Weekly Vulnerabilities Reports > June 13 to 19, 2022

Overview

765 new vulnerabilities reported during this period, including 56 critical vulnerabilities and 235 high severity vulnerabilities. This weekly summary report vulnerabilities in 1387 products from 260 vendors including Google, Qualcomm, Microsoft, Siemens, and Ffmpeg. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Out-of-bounds Write", "Cross-Site Request Forgery (CSRF)", and "Out-of-bounds Read".

  • 545 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 229 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 506 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 80 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

56 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-06-17 CVE-2022-30422 Proietti Use of Hard-coded Credentials vulnerability in Proietti Planet Time Enterprise

Proietti Tech srl Planet Time Enterprise 4.2.0.1,4.2.0.0,4.1.0.0,4.0.0.0,3.3.1.0,3.3.0.0 is vulnerable to Remote code execution via the Viewstate parameter.

10.0
2022-06-16 CVE-2022-30329 Trendnet OS Command Injection vulnerability in Trendnet Tew-831Dr Firmware 1.0601.130.1.1356

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices.

10.0
2022-06-15 CVE-2022-20140 Google Out-of-bounds Write vulnerability in Google Android 12.0/12.1

In read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an incorrect bounds check.

10.0
2022-06-15 CVE-2022-20145 Google Unspecified vulnerability in Google Android 11.0

In startLegacyVpnPrivileged of Vpn.java, there is a possible way to retrieve VPN credentials due to a protocol downgrade attack.

10.0
2022-06-15 CVE-2022-20160 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-210083655References: N/A

10.0
2022-06-15 CVE-2022-20164 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-204891956References: N/A

10.0
2022-06-15 CVE-2022-20167 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-204956204References: N/A

10.0
2022-06-15 CVE-2022-20170 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-209421931References: N/A

10.0
2022-06-15 CVE-2022-20171 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-215565667References: N/A

10.0
2022-06-15 CVE-2022-20173 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-207116951References: N/A

10.0
2022-06-15 CVE-2022-20191 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-209324757References: N/A

10.0
2022-06-15 CVE-2022-20210 Google Unspecified vulnerability in Google Android

The UE and the EMM communicate with each other using NAS messages.

10.0
2022-06-15 CVE-2022-20127 Google Double Free vulnerability in Google Android

In ce_t4t_data_cback of ce_t4t.cc, there is a possible out of bounds write due to a double free.

10.0
2022-06-14 CVE-2021-30341 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

10.0
2022-06-14 CVE-2021-35081 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

10.0
2022-06-14 CVE-2021-35104 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

10.0
2022-06-14 CVE-2022-22086 Qualcomm Double Free vulnerability in Qualcomm products

Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

10.0
2022-06-14 CVE-2022-22087 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

10.0
2022-06-14 CVE-2022-25651 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

10.0
2022-06-13 CVE-2022-29797 Huawei Classic Buffer Overflow vulnerability in Huawei Cv81-Wdm Firmware 01.70.49.29.46

There is a buffer overflow vulnerability in CV81-WDM FW 01.70.49.29.46.

10.0
2022-06-17 CVE-2022-22485 IBM Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Spectrum Protect Operations Center

In some cases, an unsuccessful attempt to log into IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.14.000 does not cause the administrator's invalid sign-on count to be incremented on the IBM Spectrum Protect Server.

9.8
2022-06-17 CVE-2021-40903 Antminer Monitor Project Use of Hard-coded Credentials vulnerability in Antminer Monitor Project Antminer Monitor 0.50.0

A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server.

9.8
2022-06-17 CVE-2021-45024 Rocketsoftware XXE vulnerability in Rocketsoftware Ags-Zena 4.2.1

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to XML External Entity (XXE).

9.8
2022-06-16 CVE-2022-24562 Iobit Missing Authentication for Critical Function vulnerability in Iobit Iotransfer 4.3.1.1561

In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.

9.8
2022-06-16 CVE-2022-31382 Phpgurukul SQL Injection vulnerability in PHPgurukul Directory Management System 1.0

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php.

9.8
2022-06-16 CVE-2022-31383 Phpgurukul SQL Injection vulnerability in PHPgurukul Directory Management System 1.0

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.

9.8
2022-06-16 CVE-2022-31384 Phpgurukul SQL Injection vulnerability in PHPgurukul Directory Management System 1.0

Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.

9.8
2022-06-15 CVE-2022-30136 Microsoft Unspecified vulnerability in Microsoft products

Windows Network File System Remote Code Execution Vulnerability

9.8
2022-06-15 CVE-2021-41418 Ariang Project Missing Authentication for Critical Function vulnerability in Ariang Project Ariang

AriaNg v0.1.0~v1.2.2 is affected by an incorrect access control vulnerability through not authenticating visitors' access rights.

9.8
2022-06-15 CVE-2017-20049 Axis Improper Privilege Management vulnerability in Axis products

A vulnerability, was found in legacy Axis devices such as P3225 and M3005.

9.8
2022-06-15 CVE-2022-20733 Cisco Unspecified vulnerability in Cisco Identity Services Engine 3.1

A vulnerability in the login page of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to log in without credentials and access all roles without any restrictions.

9.8
2022-06-15 CVE-2022-20798 Cisco Improper Authentication vulnerability in Cisco products

A vulnerability in the external authentication functionality of Cisco Secure Email and Web Manager, formerly known as Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass authentication and log in to the web management interface of an affected device.

9.8
2022-06-15 CVE-2022-20825 Cisco Out-of-bounds Write vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause an affected device to restart unexpectedly, resulting in a denial of service (DoS) condition.

9.8
2022-06-15 CVE-2022-20130 Google Improper Check for Unusual or Exceptional Conditions vulnerability in Google Android

In transportDec_OutOfBandConfig of tpdec_lib.cpp, there is a possible out of bounds write due to a heap buffer overflow.

9.8
2022-06-14 CVE-2022-27668 SAP Incorrect Authorization vulnerability in SAP products

Depending on the configuration of the route permission table in file 'saprouttab', it is possible for an unauthenticated attacker to execute SAProuter administration commands in SAP NetWeaver and ABAP Platform - versions KERNEL 7.49, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.49, KRNL64UC 7.49, SAP_ROUTER 7.53, 7.22, from a remote client, for example stopping the SAProuter, that could highly impact systems availability.

9.8
2022-06-14 CVE-2022-31311 Wavlink OS Command Injection vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719

An issue in adm.cgi of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to execute arbitrary commands via a crafted POST request.

9.8
2022-06-14 CVE-2022-32251 Siemens Missing Authentication for Critical Function vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1).

9.8
2022-06-14 CVE-2022-32260 Siemens Unspecified vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1).

9.8
2022-06-14 CVE-2022-32262 Siemens Command Injection vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1).

9.8
2022-06-14 CVE-2022-31446 Tendacn OS Command Injection vulnerability in Tendacn Ac18 Firmware 15.03.05.05/15.03.05.19

Tenda AC18 router V15.03.05.19 and V15.03.05.05 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac.

9.8
2022-06-13 CVE-2022-31053 Biscuitsec
Clever Cloud
Improper Verification of Cryptographic Signature vulnerability in multiple products

Biscuit is an authentication and authorization token for microservices architectures.

9.8
2022-06-13 CVE-2022-33175 Powertekpdus Incorrect Permission Assignment for Critical Resource vulnerability in Powertekpdus products

Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 have an insecure permissions setting on the user.token field that is accessible to everyone through the /cgi/get_param.cgi HTTP API.

9.8
2022-06-13 CVE-2022-30308 Festo Incorrect Authorization vulnerability in Festo products

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-on" POST request doesn’t check for port syntax.

9.8
2022-06-13 CVE-2022-30309 Festo Incorrect Authorization vulnerability in Festo products

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web-viewer-request-off" POST request doesn’t check for port syntax.

9.8
2022-06-13 CVE-2022-30310 Festo Incorrect Authorization vulnerability in Festo products

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-acknerr-request" POST request doesn’t check for port syntax.

9.8
2022-06-13 CVE-2022-30311 Festo Incorrect Authorization vulnerability in Festo products

In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-refresh-request" POST request doesn’t check for port syntax.

9.8
2022-06-13 CVE-2022-0885 Memberhero Missing Authorization vulnerability in Memberhero Member Hero 1.0.9

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.

9.8
2022-06-13 CVE-2021-37404 Apache Out-of-bounds Write vulnerability in Apache Hadoop

There is a potential heap buffer overflow in Apache Hadoop libhdfs native code.

9.8
2022-06-14 CVE-2021-35083 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

9.4
2022-06-15 CVE-2021-40727 Adobe Access of Memory Location After End of Buffer vulnerability in Adobe Indesign

Access of Memory Location After End of Buffer (CWE-788

9.3
2022-06-14 CVE-2021-30347 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

9.3
2022-06-14 CVE-2021-35082 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command packet has been received in Snapdragon Industrial IOT

9.3
2022-06-14 CVE-2022-32559 Couchbase Allocation of Resources Without Limits or Throttling vulnerability in Couchbase Server

An issue was discovered in Couchbase Server before 7.0.4.

9.1
2022-06-14 CVE-2022-32328 Fast Food Ordering System Project Path Traversal vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0

Fast Food Ordering System v1.0 is vulnerable to Delete any file.

9.1
2022-06-14 CVE-2022-29241 Jupyter Unspecified vulnerability in Jupyter Server

Jupyter Server provides the backend (i.e.

9.0
2022-06-13 CVE-2022-1654 Artbees Unspecified vulnerability in Artbees Jupiter and Jupiterx

Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions

9.0

235 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-06-17 CVE-2022-2111 Inventree Project Unrestricted Upload of File with Dangerous Type vulnerability in Inventree Project Inventree

Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2.

8.8
2022-06-17 CVE-2022-2112 Inventree Project Improper Neutralization of Formula Elements in a CSV File vulnerability in Inventree Project Inventree

Improper Neutralization of Formula Elements in a CSV File in GitHub repository inventree/inventree prior to 0.7.2.

8.8
2022-06-16 CVE-2022-33753 Broadcom Unspecified vulnerability in Broadcom CA Automic Automation 12.2/12.3

CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges.

