.0
2022-06-06 CVE-2022-1936 Gitlab Incorrect Authorization vulnerability in Gitlab

Incorrect authorization in GitLab EE affecting all versions from 12.0 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1 allowed an attacker already in possession of a valid Project Deploy Token to misuse it from any location even when IP address restrictions were configured

4.0

74 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-06-12 CVE-2021-41641 Deno Link Following vulnerability in Deno

Deno <=1.14.0 file sandbox does not handle symbolic links correctly.

3.6
2022-06-10 CVE-2022-29093 Dell Path Traversal vulnerability in Dell products

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion vulnerability.

3.6
2022-06-10 CVE-2022-29094 Dell Path Traversal vulnerability in Dell products

Dell SupportAssist Client Consumer versions (3.10.4 and versions prior) and Dell SupportAssist Client Commercial versions (3.1.1 and versions prior) contain an arbitrary file deletion/overwrite vulnerability.

3.6
2022-06-12 CVE-2018-25035 Technicolor Cross-site Scripting vulnerability in Technicolor Thomson Tcw710 Firmware St5D.10.05

A vulnerability, which was classified as problematic, was found in Thomson TCW710 ST5D.10.05.

3.5
2022-06-12 CVE-2018-25036 Technicolor Cross-site Scripting vulnerability in Technicolor Thomson Tcw710 Firmware St5D.10.05

A vulnerability has been found in Thomson TCW710 ST5D.10.05 and classified as problematic.

3.5
2022-06-12 CVE-2018-25037 Technicolor Cross-site Scripting vulnerability in Technicolor Thomson Tcw710 Firmware St5D.10.05

A vulnerability was found in Thomson TCW710 ST5D.10.05 and classified as problematic.

3.5
2022-06-12 CVE-2018-25038 Technicolor Cross-site Scripting vulnerability in Technicolor Thomson Tcw710 Firmware St5D.10.05

A vulnerability was found in Thomson TCW710 ST5D.10.05.

3.5
2022-06-12 CVE-2018-25039 Technicolor Cross-site Scripting vulnerability in Technicolor Thomson Tcw710 Firmware St5D.10.05

A vulnerability was found in Thomson TCW710 ST5D.10.05.

3.5
2022-06-11 CVE-2021-41502 Intelliants Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1

An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute.

3.5
2022-06-10 CVE-2022-30610 IBM Improper Privilege Management vulnerability in IBM Spectrum Copy Data Management

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to reverse tabnabbing where it could allow a page linked to from within IBM Spectrum Copy Data Management to rewrite it.

3.5
2022-06-10 CVE-2022-30611 IBM Cross-site Scripting vulnerability in IBM Spectrum Copy Data Management

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.

3.5
2022-06-10 CVE-2017-20034 Phplist Cross-site Scripting vulnerability in PHPlist 3.2.6

A vulnerability classified as problematic was found in PHPList 3.2.6.

3.5
2022-06-10 CVE-2017-20035 Phplist Cross-site Scripting vulnerability in PHPlist 3.2.6

A vulnerability, which was classified as problematic, has been found in PHPList 3.2.6.

3.5
2022-06-10 CVE-2017-20036 Phplist Cross-site Scripting vulnerability in PHPlist 3.2.6

A vulnerability, which was classified as problematic, was found in PHPList 3.2.6.

3.5
2022-06-09 CVE-2022-24876 Glpi Project Cross-site Scripting vulnerability in Glpi-Project Glpi 10.0.0

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.

3.5
2022-06-09 CVE-2022-2014 Diagrams Code Injection vulnerability in Diagrams Drawio

Code Injection in GitHub repository jgraph/drawio prior to 19.0.2.

3.5
2022-06-09 CVE-2022-2015 Diagrams Cross-site Scripting vulnerability in Diagrams Drawio

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 19.0.2.

3.5
2022-06-09 CVE-2022-2026 Kromit Cross-site Scripting vulnerability in Kromit Titra

Cross-site Scripting (XSS) - Stored in GitHub repository kromitgmbh/titra prior to 0.77.0.

3.5
2022-06-09 CVE-2022-2027 Kromit Improper Neutralization of Formula Elements in a CSV File vulnerability in Kromit Titra

Improper Neutralization of Formula Elements in a CSV File in GitHub repository kromitgmbh/titra prior to 0.77.0.

3.5
2022-06-09 CVE-2022-2028 Kromit Cross-site Scripting vulnerability in Kromit Titra

Cross-site Scripting (XSS) - Generic in GitHub repository kromitgmbh/titra prior to 0.77.0.

3.5
2022-06-09 CVE-2022-2029 Kromit Cross-site Scripting vulnerability in Kromit Titra

Cross-site Scripting (XSS) - DOM in GitHub repository kromitgmbh/titra prior to 0.77.0.

3.5
2022-06-09 CVE-2022-2036 Rosariosis Cross-site Scripting vulnerability in Rosariosis

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.1.