8.8
2022-06-16 CVE-2022-30023 Tenda OS Command Injection vulnerability in Tenda HG9 Firmware 1.0.1

Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function.

8.8
2022-06-16 CVE-2022-31849 Mercurycom Unspecified vulnerability in Mercurycom Mipc451-4 Firmware 1.0.22

MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request.

8.8
2022-06-16 CVE-2022-31626 PHP
Debian
Classic Buffer Overflow vulnerability in multiple products

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability.

8.8
2022-06-15 CVE-2022-30153 Microsoft Unspecified vulnerability in Microsoft products

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

8.8
2022-06-15 CVE-2022-30157 Microsoft Unspecified vulnerability in Microsoft Sharepoint Server 2013/2016/2019

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8
2022-06-15 CVE-2022-30158 Microsoft Unspecified vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server

Microsoft SharePoint Server Remote Code Execution Vulnerability

8.8
2022-06-15 CVE-2022-30161 Microsoft Unspecified vulnerability in Microsoft products

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

8.8
2022-06-15 CVE-2022-30165 Microsoft Unspecified vulnerability in Microsoft products

Windows Kerberos Elevation of Privilege Vulnerability

8.8
2022-06-15 CVE-2022-29450 Admin Management Xtended Project Cross-Site Request Forgery (CSRF) vulnerability in Admin Management Xtended Project Admin Management Xtended

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress.

8.8
2022-06-15 CVE-2021-33036 Apache Path Traversal vulnerability in Apache Hadoop

In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user.

8.8
2022-06-14 CVE-2022-31595 SAP Missing Authorization vulnerability in SAP Adaptive Server Enterprise

SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

8.8
2022-06-14 CVE-2022-31619 Siemens Use of Hard-coded Credentials vulnerability in Siemens Teamcenter

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions < V14.0.0.2).

8.8
2022-06-13 CVE-2022-1749 Wpmk Ajax Finder Project Cross-Site Request Forgery (CSRF) vulnerability in Wpmk Ajax Finder Project Wpmk Ajax Finder 1.0.1

The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.

8.8
2022-06-13 CVE-2022-1969 Script Cross-Site Request Forgery (CSRF) vulnerability in Script Mobile Browser Color Select 1.0.1

The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1.

8.8
2022-06-13 CVE-2022-1900 Copify Cross-Site Request Forgery (CSRF) vulnerability in Copify

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0.

8.8
2022-06-13 CVE-2022-1918 Toolbar TO Share Project Cross-Site Request Forgery (CSRF) vulnerability in Toolbar to Share Project Toolbar to Share 2.0

The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.

8.8
2022-06-13 CVE-2017-20042 Vendavo SQL Injection vulnerability in Vendavo Pricepoint 4.6.0.0

A vulnerability has been found in Navetti PricePoint 4.6.0.0 and classified as critical.

8.8
2022-06-13 CVE-2017-20045 Vendavo Cross-Site Request Forgery (CSRF) vulnerability in Vendavo Pricepoint 4.6.0.0

A vulnerability was found in Navetti PricePoint 4.6.0.0.

8.8
2022-06-15 CVE-2022-30163 Microsoft Race Condition vulnerability in Microsoft products

Windows Hyper-V Remote Code Execution Vulnerability

8.5
2022-06-15 CVE-2022-22021 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

8.3
2022-06-14 CVE-2021-35123 Qualcomm Unspecified vulnerability in Qualcomm products

Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon Industrial IOT

8.3
2022-06-16 CVE-2022-27511 Citrix Unspecified vulnerability in Citrix Application Delivery Management

Corruption of the system by a remote, unauthenticated user.

8.1
2022-06-16 CVE-2022-31625 PHP
Debian
Release of Invalid Pointer or Reference vulnerability in multiple products

In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers.

8.1
2022-06-15 CVE-2022-30141 Microsoft Unspecified vulnerability in Microsoft products

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

8.1
2022-06-15 CVE-2022-32156 Splunk Improper Certificate Validation vulnerability in Splunk

In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default.

8.1
2022-06-19 CVE-2022-34006 Southrivertech Improper Privilege Management vulnerability in Southrivertech Titan FTP Server Nextgen

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050.

7.8
2022-06-19 CVE-2022-2129 VIM
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

7.8
2022-06-19 CVE-2022-2126 VIM
Debian
Fedoraproject
Apple
Out-of-bounds Read vulnerability in multiple products

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

7.8
2022-06-19 CVE-2022-2125 VIM
Fedoraproject
Apple
Heap-based Buffer Overflow vulnerability in multiple products

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

7.8
2022-06-19 CVE-2022-2124 VIM
Debian
Fedoraproject
Apple
Buffer Over-read vulnerability in multiple products

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

7.8
2022-06-19 CVE-2014-125020 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability has been found in FFmpeg 2.0 and classified as critical.

7.8
2022-06-19 CVE-2014-125024 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability was found in FFmpeg 2.0.

7.8
2022-06-18 CVE-2014-125011 Ffmpeg Incorrect Conversion between Numeric Types vulnerability in Ffmpeg 2.0

A vulnerability was found in FFmpeg 2.0.

7.8
2022-06-18 CVE-2014-125015 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability classified as critical has been found in FFmpeg 2.0.

7.8
2022-06-18 CVE-2014-125017 Ffmpeg Out-of-bounds Read vulnerability in Ffmpeg 2.0

A vulnerability classified as critical was found in FFmpeg 2.0.

7.8
2022-06-17 CVE-2020-36547 GE Use of Hard-coded Credentials vulnerability in GE Voluson S8 Firmware

A vulnerability was found in GE Voluson S8.

7.8
2022-06-17 CVE-2020-36548 GE Improper Authentication vulnerability in GE Voluson S8 Firmware

A vulnerability classified as problematic has been found in GE Voluson S8.

7.8
2022-06-17 CVE-2020-36549 GE Unspecified vulnerability in GE Voluson S8 Firmware

A vulnerability classified as critical was found in GE Voluson S8.

7.8
2022-06-17 CVE-2022-33912 Tribe29
Checkmk
Incorrect Default Permissions vulnerability in multiple products

A permission issue affects users that deployed the shipped version of the Checkmk Debian package.

7.8
2022-06-16 CVE-2022-31464 Adaware Incorrect Permission Assignment for Critical Resource vulnerability in Adaware Protect 1.2.439.4251

Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path.

7.8
2022-06-16 CVE-2022-30656 Adobe Out-of-bounds Write vulnerability in Adobe Incopy

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-06-16 CVE-2022-32545 Imagemagick
Redhat
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned char' at coders/psd.c, when crafted or untrusted input is processed.

7.8
2022-06-16 CVE-2022-32546 Imagemagick
Redhat
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

A vulnerability was found in ImageMagick, causing an outside the range of representable values of type 'unsigned long' at coders/pcl.c, when crafted or untrusted input is processed.

7.8
2022-06-16 CVE-2022-32547 Imagemagick
Redhat
Fedoraproject
Incorrect Type Conversion or Cast vulnerability in multiple products

In ImageMagick, there is load of misaligned address for type 'double', which requires 8 byte alignment and for type 'float', which requires 4 byte alignment at MagickCore/property.c.

7.8
2022-06-16 CVE-2022-30659 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-06-16 CVE-2017-20052 Python Uncontrolled Search Path Element vulnerability in Python 2.7.13

A vulnerability classified as problematic was found in Python 2.7.13.

7.8
2022-06-15 CVE-2022-20203 Google Out-of-bounds Write vulnerability in Google Android 12.1

In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files.

7.8
2022-06-15 CVE-2022-22018 Microsoft Unspecified vulnerability in Microsoft Hevc Video Extensions

HEVC Video Extensions Remote Code Execution Vulnerability

7.8
2022-06-15 CVE-2022-29111 Microsoft Unspecified vulnerability in Microsoft Hevc Video Extensions

HEVC Video Extensions Remote Code Execution Vulnerability

7.8
2022-06-15 CVE-2022-29119 Microsoft Unspecified vulnerability in Microsoft Hevc Video Extensions

HEVC Video Extensions Remote Code Execution Vulnerability

7.8
2022-06-15 CVE-2022-29149 Microsoft Unspecified vulnerability in Microsoft products

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

7.8
2022-06-15 CVE-2022-30131 Microsoft Unspecified vulnerability in Microsoft products

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability

7.8
2022-06-15 CVE-2022-30132 Microsoft Unspecified vulnerability in Microsoft products

Windows Container Manager Service Elevation of Privilege Vulnerability

7.8
2022-06-15 CVE-2022-30135 Microsoft Unspecified vulnerability in Microsoft products

Windows Media Center Elevation of Privilege Vulnerability

7.8
2022-06-15 CVE-2022-30147 Microsoft Unspecified vulnerability in Microsoft products

Windows Installer Elevation of Privilege Vulnerability

7.8
2022-06-15 CVE-2022-30160 Microsoft Unspecified vulnerability in Microsoft products

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

7.8
2022-06-15 CVE-2022-30164 Microsoft Unspecified vulnerability in Microsoft products

Kerberos AppContainer Security Feature Bypass Vulnerability

7.8
2022-06-15 CVE-2022-30166 Microsoft Unspecified vulnerability in Microsoft products

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

7.8
2022-06-15 CVE-2022-30167 Microsoft Unspecified vulnerability in Microsoft AV1 Video Extension

AV1 Video Extension Remote Code Execution Vulnerability

7.8
2022-06-15 CVE-2022-30168 Microsoft Unspecified vulnerability in Microsoft Photos

Microsoft Photos App Remote Code Execution Vulnerability

7.8
2022-06-15 CVE-2022-30173 Microsoft Unspecified vulnerability in Microsoft Excel and Office web Apps Server

Microsoft Excel Remote Code Execution Vulnerability

7.8
2022-06-15 CVE-2022-30174 Microsoft Unspecified vulnerability in Microsoft 365 Apps and Office Long Term Servicing Channel

Microsoft Office Remote Code Execution Vulnerability

7.8
2022-06-15 CVE-2022-30177 Microsoft Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

7.8
2022-06-15 CVE-2022-30178 Microsoft Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

7.8
2022-06-15 CVE-2022-30179 Microsoft Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

7.8
2022-06-15 CVE-2022-30180 Microsoft Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio

Azure RTOS GUIX Studio Information Disclosure Vulnerability

7.8
2022-06-15 CVE-2022-30188 Microsoft Unspecified vulnerability in Microsoft Hevc Video Extensions

HEVC Video Extensions Remote Code Execution Vulnerability

7.8
2022-06-15 CVE-2022-30193 Microsoft Unspecified vulnerability in Microsoft AV1 Video Extension 1.1.32442.0

AV1 Video Extension Remote Code Execution Vulnerability

7.8
2022-06-15 CVE-2022-24946 Mitsubishielectric Improper Locking vulnerability in Mitsubishielectric products

Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No.

7.8
2022-06-15 CVE-2021-43755 Adobe Out-of-bounds Write vulnerability in Adobe After Effects

Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user.

7.8
2022-06-15 CVE-2022-28226 Yandex Exposure of Resource to Wrong Sphere vulnerability in Yandex Browser

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process.

7.8
2022-06-15 CVE-2022-28844 Adobe Out-of-bounds Write vulnerability in Adobe Bridge

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-06-15 CVE-2022-28849 Adobe Use After Free vulnerability in Adobe Bridge

Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-06-15 CVE-2021-43754 Adobe Out-of-bounds Write vulnerability in Adobe Prelude

Adobe Prelude version 22.1.1 (and earlier) is affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user.

7.8
2022-06-15 CVE-2021-43756 Adobe Out-of-bounds Write vulnerability in Adobe Media Encoder

Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an Out-of-bounds Write vulnerability.

7.8
2022-06-15 CVE-2022-31216 ABB Link Following vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist.

7.8
2022-06-15 CVE-2022-31217 ABB Link Following vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist.

7.8
2022-06-15 CVE-2022-31218 ABB Link Following vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist.

7.8
2022-06-15 CVE-2022-31219 ABB Link Following vulnerability in ABB Automation Builder, Drive Composer and Mint Workbench

Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist.

7.8
2022-06-15 CVE-2021-39820 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user.

7.8
2022-06-15 CVE-2022-20138 Google Missing Authorization vulnerability in Google Android

In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check.

7.8
2022-06-15 CVE-2022-20144 Google Unspecified vulnerability in Google Android 10.0/11.0

In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy.

7.8
2022-06-15 CVE-2022-20168 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A

7.8
2022-06-15 CVE-2022-20181 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A

7.8
2022-06-15 CVE-2022-20186 Google Improper Input Validation vulnerability in Google Android

In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation.

7.8
2022-06-15 CVE-2022-20190 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A

7.8
2022-06-15 CVE-2022-20204 Google Missing Authorization vulnerability in Google Android 12.1

In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check.

7.8
2022-06-15 CVE-2022-20123 Google Out-of-bounds Read vulnerability in Google Android

In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check.

7.8
2022-06-15 CVE-2022-20124 Google Unspecified vulnerability in Google Android

In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass.

7.8
2022-06-15 CVE-2022-20133 Google Missing Authorization vulnerability in Google Android

In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check.

7.8
2022-06-14 CVE-2022-32230 Microsoft NULL Pointer Dereference vulnerability in Microsoft Windows 10, Windows 11 and Windows Server 2019

Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set.

7.8
2022-06-14 CVE-2021-30340 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.8
2022-06-14 CVE-2021-30350 Qualcomm Improper Validation of Specified Quantity in Input vulnerability in Qualcomm products

Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

7.8
2022-06-14 CVE-2021-35073 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Possible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.8
2022-06-14 CVE-2021-35076 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Possible null pointer dereference due to improper validation of RRC connection reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.8
2022-06-14 CVE-2021-35078 Qualcomm Memory Leak vulnerability in Qualcomm products

Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.8
2022-06-14 CVE-2021-35086 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over read due to improper validation of SIB type when processing a NR system Information message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.8
2022-06-14 CVE-2021-35087 Qualcomm NULL Pointer Dereference vulnerability in Qualcomm products

Possible null pointer access due to improper validation of system information message to be processed in Snapdragon Industrial IOT, Snapdragon Mobile

7.8
2022-06-14 CVE-2021-35096 Qualcomm Allocation of Resources Without Limits or Throttling vulnerability in Qualcomm products

Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.8
2022-06-14 CVE-2021-35100 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.8
2022-06-14 CVE-2021-35102 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

7.8
2022-06-14 CVE-2022-22057 Qualcomm Race Condition vulnerability in Qualcomm products

Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.8
2022-06-14 CVE-2022-22064 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.8
2022-06-14 CVE-2022-22065 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.8
2022-06-14 CVE-2022-22072 Qualcomm Improper Validation of Specified Quantity in Input vulnerability in Qualcomm products

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

7.8
2022-06-14 CVE-2022-22083 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.8
2022-06-14 CVE-2022-31465 Siemens Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Xpedition Designer

A vulnerability has been identified in Xpedition Designer VX.2.10 (All versions < VX.2.10 Update 13), Xpedition Designer VX.2.11 (All versions < VX.2.11 Update 11), Xpedition Designer VX.2.12 (All versions < VX.2.12 Update 5), Xpedition Designer VX.2.13 (All versions < VX.2.13 Update 1).

7.8
2022-06-14 CVE-2022-32252 Siemens Insufficient Verification of Data Authenticity vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1).

7.8
2022-06-14 CVE-2022-29925 Fujielectric Access of Uninitialized Pointer vulnerability in Fujielectric V-Sft 6.0.0.0/6.1.5.0

Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

7.8
2022-06-13 CVE-2022-29798 Huawei Unspecified vulnerability in Huawei Cv81-Wdm Firmware 01.70.49.29.46

There is a denial of service vulnerability in CV81-WDM FW versions 01.70.49.29.46.

7.8
2022-06-13 CVE-2022-31762 Huawei Improper Input Validation vulnerability in Huawei Emui, Harmonyos and Magic UI

The AMS module has a vulnerability in input validation.

7.8
2022-06-15 CVE-2022-20664 Cisco Information Exposure vulnerability in Cisco Email Security Appliance

A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device.

7.7
2022-06-19 CVE-2022-34005 Southrivertech Use of Hard-coded Credentials vulnerability in Southrivertech Titan FTP Server Nextgen

An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050.

7.5
2022-06-17 CVE-2022-25852 PG Native Project
Libpq Project
Incorrect Type Conversion or Cast vulnerability in multiple products

All versions of package pg-native; all versions of package libpq are vulnerable to Denial of Service (DoS) when the addons attempt to cast the second argument to an array and fail.

7.5
2022-06-17 CVE-2022-25856 Argo Events Project Link Following vulnerability in Argo Events Project Argo Events

The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go.

7.5
2022-06-17 CVE-2022-31874 Asus Command Injection vulnerability in Asus Rt-N53 Firmware 3.0.0.4.376.3754

ASUS RT-N53 3.0.0.4.376.3754 has a command injection vulnerability in the SystemCmd parameter of the apply.cgi interface.

7.5
2022-06-17 CVE-2022-31083 Parseplatform Improper Certificate Validation vulnerability in Parseplatform Parse-Server

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js.

7.5
2022-06-17 CVE-2022-31941 Rescue Dispatch Management System Project SQL Injection vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via \rdms\admin?page=user\manage_user&id=.

7.5
2022-06-17 CVE-2022-21806 Anker Use After Free vulnerability in Anker Eufy Homebase 2 Firmware 2.1.8.5H

A use-after-free vulnerability exists in the mips_collector appsrv_server functionality of Anker Eufy Homebase 2 2.1.8.5h.

7.5
2022-06-17 CVE-2022-29496 Blynk Out-of-bounds Write vulnerability in Blynk Blynk-Library 1.0.1

A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1.

7.5
2022-06-17 CVE-2022-31355 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=.

7.5
2022-06-17 CVE-2022-31356 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=.

7.5
2022-06-17 CVE-2022-31357 Online Ordering System Project SQL Injection vulnerability in Online Ordering System Project Online Ordering System 2.3.2

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=.

7.5
2022-06-17 CVE-2021-41408 Voipmonitor SQL Injection vulnerability in Voipmonitor 24.61

VoIPmonitor WEB GUI up to version 24.61 is affected by SQL injection through the "api.php" file and "user" parameter.

7.5
2022-06-17 CVE-2021-45025 Rocketsoftware Cleartext Storage of Sensitive Information vulnerability in Rocketsoftware Ags-Zena 4.2.1

ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie.

7.5
2022-06-17 CVE-2022-31296 Online Discussion Forum Project SQL Injection vulnerability in Online Discussion Forum Project Online Discussion Forum 1.0

Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php.

7.5
2022-06-17 CVE-2022-32276 Grafana Improper Authentication vulnerability in Grafana 8.4.3

Grafana 8.4.3 allows unauthenticated access via (for example) a /dashboard/snapshot/*?orgId=0 URI.

7.5
2022-06-16 CVE-2022-33750 Broadcom Improper Authentication vulnerability in Broadcom CA Automic Automation 12.2/12.3

CA Automic Automation 12.2 and 12.3 contain an authentication error vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary commands.

7.5
2022-06-16 CVE-2022-33751 Broadcom Unspecified vulnerability in Broadcom CA Automic Automation 12.2/12.3

CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data.

7.5
2022-06-16 CVE-2022-33752 Broadcom Improper Input Validation vulnerability in Broadcom CA Automic Automation 12.2/12.3

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.

7.5
2022-06-16 CVE-2022-33754 Broadcom Improper Input Validation vulnerability in Broadcom CA Automic Automation 12.2/12.3

CA Automic Automation 12.2 and 12.3 contain an insufficient input validation vulnerability in the Automic agent that could allow a remote attacker to potentially execute arbitrary code.

7.5
2022-06-16 CVE-2021-41487 Nokia SQL Injection vulnerability in Nokia Vitalsuite 2020

NOKIA VitalSuite SPM 2020 is affected by SQL injection through UserName'.

7.5
2022-06-16 CVE-2022-31291 Genivi
Debian
Double Free vulnerability in multiple products

An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets.