3.5
2022-06-09 CVE-2022-31038 Gogs Cross-site Scripting vulnerability in Gogs

Gogs is an open source self-hosted Git service.

3.5
2022-06-09 CVE-2022-2016 Facturascripts Cross-site Scripting vulnerability in Facturascripts

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.1.

3.5
2022-06-09 CVE-2021-40610 Emlog PRO Project Cross-site Scripting vulnerability in Emlog PRO Project Emlog PRO 1.0.4

Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management.

3.5
2022-06-08 CVE-2022-30899 Partkeepr Cross-site Scripting vulnerability in Partkeepr 1.4.0

A Cross Site Scripting vulnerabilty exists in PartKeepr 1.4.0 via the 'name' field in /api/part_categories.

3.5
2022-06-08 CVE-2022-1997 Rosariosis Cross-site Scripting vulnerability in Rosariosis

Cross-site Scripting (XSS) - Stored in GitHub repository francoisjacquet/rosariosis prior to 9.0.

3.5
2022-06-08 CVE-2022-1394 10Web Cross-site Scripting vulnerability in 10Web Photo Gallery

The Photo Gallery by 10Web WordPress plugin before 1.6.4 does not properly validate and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

3.5
2022-06-08 CVE-2022-1469 Fibosearch Cross-site Scripting vulnerability in Fibosearch

The FiboSearch WordPress plugin before 1.17.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

3.5
2022-06-08 CVE-2022-1506 WP Born Babies Project Cross-site Scripting vulnerability in WP Born Babies Project WP Born Babies

The WP Born Babies WordPress plugin through 1.0 does not sanitise and escape some of its fields, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks

3.5
2022-06-08 CVE-2022-1541 Richweb Cross-site Scripting vulnerability in Richweb Video Slider

The Video Slider WordPress plugin before 1.4.8 does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

3.5
2022-06-08 CVE-2022-1569 Pieforms Cross-site Scripting vulnerability in Pieforms Drag & Drop Builder

The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! WordPress plugin before 1.4.9.4 does not sanitise and escape some of its form fields, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

3.5
2022-06-08 CVE-2022-1647 Ncrafts Cross-site Scripting vulnerability in Ncrafts Formcraft

The FormCraft WordPress plugin before 1.2.6 does not sanitise and escape Field Labels, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

3.5
2022-06-08 CVE-2020-36544 Sialweb Cross-site Scripting vulnerability in Sialweb CMS

A vulnerability has been found in SialWeb CMS and classified as problematic.

3.5
2022-06-07 CVE-2022-2022 Xgenecloud Cross-site Scripting vulnerability in Xgenecloud Nocodb

Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7.

3.5
2022-06-07 CVE-2020-36523 Avono Cross-site Scripting vulnerability in Avono Plantuml 6.43

A vulnerability was found in PlantUML 6.43.

3.5
2022-06-07 CVE-2020-36524 Refined Cross-site Scripting vulnerability in Refined Toolkit 2.2.5

A vulnerability was found in Refined Toolkit.

3.5
2022-06-07 CVE-2020-36525 Servicerocket Cross-site Scripting vulnerability in Servicerocket Linking 5.5.3

A vulnerability classified as problematic has been found in Linking.

3.5
2022-06-07 CVE-2020-36526 Akeles Cross-site Scripting vulnerability in Akeles Countdown Timer 1.7.0

A vulnerability classified as problematic was found in Countdown Timer.

3.5
2022-06-07 CVE-2020-36527 Aptis Solutions Cross-site Scripting vulnerability in Aptis-Solutions Server Status 1.2.1

A vulnerability, which was classified as problematic, has been found in Server Status.

3.5
2022-06-07 CVE-2022-1991 Fast Food Ordering System Project Cross-site Scripting vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0

A vulnerability classified as problematic has been found in Fast Food Ordering System 1.0.

3.5
2022-06-06 CVE-2022-28051 Seeddms Cross-site Scripting vulnerability in Seeddms 5.1.25/6.0.18

The "Add category" functionality inside the "Global Keywords" menu in "SeedDMS" version 6.0.18 and 5.1.25, is prone to stored XSS which allows an attacker to inject malicious javascript code.

3.5
2022-06-06 CVE-2022-28479 Seeddms Cross-site Scripting vulnerability in Seeddms 5.1.25/6.0.18

SeedDMS versions 6.0.18 and 5.1.25 and below are vulnerable to stored XSS.

3.5
2022-06-06 CVE-2022-1940 Gitlab Cross-site Scripting vulnerability in Gitlab

A Stored Cross-Site Scripting vulnerability in Jira integration in GitLab EE affecting all versions from 13.11 prior to 14.9.5, 14.10 prior to 14.10.4, and 15.0 prior to 15.0.1 allows an attacker to execute arbitrary JavaScript code in GitLab on a victim's behalf via specially crafted Jira Issues

3.5
2022-06-06 CVE-2022-30861 Fudforum Cross-site Scripting vulnerability in Fudforum 3.1.2

FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature.