7.5
2022-06-16 CVE-2021-41654 Wuzhicms SQL Injection vulnerability in Wuzhicms 4.1.0

SQL injection vulnerabilities exist in Wuzhicms v4.1.0 which allows attackers to execute arbitrary SQL commands via the $keyValue parameter in /coreframe/app/pay/admin/index.php

7.5
2022-06-16 CVE-2021-41411 Redhat XXE vulnerability in Redhat Drools 6.1.0

drools <=7.59.x is affected by an XML External Entity (XXE) vulnerability in KieModuleMarshaller.java.

7.5
2022-06-15 CVE-2021-41403 Flatcore Server-Side Request Forgery (SSRF) vulnerability in Flatcore Flatcore-Cms 2.0.8

flatCore-CMS version 2.0.8 calls dangerous functions, causing server-side request forgery vulnerabilities.

7.5
2022-06-15 CVE-2022-29143 Microsoft Unspecified vulnerability in Microsoft SQL Server

Microsoft SQL Server Remote Code Execution Vulnerability

7.5
2022-06-15 CVE-2022-30139 Microsoft Unspecified vulnerability in Microsoft products

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

7.5
2022-06-15 CVE-2022-30140 Microsoft Unspecified vulnerability in Microsoft products

Windows iSCSI Discovery Service Remote Code Execution Vulnerability

7.5
2022-06-15 CVE-2022-30142 Microsoft Unspecified vulnerability in Microsoft products

Windows File History Remote Code Execution Vulnerability

7.5
2022-06-15 CVE-2022-30143 Microsoft Unspecified vulnerability in Microsoft products

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

7.5
2022-06-15 CVE-2022-30145 Microsoft Unspecified vulnerability in Microsoft products

Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

7.5
2022-06-15 CVE-2022-30146 Microsoft Unspecified vulnerability in Microsoft products

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

7.5
2022-06-15 CVE-2022-30149 Microsoft Unspecified vulnerability in Microsoft products

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

7.5
2022-06-15 CVE-2022-30150 Microsoft Improper Authentication vulnerability in Microsoft products

Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability

7.5
2022-06-15 CVE-2022-30152 Microsoft Unspecified vulnerability in Microsoft products

Windows Network Address Translation (NAT) Denial of Service Vulnerability

7.5
2022-06-15 CVE-2021-40940 Monstra Unrestricted Upload of File with Dangerous Type vulnerability in Monstra

Monstra 3.0.4 does not filter the case of php, which leads to an unrestricted file upload vulnerability.

7.5
2022-06-15 CVE-2022-32101 Kkcms Project SQL Injection vulnerability in Kkcms Project Kkcms 1.37

kkcms v1.3.7 was discovered to contain a SQL injection vulnerability via the cid parameter at /template/wapian/vlist.php.

7.5
2022-06-15 CVE-2022-32158 Splunk Unspecified vulnerability in Splunk

Splunk Enterprise deployment servers in versions before 8.1.10.1, 8.2.6.1, and 9.0 let clients deploy forwarder bundles to other deployment clients through the deployment server.

7.5
2022-06-15 CVE-2022-32301 Youdiancms SQL Injection vulnerability in Youdiancms 9.5.0

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the IdList parameter at /App/Lib/Action/Home/ApiAction.class.php.

7.5
2022-06-15 CVE-2019-4575 IBM SQL Injection vulnerability in IBM Financial Transaction Manager

IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.2.0 through 3.2.9 is vulnerable to SQL injection.

7.5
2022-06-15 CVE-2022-20131 Google Out-of-bounds Read vulnerability in Google Android

In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check.

7.5
2022-06-15 CVE-2021-40212 Daum Out-of-bounds Write vulnerability in Daum Potplayer 1.7.21523

An exploitable out-of-bounds write vulnerability in PotPlayer 1.7.21523 build 210729 may lead to code execution, information disclosure, and denial of service.

7.5
2022-06-14 CVE-2021-42675 Kreado Unrestricted Upload of File with Dangerous Type vulnerability in Kreado Kreasfero 1.5

Kreado Kreasfero 1.5 does not properly sanitize uploaded files to the media directory.

7.5
2022-06-14 CVE-2022-32337 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/patients/manage_patient.php?id=.

7.5
2022-06-14 CVE-2022-32557 Couchbase Missing Authentication for Critical Function vulnerability in Couchbase Server

An issue was discovered in Couchbase Server before 7.0.4.

7.5
2022-06-14 CVE-2022-32352 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_admission.

7.5
2022-06-14 CVE-2021-40660 Javadelight Unspecified vulnerability in Javadelight Nashorn Sandbox 0.2.0

An issue was discovered in Delight Nashorn Sandbox 0.2.0.

7.5
2022-06-14 CVE-2022-31308 Wavlink Information Exposure vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719

A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function.

7.5
2022-06-14 CVE-2022-31309 Wavlink Information Exposure vulnerability in Wavlink Aerial X 1200M Firmware M79X3.V5030.180719

A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function.

7.5
2022-06-14 CVE-2022-31847 Wavlink Forced Browsing vulnerability in Wavlink Wn579X3 Firmware M79X3.V5030.180719

A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request.

7.5
2022-06-14 CVE-2022-32336 Fast Food Ordering System Project SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/view_menu.php?id=.

7.5
2022-06-14 CVE-2021-30344 Qualcomm Unspecified vulnerability in Qualcomm products

Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.5
2022-06-14 CVE-2022-30230 Siemens Missing Authentication for Critical Function vulnerability in Siemens Sicam Gridedge Essential

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6).

7.5
2022-06-14 CVE-2022-30937 Siemens Out-of-bounds Write vulnerability in Siemens products

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions).

7.5
2022-06-14 CVE-2022-32253 Siemens Improper Input Validation vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1).

7.5
2022-06-14 CVE-2022-32254 Siemens Information Exposure Through Log Files vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1).

7.5
2022-06-14 CVE-2022-32258 Siemens Unspecified vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1).

7.5
2022-06-14 CVE-2022-32261 Siemens Unspecified vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1).

7.5
2022-06-14 CVE-2022-25167 Apache Unspecified vulnerability in Apache Flume 1.4.0/1.9.0

Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.

7.5
2022-06-13 CVE-2021-41661 Church Management System Project SQL Injection vulnerability in Church Management System Project Church Management System 1.0

Church Management System version 1.0 is affected by a SQL anjection vulnerability through creating a user with a PHP file as an avatar image, which is accessible through the /uploads directory.

7.5
2022-06-13 CVE-2021-41662 South Gate INN Online Reservation System Project SQL Injection vulnerability in South Gate INN Online Reservation System Project South Gate INN Online Reservation System 1.0

The South Gate Inn Online Reservation System v1.0 contains an SQL injection vulnerability that can be chained with a malicious PHP file upload, which is caused by improper file handling in the editImg function.

7.5
2022-06-13 CVE-2022-32560 Couchbase Missing Authorization vulnerability in Couchbase Server

An issue was discovered in Couchbase Server before 7.0.4.

7.5
2022-06-13 CVE-2022-31054 Argo Events Project Out-of-bounds Write vulnerability in Argo Events Project Argo Events

Argo Events is an event-driven workflow automation framework for Kubernetes.

7.5
2022-06-13 CVE-2021-40036 Huawei Out-of-bounds Write vulnerability in Huawei Harmonyos

The bone voice ID TA has a memory overwrite vulnerability.

7.5
2022-06-13 CVE-2022-23167 Amodat Unspecified vulnerability in Amodat

Attacker crafts a GET request to: /mobile/downloadfile.aspx? Filename =../..

7.5
2022-06-13 CVE-2022-23168 Amodat SQL Injection vulnerability in Amodat Mobile Application Gateway

The attacker could get access to the database.

7.5
2022-06-13 CVE-2022-31055 Google Unspecified vulnerability in Google Kctf

kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions.

7.5
2022-06-13 CVE-2021-46814 Huawei Out-of-bounds Write vulnerability in Huawei Emui, Harmonyos and Magic UI

The video framework has an out-of-bounds memory read/write vulnerability.

7.5
2022-06-13 CVE-2022-1659 Artbees Unspecified vulnerability in Artbees Jupiterx

Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter.

7.5
2022-06-13 CVE-2022-1768 Carrcommunications Unspecified vulnerability in Carrcommunications Rsvpmaker

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file.

7.5
2022-06-13 CVE-2022-29244 Npmjs
Netapp
Information Exposure vulnerability in multiple products

npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie.

7.5
2022-06-13 CVE-2022-0786 Iqonic SQL Injection vulnerability in Iqonic Kivicare

The KiviCare WordPress plugin before 2.3.9 does not sanitise and escape some parameters before using them in SQL statements via the ajax_post AJAX action with the get_doctor_details route, leading to SQL Injections exploitable by unauthenticated users

7.5
2022-06-13 CVE-2022-0827 Presspage SQL Injection vulnerability in Presspage Bestbooks 2.6.3

The Bestbooks WordPress plugin through 2.6.3 does not sanitise and escape some parameters before using them in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

7.5
2022-06-13 CVE-2022-1412 Premierethemes Incorrect Permission Assignment for Critical Resource vulnerability in Premierethemes LOG WP Mail 0.1

The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords.

7.5
2022-06-13 CVE-2022-1762 Webence Unspecified vulnerability in Webence IQ Block Country

The iQ Block Country WordPress plugin before 1.2.20 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.

7.5
2022-06-13 CVE-2022-2062 Xgenecloud Information Exposure Through an Error Message vulnerability in Xgenecloud Nocodb

Generation of Error Message Containing Sensitive Information in GitHub repository nocodb/nocodb prior to 0.91.7+.

7.5
2022-06-13 CVE-2022-26834 Rakuten Unspecified vulnerability in Rakuten Casa Apfv141/Apfv200

Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to obtain the information stored in the product because the product is set to accept HTTP connections from the WAN side by default.

7.5
2022-06-15 CVE-2022-20817 Cisco Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Cisco products

A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode.

7.4
2022-06-15 CVE-2022-20126 Google Missing Authorization vulnerability in Google Android

In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check.

7.3
2022-06-15 CVE-2022-20137 Google Missing Authorization vulnerability in Google Android 12.0/12.1

In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check.

7.3
2022-06-15 CVE-2021-25261 Yandex Link Following vulnerability in Yandex Browser

Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.

7.2
2022-06-15 CVE-2022-28225 Yandex Link Following vulnerability in Yandex Browser

Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process.

7.2
2022-06-15 CVE-2022-26057 ABB Improper Privilege Management vulnerability in ABB Mint Workbench 5866

Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist.

7.2
2022-06-15 CVE-2022-20142 Google Unspecified vulnerability in Google Android

In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch.

7.2
2022-06-15 CVE-2022-20147 Google Out-of-bounds Write vulnerability in Google Android

In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check.

7.2
2022-06-15 CVE-2022-20156 Google Improper Input Validation vulnerability in Google Android

In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation.

7.2
2022-06-15 CVE-2022-20233 Google Out-of-bounds Write vulnerability in Google Android

In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check.

7.2
2022-06-15 CVE-2022-20125 Google Unspecified vulnerability in Google Android

In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape.

7.2
2022-06-15 CVE-2022-20134 Google Improper Input Validation vulnerability in Google Android

In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation.

7.2
2022-06-15 CVE-2022-20135 Google Unspecified vulnerability in Google Android

In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch.

7.2
2022-06-14 CVE-2022-31590 SAP Unspecified vulnerability in SAP Powerdesigner Proxy 16.7

SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system.

7.2
2022-06-14 CVE-2022-31594 SAP Unspecified vulnerability in SAP Adaptive Server Enterprise

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system.

7.2
2022-06-14 CVE-2021-30281 Qualcomm Unspecified vulnerability in Qualcomm products

Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

7.2
2022-06-14 CVE-2021-30327 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon Voice & Music

7.2
2022-06-14 CVE-2021-30334 Qualcomm Use After Free vulnerability in Qualcomm products

Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2022-06-14 CVE-2021-35072 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2022-06-14 CVE-2021-35091 Qualcomm Incorrect Type Conversion or Cast vulnerability in Qualcomm products

Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile

7.2
2022-06-14 CVE-2021-35094 Qualcomm Improper Authentication vulnerability in Qualcomm products

Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.2
2022-06-14 CVE-2021-35112 Qualcomm Incorrect Authorization vulnerability in Qualcomm products

A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2022-06-14 CVE-2021-35114 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm Sa8540P Firmware and Sa9000P Firmware

Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto

7.2
2022-06-14 CVE-2021-35126 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.2
2022-06-14 CVE-2021-35129 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

7.2
2022-06-14 CVE-2021-35130 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption in graphics support layer due to use after free condition in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.2
2022-06-14 CVE-2022-22068 Qualcomm Use After Free vulnerability in Qualcomm products

kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2022-06-14 CVE-2022-22071 Qualcomm Use After Free vulnerability in Qualcomm products

Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

7.2
2022-06-14 CVE-2022-22082 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2022-06-14 CVE-2022-22084 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2022-06-14 CVE-2022-22085 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.2
2022-06-14 CVE-2022-22090 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

7.2
2022-06-14 CVE-2022-22103 Qualcomm Double Free vulnerability in Qualcomm Sa8540P Firmware and Sa9000P Firmware

Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto

7.2
2022-06-13 CVE-2022-22259 Huawei Improper Authentication vulnerability in Huawei Flmg-10 Firmware 10.0.1.0(H100Sp22C00)

There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00).

7.2
2022-06-13 CVE-2022-0863 WP SVG Icons Project Unrestricted Upload of File with Dangerous Type vulnerability in WP SVG Icons Project WP SVG Icons

The WP SVG Icons WordPress plugin through 3.2.3 does not properly validate uploaded custom icon packs, allowing an high privileged user like an admin to upload a zip file containing malicious php code, leading to remote code execution.

7.2
2022-06-13 CVE-2022-1800 Soflyy SQL Injection vulnerability in Soflyy Export ANY Wordpress Data to Xml/Csv

The Export any WordPress data to XML/CSV WordPress plugin before 1.3.5 does not sanitize the cpt POST parameter when exporting post data before using it in a database query, leading to an SQL injection vulnerability.

7.2
2022-06-13 CVE-2022-28704 Rakuten Unspecified vulnerability in Rakuten Casa Apfv141/Apfv200

Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings.

7.2
2022-06-16 CVE-2021-3675 Synaptics Out-of-bounds Write vulnerability in Synaptics Fingerprint Driver

Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality.

7.1
2022-06-14 CVE-2021-30342 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

7.1
2022-06-14 CVE-2021-30343 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.1
2022-06-14 CVE-2021-35111 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile

7.1
2022-06-15 CVE-2022-30151 Microsoft Unspecified vulnerability in Microsoft products

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

7.0
2022-06-15 CVE-2022-20141 Google Improper Locking vulnerability in Google Android

In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking.

7.0
2022-06-14 CVE-2021-35095 Qualcomm Deserialization of Untrusted Data vulnerability in Qualcomm products

Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile

7.0

396 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-06-15 CVE-2022-22788 Zoom Uncontrolled Search Path Element vulnerability in Zoom Meetings and Rooms

The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed.

6.9
2022-06-15 CVE-2022-20148 Google Race Condition vulnerability in Google Android

In TBD of TBD, there is a possible use-after-free due to a race condition.

6.9
2022-06-15 CVE-2022-20155 Google Race Condition vulnerability in Google Android

In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition.

6.9
2022-06-15 CVE-2021-39691 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0/12.0

In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input.

6.9
2022-06-14 CVE-2021-35090 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

6.9
2022-06-13 CVE-2022-24077 Naver Uncontrolled Search Path Element vulnerability in Naver Cloud Explorer

Naver Cloud Explorer Beta allows the attacker to execute arbitrary code as System privilege via malicious DLL injection.

6.9
2022-06-17 CVE-2018-25040 Utorrent Unspecified vulnerability in Utorrent web

A vulnerability was found in uTorrent Web.

6.8
2022-06-17 CVE-2018-25041 Utorrent Unspecified vulnerability in Utorrent web

A vulnerability was found in uTorrent.

6.8
2022-06-17 CVE-2018-25042 Bittorrent Out-of-bounds Write vulnerability in Bittorrent Utorrent

A vulnerability classified as critical has been found in uTorrent.

6.8
2022-06-17 CVE-2018-25043 Bittorrent Improper Authentication vulnerability in Bittorrent Utorrent

A vulnerability classified as critical was found in uTorrent.

6.8
2022-06-17 CVE-2018-25044 Bittorrent Improper Privilege Management vulnerability in Bittorrent Utorrent

A vulnerability, which was classified as critical, has been found in uTorrent.

6.8
2022-06-17 CVE-2022-31784 Mitel Classic Buffer Overflow vulnerability in Mitel Mivoice Business and Mivoice Business Express

A vulnerability in the management interface of MiVoice Business through 9.3 PR1 and MiVoice Business Express through 8.0 SP3 PR3 could allow an unauthenticated attacker (that has network access to the management interface) to conduct a buffer overflow attack due to insufficient validation of URL parameters.

6.8
2022-06-16 CVE-2022-26173 Jforum Cross-Site Request Forgery (CSRF) vulnerability in Jforum 2.8.0

JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts.

6.8
2022-06-16 CVE-2022-27531 Autodesk Out-of-bounds Read vulnerability in Autodesk 3DS MAX 2021/2022

A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files.

6.8
2022-06-16 CVE-2022-27532 Autodesk Out-of-bounds Write vulnerability in Autodesk 3DS MAX 2021/2022

A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files.

6.8
2022-06-16 CVE-2022-30538 Fujielectric Out-of-bounds Write vulnerability in Fujielectric Monitouch V-Sft 5.4.42.0

Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

6.8
2022-06-16 CVE-2022-30546 Fujielectric Out-of-bounds Read vulnerability in Fujielectric Monitouch V-Sft 5.4.42.0

Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

6.8
2022-06-16 CVE-2022-30549 Fujielectric Out-of-bounds Read vulnerability in Fujielectric V-Server

Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

6.8
2022-06-15 CVE-2022-30649 Adobe Out-of-bounds Write vulnerability in Adobe Illustrator

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

6.8
2022-06-15 CVE-2021-42735 Adobe Access of Memory Location After End of Buffer vulnerability in Adobe Photoshop

Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by an Access of Memory Location After End of Buffer vulnerability, potentially resulting in arbitrary code execution in the context of the current user.

6.8
2022-06-15 CVE-2021-42732 Adobe Access of Memory Location After End of Buffer vulnerability in Adobe Indesign

Access of Memory Location After End of Buffer (CWE-788)

6.8
2022-06-15 CVE-2022-32153 Splunk Improper Certificate Validation vulnerability in Splunk

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default.

6.8
2022-06-15 CVE-2022-29437 Nextcode Cross-Site Request Forgery (CSRF) vulnerability in Nextcode Image Slider BY Nextcode

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress.

6.8
2022-06-15 CVE-2021-41413 OK File Formats Project Classic Buffer Overflow vulnerability in Ok-File-Formats Project Ok-File-Formats 2021912

ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB.

6.8
2022-06-14 CVE-2022-26302 Fujielectric Out-of-bounds Write vulnerability in Fujielectric V-Sft

Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

6.8
2022-06-14 CVE-2022-27176 Jscom Unspecified vulnerability in Jscom products

Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment.

6.8
2022-06-14 CVE-2022-29506 Fujielectric Out-of-bounds Read vulnerability in Fujielectric V-Server and V-Sft

Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

6.8
2022-06-14 CVE-2022-29522 Fujielectric Use After Free vulnerability in Fujielectric V-Server and V-Sft

Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

6.8
2022-06-14 CVE-2022-29524 Fujielectric Out-of-bounds Write vulnerability in Fujielectric V-Server

Out-of-bounds write vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file.

6.8
2022-06-13 CVE-2022-32278 Xfce
Debian
XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server.
6.8
2022-06-13 CVE-2022-29247 Electronjs Exposure of Resource to Wrong Sphere vulnerability in Electronjs Electron

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS.

6.8
2022-06-13 CVE-2021-46816 Adobe Out-of-bounds Write vulnerability in Adobe Premiere PRO

Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability.

6.8
2022-06-13 CVE-2021-46817 Adobe Out-of-bounds Write vulnerability in Adobe Media Encoder

Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability.