3.5
2022-06-06 CVE-2022-30863 Fudforum Cross-site Scripting vulnerability in Fudforum 3.1.2

FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel.

3.5
2022-06-10 CVE-2022-22426 IBM Unspecified vulnerability in IBM Spectrum Copy Data Management

IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to bypass authentication restrictions, caused by the lack of proper session management.

3.3
2022-06-07 CVE-2022-30466 Joybike Authentication Bypass by Capture-replay vulnerability in Joybike Wolf Firmware 2022

joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay.

3.3
2022-06-07 CVE-2022-30723 Google Improper Handling of Exceptional Conditions vulnerability in Google Android 10.0/11.0/12.0

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

3.3
2022-06-07 CVE-2022-30724 Google Improper Handling of Exceptional Conditions vulnerability in Google Android 10.0/11.0/12.0

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

3.3
2022-06-07 CVE-2022-30725 Google Improper Handling of Exceptional Conditions vulnerability in Google Android 10.0/11.0/12.0

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

3.3
2022-06-06 CVE-2022-1783 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 14.9.5, all versions starting from 14.10 before 14.10.4, all versions starting from 15.0 before 15.0.1.

2.7
2022-06-06 CVE-2020-6220 SAP Cross-site Scripting vulnerability in SAP Business Objects Business Intelligence Platform 4.1/4.2

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

2.6
2022-06-11 CVE-2017-20040 Sicunet Cleartext Storage of Sensitive Information vulnerability in Sicunet Access Control 0.3205Z

A vulnerability was found in SICUNET Access Controller 0.32-05z.

2.1
2022-06-09 CVE-2022-30702 Trendmicro Out-of-bounds Read vulnerability in Trendmicro Security 2022

Trend Micro Security 2022 and 2021 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure vulnerability that could allow an attacker to disclose sensitive information on an affected machine.

2.1
2022-06-09 CVE-2022-25804 Igel Incorrect Default Permissions vulnerability in Igel Universal Management Suite 6.07.100

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100.

2.1
2022-06-09 CVE-2022-25807 Igel Use of Hard-coded Credentials vulnerability in Igel Universal Management Suite 6.07.100

An issue was discovered in the IGEL Universal Management Suite (UMS) 6.07.100.

2.1
2022-06-08 CVE-2022-28385 Verbatim Insufficient Verification of Data Authenticity vulnerability in Verbatim products

An issue was discovered in certain Verbatim drives through 2022-03-31.

2.1
2022-06-08 CVE-2022-28387 Verbatim Unspecified vulnerability in Verbatim products

An issue was discovered in certain Verbatim drives through 2022-03-31.

2.1
2022-06-08 CVE-2022-30552 Denx Classic Buffer Overflow vulnerability in Denx U-Boot 2022.01

Das U-Boot 2022.01 has a Buffer Overflow.

2.1
2022-06-07 CVE-2022-30727 Google Improper Handling of Exceptional Conditions vulnerability in Google Android 10.0/11.0/12.0

Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.

2.1
2022-06-07 CVE-2022-30728 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 11.0/12.0

Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.

2.1
2022-06-07 CVE-2022-30740 Samsung Insecure Storage of Sensitive Information vulnerability in Samsung Internet

Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers.

2.1
2022-06-07 CVE-2022-30741 Samsung Information Exposure Through Log Files vulnerability in Samsung Find MY Mobile

Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log.

2.1
2022-06-07 CVE-2022-30742 Samsung Information Exposure Through Log Files vulnerability in Samsung Find MY Mobile

Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log.

2.1
2022-06-07 CVE-2022-30747 Samsung Incorrect Default Permissions vulnerability in Samsung Smartthings 1.7.73.22/1.7.85.12

PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.

2.1
2022-06-07 CVE-2022-30748 Samsung Unspecified vulnerability in Samsung Members

Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity.

2.1
2022-06-07 CVE-2022-28794 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.

2.1
2022-06-07 CVE-2022-30714 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.

2.1
2022-06-07 CVE-2022-30729 Google Unspecified vulnerability in Google Android 12.0

Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.

2.1
2022-06-06 CVE-2022-21746 Google Out-of-bounds Read vulnerability in Google Android

In imgsensor, there is a possible out of bounds read due to a missing bounds check.

2.1
2022-06-06 CVE-2022-21747 Google Out-of-bounds Read vulnerability in Google Android

In imgsensor, there is a possible out of bounds read due to a missing bounds check.

2.1
2022-06-06 CVE-2022-21755 Google Out-of-bounds Read vulnerability in Google Android 11.0/12.0

In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check.

2.1
2022-06-06 CVE-2022-21756 Google Out-of-bounds Read vulnerability in Google Android 11.0/12.0

In WLAN driver, there is a possible out of bounds read due to an incorrect bounds check.

2.1