6.8
2022-06-13 CVE-2021-46818 Adobe Out-of-bounds Write vulnerability in Adobe Media Encoder

Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability.

6.8
2022-06-13 CVE-2022-1202 Usabilitydynamics Improper Neutralization of Formula Elements in a CSV File vulnerability in Usabilitydynamics Wp-Crm 1.2.1

The WP-CRM WordPress plugin through 1.2.1 does not validate and sanitise fields when exporting people to a CSV file, leading to a CSV injection vulnerability.

6.8
2022-06-13 CVE-2022-1758 Genki PRE Publish Reminder Project Cross-Site Request Forgery (CSRF) vulnerability in Genki Pre-Publish Reminder Project Genki Pre-Publish Reminder

The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings.

6.8
2022-06-13 CVE-2022-1765 HOT Linked Image Cacher Project Cross-Site Request Forgery (CSRF) vulnerability in HOT Linked Image Cacher Project HOT Linked Image Cacher

The Hot Linked Image Cacher WordPress plugin through 1.16 is vulnerable to CSRF.

6.8
2022-06-13 CVE-2022-2063 Xgenecloud Improper Privilege Management vulnerability in Xgenecloud Nocodb

Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.

6.8
2022-06-15 CVE-2022-30137 Microsoft Unspecified vulnerability in Microsoft Service Fabric

Executive Summary An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers.

6.7
2022-06-15 CVE-2022-20153 Google Improper Locking vulnerability in Google Android

In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking.

6.7
2022-06-15 CVE-2022-20201 Google Out-of-bounds Read vulnerability in Google Android 12.1

In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check.

6.7
2022-06-14 CVE-2021-30349 Qualcomm Unspecified vulnerability in Qualcomm products

Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

6.7
2022-06-14 CVE-2021-35092 Qualcomm Improper Input Validation vulnerability in Qualcomm products

Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

6.7
2022-06-14 CVE-2021-35120 Qualcomm Use After Free vulnerability in Qualcomm products

Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

6.7
2022-06-14 CVE-2021-35116 Qualcomm Improper Input Validation vulnerability in Qualcomm products

APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

6.6
2022-06-19 CVE-2022-34000 Libjxl Project Reachable Assertion vulnerability in Libjxl Project Libjxl 0.6.1

libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc.

6.5
2022-06-19 CVE-2022-23071 Tandoor Server-Side Request Forgery (SSRF) vulnerability in Tandoor Recipes

In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality.

6.5
2022-06-18 CVE-2021-46823 Python Ldap Unspecified vulnerability in Python-Ldap

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser.

6.5
2022-06-17 CVE-2022-30607 IBM Information Exposure vulnerability in IBM Robotic Process Automation

IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI.

6.5
2022-06-17 CVE-2019-12352 Zzcms SQL Injection vulnerability in Zzcms 2019

An issue was discovered in zzcms 2019.

6.5
2022-06-17 CVE-2019-12353 Zzcms SQL Injection vulnerability in Zzcms 2019

An issue was discovered in zzcms 2019.

6.5
2022-06-17 CVE-2019-12354 Zzcms SQL Injection vulnerability in Zzcms 2019

An issue was discovered in zzcms 2019.

6.5
2022-06-17 CVE-2019-12355 Zzcms SQL Injection vulnerability in Zzcms 2019

An issue was discovered in zzcms 2019.

6.5
2022-06-17 CVE-2019-12356 Zzcms SQL Injection vulnerability in Zzcms 2019

An issue was discovered in zzcms 2019.

6.5
2022-06-17 CVE-2019-12357 Zzcms SQL Injection vulnerability in Zzcms 2019

An issue was discovered in zzcms 2019.

6.5
2022-06-17 CVE-2019-12358 Zzcms SQL Injection vulnerability in Zzcms 2019

An issue was discovered in zzcms 2019.

6.5
2022-06-17 CVE-2019-12359 Zzcms SQL Injection vulnerability in Zzcms 2019

An issue was discovered in zzcms 2019.

6.5
2022-06-16 CVE-2020-35597 Victor CMS Project SQL Injection vulnerability in Victor CMS Project Victor CMS 1.0

Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php.

6.5
2022-06-16 CVE-2022-22953 Vmware Unspecified vulnerability in VMWare HCX 4.3.1/4.3.2

VMware HCX update addresses an information disclosure vulnerability.

6.5
2022-06-16 CVE-2022-31908 Student Registration AND FEE Payment System Project SQL Injection vulnerability in Student Registration and FEE Payment System Project Student Registration and FEE Payment System 1.0

Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php.

6.5
2022-06-16 CVE-2022-31911 Online Discussion Forum Site Project SQL Injection vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team.

6.5
2022-06-16 CVE-2022-31912 Online Tutor Portal Site Project SQL Injection vulnerability in Online Tutor Portal Site Project Online Tutor Portal Site 1.0

Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_team.

6.5
2022-06-16 CVE-2021-41402 Flatcore Code Injection vulnerability in Flatcore Flatcore-Cms 2.0.8

flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code.

6.5
2022-06-15 CVE-2022-30189 Microsoft Unspecified vulnerability in Microsoft Windows 10 20H2/21H1/21H2

Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability

6.5
2022-06-15 CVE-2022-32370 Advanced School Management System Project SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_classroom.php?id=.

6.5
2022-06-15 CVE-2022-32371 Advanced School Management System Project SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher.php?id=.

6.5
2022-06-15 CVE-2022-32372 Advanced School Management System Project SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject.php?id=.

6.5
2022-06-15 CVE-2022-32368 Advanced School Management System Project SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=.

6.5
2022-06-15 CVE-2022-32373 Advanced School Management System Project SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam.php?id=.

6.5
2022-06-15 CVE-2022-32374 Advanced School Management System Project SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=.

6.5
2022-06-15 CVE-2022-32375 Advanced School Management System Project SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=.

6.5
2022-06-15 CVE-2022-32376 Advanced School Management System Project SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_events.php?event_id=.

6.5
2022-06-15 CVE-2022-32377 Advanced School Management System Project SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=.

6.5
2022-06-15 CVE-2022-32378 Advanced School Management System Project SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=.

6.5
2022-06-15 CVE-2022-32379 Advanced School Management System Project SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_parents_profile.php?my_index=.

6.5
2022-06-15 CVE-2022-32380 Advanced School Management System Project SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=.

6.5
2022-06-15 CVE-2022-32381 Advanced School Management System Project SQL Injection vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_admin_profile.php?my_index=.

6.5
2022-06-15 CVE-2022-32433 Advanced School Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Advanced School Management System Project Advanced School Management System 1.0

itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php.

6.5
2022-06-15 CVE-2022-20819 Cisco Improper Privilege Management vulnerability in Cisco Identity Services Engine

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device.

6.5
2022-06-15 CVE-2022-32152 Splunk Improper Certificate Validation vulnerability in Splunk

Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default.

6.5
2022-06-15 CVE-2022-32299 Youdiancms SQL Injection vulnerability in Youdiancms 9.5.0

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php.

6.5
2022-06-15 CVE-2022-32300 Youdiancms SQL Injection vulnerability in Youdiancms 9.5.0

YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php.

6.5
2022-06-15 CVE-2022-32302 Theme Park Ticketing System Project SQL Injection vulnerability in Theme Park Ticketing System Project Theme Park Ticketing System 1.0

Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edit_ticket.php.

6.5
2022-06-15 CVE-2022-32991 WEB Based Quiz System Project SQL Injection vulnerability in web Based Quiz System Project web Based Quiz System 1.0

Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php.

6.5
2022-06-15 CVE-2022-32992 Online Tours AND Travels Management System Project SQL Injection vulnerability in Online Tours and Travels Management System Project Online Tours and Travels Management System 1.0

Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php.

6.5
2022-06-15 CVE-2022-2086 Bank Management System Project SQL Injection vulnerability in Bank Management System Project Bank Management System 1.0

A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0.

6.5
2022-06-15 CVE-2022-1958 Filecloud Improper Access Control vulnerability in Filecloud

A vulnerability classified as critical has been found in FileCloud.

6.5
2022-06-14 CVE-2022-31047 Typo3 Information Exposure Through an Error Message vulnerability in Typo3

TYPO3 is an open source web content management system.

6.5
2022-06-14 CVE-2022-31050 Typo3 Insufficient Session Expiration vulnerability in Typo3

TYPO3 is an open source web content management system.

6.5
2022-06-14 CVE-2022-32353 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=.

6.5
2022-06-14 CVE-2022-32354 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=.

6.5
2022-06-14 CVE-2022-32355 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=.

6.5
2022-06-14 CVE-2022-32358 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry.

6.5
2022-06-14 CVE-2022-32359 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category.

6.5
2022-06-14 CVE-2022-32362 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=.

6.5
2022-06-14 CVE-2022-32363 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=.

6.5
2022-06-14 CVE-2022-31589 SAP Unspecified vulnerability in SAP products

Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.

6.5
2022-06-14 CVE-2022-32364 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=.

6.5
2022-06-14 CVE-2022-32365 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=.

6.5
2022-06-14 CVE-2022-32366 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=.

6.5
2022-06-14 CVE-2022-32367 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=.

6.5
2022-06-14 CVE-2022-30931 Employee Leaves Management System Project Cross-Site Request Forgery (CSRF) vulnerability in Employee Leaves Management System Project Employee Leaves Management System 2.1

Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php.

6.5
2022-06-14 CVE-2022-32330 Fast Food Ordering System Project SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_menu.

6.5
2022-06-14 CVE-2022-32331 Fast Food Ordering System Project SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/view_category.php?id=.

6.5
2022-06-14 CVE-2022-32332 Fast Food Ordering System Project SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/classes/Master.php?f=delete_category.

6.5
2022-06-14 CVE-2022-32333 Fast Food Ordering System Project SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/sales/receipt.php?id=.

6.5
2022-06-14 CVE-2022-32334 Fast Food Ordering System Project SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/categories/manage_category.php?id=.

6.5
2022-06-14 CVE-2022-32335 Fast Food Ordering System Project SQL Injection vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0

Fast Food Ordering System v1.0 is vulnerable to SQL Injection via /ffos/admin/menus/manage_menu.php?id=.

6.5
2022-06-14 CVE-2022-32338 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/manage_doctor.php?id=.

6.5
2022-06-14 CVE-2022-32339 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/doctors/view_doctor.php?id=.

6.5
2022-06-14 CVE-2022-32340 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=patients/view_patient&id=.

6.5
2022-06-14 CVE-2022-32341 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/?page=user/manage_user&id=.

6.5
2022-06-14 CVE-2022-32342 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/room_types/view_room_type.php?id=.

6.5
2022-06-14 CVE-2022-32343 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via hprms/admin/room_types/manage_room_type.php?id=.

6.5
2022-06-14 CVE-2022-32344 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient.

6.5
2022-06-14 CVE-2022-32345 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/manage_room.php?id=.

6.5
2022-06-14 CVE-2022-32346 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/admin/rooms/view_room.php?id=.

6.5
2022-06-14 CVE-2022-32347 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room.

6.5
2022-06-14 CVE-2022-32348 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_doctor.

6.5
2022-06-14 CVE-2022-32349 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_patient_history.

6.5
2022-06-14 CVE-2022-32350 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_room_type.

6.5
2022-06-14 CVE-2022-32351 Hospital S Patient Records Management System Project SQL Injection vulnerability in Hospital'S Patient Records Management System Project Hospital'S Patient Records Management System 1.0

Hospital's Patient Records Management System v1.0 is vulnerable to SQL Injection via /hprms/classes/Master.php?f=delete_message.

6.5
2022-06-14 CVE-2021-40616 Thinkcmf Forced Browsing vulnerability in Thinkcmf 5.1.7

thinkcmf v5.1.7 has an unauthorized vulnerability.

6.5
2022-06-14 CVE-2022-32256 Siemens Unspecified vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1).

6.5
2022-06-14 CVE-2022-32259 Siemens Unspecified vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1).

6.5
2022-06-13 CVE-2022-32562 Couchbase Incorrect Default Permissions vulnerability in Couchbase Server

An issue was discovered in Couchbase Server before 7.0.4.

6.5
2022-06-13 CVE-2022-29257 Electronjs Unspecified vulnerability in Electronjs Electron

Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS.

6.5
2022-06-13 CVE-2022-23169 Amodat SQL Injection vulnerability in Amodat Mobile Application Gateway

attacker needs to craft a SQL payload.

6.5
2022-06-13 CVE-2022-28217 SAP Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver

Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system?s Availability by causing system to crash.

6.5
2022-06-13 CVE-2022-1657 Artbees Path Traversal vulnerability in Artbees Jupiter and Jupiterx

Vulnerable versions of the Jupiter (<= 6.10.1) and JupiterX (<= 2.0.6) Themes allow logged-in users, including subscriber-level users, to perform Path Traversal and Local File inclusion.

6.5
2022-06-13 CVE-2021-25116 Enqueue Anything Project Missing Authorization vulnerability in Enqueue Anything Project Enqueue Anything 1.0.1

The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset.

6.5
2022-06-13 CVE-2022-1761 Peter S Collaboration E Mails Project Cross-Site Request Forgery (CSRF) vulnerability in Peter'S Collaboration E-Mails Project Peter'S Collaboration E-Mails

The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks.

6.5
2022-06-13 CVE-2022-1777 Filr Project Missing Authorization vulnerability in Filr Project Filr

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber.

6.5
2022-06-13 CVE-2022-2064 Xgenecloud Insufficient Session Expiration vulnerability in Xgenecloud Nocodb

Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+.

6.5
2022-06-15 CVE-2022-32151 Splunk Improper Certificate Validation vulnerability in Splunk

The httplib and urllib Python libraries that Splunk shipped with Splunk Enterprise did not validate certificates using the certificate authority (CA) certificate stores by default in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203.

6.4
2022-06-14 CVE-2022-27889 Palantir Improper Control of Dynamically-Managed Code Resources vulnerability in Palantir Foundry Multipass

The Multipass service was found to have code paths that could be abused to cause a denial of service for authentication or authorization operations.

6.4
2022-06-14 CVE-2021-40649 Softwareag Incorrect Permission Assignment for Critical Resource vulnerability in Softwareag Connx 6.2.0.1269

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set.

6.4
2022-06-13 CVE-2021-40604 Invisioncommunity Server-Side Request Forgery (SSRF) vulnerability in Invisioncommunity IPS Community Suite

A Server-Side Request Forgery (SSRF) vulnerability in IPS Community Suite before 4.6.2 allows remote authenticated users to request arbitrary URLs or trigger deserialization via phar protocol when generating class names dynamically.

6.4
2022-06-13 CVE-2022-31760 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

Dialog boxes can still be displayed even if the screen is locked in carrier-customized USSD services.

6.4
2022-06-13 CVE-2022-2067 Rosariosis SQL Injection vulnerability in Rosariosis

SQL Injection in GitHub repository francoisjacquet/rosariosis prior to 9.0.

6.4
2022-06-17 CVE-2021-45026 Rocketsoftware Cross-site Scripting vulnerability in Rocketsoftware Ags-Zena 4.2.1

ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS).

6.1
2022-06-15 CVE-2021-40776 Adobe Unspecified vulnerability in Adobe Lightroom

Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer.

6.1
2022-06-14 CVE-2022-29034 Siemens Cross-site Scripting vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1).

6.1
2022-06-13 CVE-2022-1820 Androidbubbles Unspecified vulnerability in Androidbubbles Keep Backup Daily 2.0.2

The Keep Backup Daily plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘t’ parameter in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping.

6.1
2022-06-13 CVE-2022-0626 Kuroit Cross-site Scripting vulnerability in Kuroit Advanced Admin Search

The Advanced Admin Search WordPress plugin before 1.1.6 does not sanitize and escape some parameters before outputting them back in an admin page, leading to a Reflected Cross-Site Scripting.

6.1
2022-06-13 CVE-2022-1707 Gtm4Wp Cross-site Scripting vulnerability in Gtm4Wp Google TAG Manager

The Google Tag Manager for WordPress plugin for WordPress is vulnerable to reflected Cross-Site Scripting via the s parameter due to the site search populating into the data layer of sites with insufficient sanitization in versions up to an including 1.15.

6.1
2022-06-13 CVE-2022-1822 Zephyr Project Manager Project Cross-site Scripting vulnerability in Zephyr Project Manager Project Zephyr Project Manager

The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping.

6.1
2022-06-13 CVE-2022-1985 Wpdownloadmanager Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager

The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42.

6.1
2022-06-15 CVE-2022-33140 Apache OS Command Injection vulnerability in Apache Nifi and Nifi Registry

The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms.

6.0
2022-06-14 CVE-2022-27221 Siemens Information Exposure Through Discrepancy vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1).

5.9
2022-06-17 CVE-2022-32444 Yuba Open Redirect vulnerability in Yuba U5Cms 8.3.5

An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php.

5.8
2022-06-16 CVE-2022-31277 MI Authentication Bypass by Capture-replay vulnerability in MI Xiaomi Lamp 1 Firmware 2.0.40066

Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks.

5.8
2022-06-13 CVE-2022-1779 Auto Delete Posts Project Cross-Site Request Forgery (CSRF) vulnerability in Auto Delete Posts Project Auto Delete Posts

The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once.

5.8
2022-06-13 CVE-2022-1791 ONE Click Plugin Updater Project Cross-Site Request Forgery (CSRF) vulnerability in ONE Click Plugin Updater Project ONE Click Plugin Updater

The One Click Plugin Updater WordPress plugin through 2.4.14 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable / hide the badge of the available updates and the related check.

5.8
2022-06-13 CVE-2022-31040 Maykinmedia Open Redirect vulnerability in Maykinmedia Open Forms

Open Forms is an application for creating and publishing smart forms.

5.8
2022-06-19 CVE-2014-125018 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0.

5.5
2022-06-19 CVE-2014-125019 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability, which was classified as problematic, was found in FFmpeg 2.0.

5.5
2022-06-19 CVE-2014-125021 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability was found in FFmpeg 2.0 and classified as problematic.

5.5
2022-06-19 CVE-2014-125022 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability was found in FFmpeg 2.0.

5.5
2022-06-19 CVE-2014-125023 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability was found in FFmpeg 2.0.

5.5
2022-06-19 CVE-2014-125025 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability classified as problematic has been found in FFmpeg 2.0.

5.5
2022-06-18 CVE-2014-125002 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability was found in FFmpeg 2.0.

5.5
2022-06-18 CVE-2014-125003 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability was found in FFmpeg 2.0 and classified as problematic.

5.5
2022-06-18 CVE-2014-125004 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability has been found in FFmpeg 2.0 and classified as problematic.

5.5
2022-06-18 CVE-2014-125005 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability, which was classified as problematic, was found in FFmpeg 2.0.

5.5
2022-06-18 CVE-2014-125006 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0.

5.5
2022-06-18 CVE-2014-125007 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability classified as problematic was found in FFmpeg 2.0.

5.5
2022-06-18 CVE-2014-125008 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability classified as problematic has been found in FFmpeg 2.0.

5.5
2022-06-18 CVE-2014-125009 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability classified as problematic has been found in FFmpeg 2.0.

5.5
2022-06-18 CVE-2014-125010 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability was found in FFmpeg 2.0.

5.5
2022-06-18 CVE-2014-125012 Ffmpeg Incorrect Conversion between Numeric Types vulnerability in Ffmpeg 2.0

A vulnerability was found in FFmpeg 2.0.

5.5
2022-06-18 CVE-2014-125013 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability was found in FFmpeg 2.0 and classified as problematic.

5.5
2022-06-18 CVE-2014-125014 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability classified as problematic was found in FFmpeg 2.0.

5.5
2022-06-18 CVE-2014-125016 Ffmpeg Out-of-bounds Write vulnerability in Ffmpeg 2.0

A vulnerability was found in FFmpeg 2.0.

5.5
2022-06-16 CVE-2021-37764 XOS Shop Missing Authorization vulnerability in Xos-Shop XOS Shop System 1.0.9

Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/manufacturers.php.

5.5
2022-06-16 CVE-2021-46820 XOS Shop Missing Authorization vulnerability in Xos-Shop XOS Shop System 1.0.9

Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php

5.5
2022-06-16 CVE-2022-2085 Artifex
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory.

5.5
2022-06-15 CVE-2022-30148 Microsoft Information Exposure Through Log Files vulnerability in Microsoft products

Windows Desired State Configuration (DSC) Information Disclosure Vulnerability

5.5
2022-06-15 CVE-2022-30155 Microsoft Off-by-one Error vulnerability in Microsoft products

Windows Kernel Denial of Service Vulnerability

5.5
2022-06-15 CVE-2022-30159 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Information Disclosure Vulnerability

5.5
2022-06-15 CVE-2022-30162 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Information Disclosure Vulnerability

5.5
2022-06-15 CVE-2022-30171 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Information Disclosure Vulnerability

5.5
2022-06-15 CVE-2022-30172 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Information Disclosure Vulnerability

5.5
2022-06-15 CVE-2022-30184 Microsoft
Fedoraproject
.NET and Visual Studio Information Disclosure Vulnerability
5.5
2022-06-15 CVE-2022-21166 XEN
Fedoraproject
Intel
Vmware
Debian
Incomplete Cleanup vulnerability in multiple products

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2022-06-15 CVE-2022-21123 XEN
Fedoraproject
Intel
Vmware
Debian
Incomplete Cleanup vulnerability in multiple products

Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2022-06-15 CVE-2022-21125 XEN
Fedoraproject
Intel
Vmware
Debian
Incomplete Cleanup vulnerability in multiple products

Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2022-06-15 CVE-2022-21127 XEN
Intel
Debian
Incomplete Cleanup vulnerability in multiple products

Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2022-06-15 CVE-2021-41672 Peel SQL Injection vulnerability in Peel Shopping 9.4.0

PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php.

5.5
2022-06-15 CVE-2022-20143 Google Allocation of Resources Without Limits or Throttling vulnerability in Google Android

In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion.

5.5
2022-06-15 CVE-2022-20172 Google Missing Authorization vulnerability in Google Android

In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check.

5.5
2022-06-15 CVE-2022-20200 Google Missing Authorization vulnerability in Google Android 12.1

In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check.

5.5
2022-06-15 CVE-2022-20206 Google Missing Authorization vulnerability in Google Android 12.1

In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check.

5.5
2022-06-15 CVE-2022-20129 Google Unspecified vulnerability in Google Android

In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation.

5.5
2022-06-14 CVE-2022-32239 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

5.5
2022-06-14 CVE-2022-21504 Oracle Use After Free vulnerability in Oracle Linux 7/8

The code in UEK6 U3 was missing an appropiate file descriptor count to be missing.

5.5
2022-06-14 CVE-2021-30339 Qualcomm Unspecified vulnerability in Qualcomm products

Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

5.5
2022-06-14 CVE-2021-30345 Qualcomm Unspecified vulnerability in Qualcomm products

RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

5.5
2022-06-14 CVE-2021-30346 Qualcomm Unspecified vulnerability in Qualcomm products

RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

5.5
2022-06-13 CVE-2022-31751 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The kernel emcom module has multi-thread contention.

5.5
2022-06-13 CVE-2022-31755 Huawei Improper Preservation of Permissions vulnerability in Huawei Emui, Harmonyos and Magic UI

The communication module has a vulnerability of improper permission preservation.

5.5
2022-06-13 CVE-2022-1658 Artbees Unspecified vulnerability in Artbees Jupiter 6.10.1

Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file.

5.5
2022-06-13 CVE-2022-26041 Generex Path Traversal vulnerability in Generex Rccmd 4.26

Directory traversal vulnerability in RCCMD 4.26 and earlier allows a remote authenticated attacker with an administrative privilege to read or alter an arbitrary file on the server via unspecified vectors.

5.5
2022-06-17 CVE-2022-2113 Inventree Project Cross-site Scripting vulnerability in Inventree Project Inventree

Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2.

5.4
2022-06-16 CVE-2022-31914 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul ZOO Management System 1.0

Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24.

5.4
2022-06-15 CVE-2022-28612 Custom Popup Builder Project Unspecified vulnerability in Custom Popup Builder Project Custom Popup Builder

Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress.

5.4
2022-06-14 CVE-2022-31059 Discourse Cross-site Scripting vulnerability in Discourse Calendar 1.0.0

Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app.

5.4
2022-06-14 CVE-2022-26476 Siemens Use of Hard-coded Credentials vulnerability in Siemens products

A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS).

5.4
2022-06-13 CVE-2022-1208 Ultimatemember Unspecified vulnerability in Ultimatemember Ultimate Member

The Ultimate Member plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Biography field featured on individual user profile pages due to insufficient input sanitization and output escaping that allows users to encode malicious web scripts with HTML encoding that is reflected back on the page.

5.4
2022-06-13 CVE-2022-1656 Artbees Unspecified vulnerability in Artbees Jupiter X Core and Jupiterx

Vulnerable versions of the JupiterX Theme (<=2.0.6) allow any logged-in user, including subscriber-level users, to access any of the functions registered in lib/api/api/ajax.php, which also grant access to the jupiterx_api_ajax_ actions registered by the JupiterX Core Plugin (<=2.0.6).

5.4
2022-06-13 CVE-2022-2060 Dolibarr Cross-site Scripting vulnerability in Dolibarr Erp/Crm

Cross-site Scripting (XSS) - Stored in GitHub repository dolibarr/dolibarr prior to 16.0.

5.4
2022-06-13 CVE-2017-20043 Vendavo Cross-site Scripting vulnerability in Vendavo Pricepoint 4.6.0.0

A vulnerability was found in Navetti PricePoint 4.6.0.0 and classified as problematic.

5.4
2022-06-13 CVE-2017-20044 Vendavo Cross-site Scripting vulnerability in Vendavo Pricepoint 4.6.0.0

A vulnerability was found in Navetti PricePoint 4.6.0.0.

5.4
2022-06-17 CVE-2022-31876 Netgear Unspecified vulnerability in Netgear Wnap320 Firmware 2.0.3

netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies.

5.3
2022-06-16 CVE-2022-33755 Broadcom Unspecified vulnerability in Broadcom CA Automic Automation 12.2/12.3

CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users.

5.3
2022-06-15 CVE-2022-30154 Microsoft Unspecified vulnerability in Microsoft products

Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability

5.3
2022-06-15 CVE-2022-20736 Cisco Missing Authorization vulnerability in Cisco Appdynamics Controller

A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access.

5.3
2022-06-14 CVE-2022-32255 Siemens Unspecified vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1).

5.3
2022-06-14 CVE-2021-40633 Giflib Project Memory Leak vulnerability in Giflib Project Giflib 5.1.4

A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.

5.1
2022-06-18 CVE-2022-33987 GOT Project Unspecified vulnerability in GOT Project GOT

The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket.

5.0
2022-06-17 CVE-2022-21213 Moutjs Unspecified vulnerability in Moutjs Mout

This affects all versions of package mout.

5.0
2022-06-17 CVE-2022-22138 Fast String Search Project Incorrect Calculation vulnerability in Fast String Search Project Fast String Search

All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs.

5.0
2022-06-17 CVE-2022-25345 Discordjs Use of Uninitialized Resource vulnerability in Discordjs Opus

All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer.

5.0
2022-06-17 CVE-2022-25871 Querymen Project Unspecified vulnerability in Querymen Project Querymen

All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization.

5.0
2022-06-17 CVE-2022-25872 Fast String Search Project Out-of-bounds Read vulnerability in Fast String Search Project Fast String Search

All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source.

5.0
2022-06-17 CVE-2021-41490 Rice Memory Leak vulnerability in Rice Open Motion Planning Library 1.5.0

Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior.

5.0
2022-06-16 CVE-2018-18907 Dlink Improper Authentication vulnerability in Dlink Dir-850L Firmare

An issue was discovered on D-Link DIR-850L 1.21WW devices.

5.0
2022-06-16 CVE-2022-33739 Broadcom XML Injection (aka Blind XPath Injection) vulnerability in Broadcom CA Clarity 15.9.0

CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system.

5.0
2022-06-16 CVE-2022-33756 Broadcom Insufficient Entropy vulnerability in Broadcom CA Automic Automation 12.2/12.3

CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data.

5.0
2022-06-16 CVE-2020-25459 Webank Exposure of Resource to Wrong Sphere vulnerability in Webank Federated AI Technology Enabler

An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling.

5.0
2022-06-16 CVE-2020-28865 Powerjob Insufficiently Protected Credentials vulnerability in Powerjob

An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save.

5.0
2022-06-16 CVE-2022-31295 Online Discussion Forum Site Project Authorization Bypass Through User-Controlled Key vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts.

5.0
2022-06-16 CVE-2022-27512 Citrix Use After Free vulnerability in Citrix Application Delivery Management

Temporary disruption of the ADM license service.

5.0
2022-06-16 CVE-2022-29863 Opcfoundation Allocation of Resources Without Limits or Throttling vulnerability in Opcfoundation UA .Net Standard Stack

OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation.

5.0
2022-06-16 CVE-2022-29864 Opcfoundation Resource Exhaustion vulnerability in Opcfoundation UA .Net Standard Stack

OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption.

5.0
2022-06-16 CVE-2022-29866 Opcfoundation Resource Exhaustion vulnerability in Opcfoundation UA .Net Standard Stack

OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption.

5.0
2022-06-16 CVE-2022-1642 Apple Incorrect Type Conversion or Cast vulnerability in Apple Swift

A program using swift-corelibs-foundation is vulnerable to a denial of service attack caused by a potentially malicious source producing a JSON document containing a type mismatch.

5.0
2022-06-16 CVE-2022-29862 Opcfoundation Infinite Loop vulnerability in Opcfoundation UA .Net Standard Stack

An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message.

5.0
2022-06-16 CVE-2022-29865 Opcfoundation Improper Authentication vulnerability in Opcfoundation UA .Net Standard Stack

OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials.

5.0
2022-06-16 CVE-2022-31372 Wiris Path Traversal vulnerability in Wiris Mathtype 7.28.0

Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter.

5.0
2022-06-16 CVE-2022-2098 Kromit Weak Password Requirements vulnerability in Kromit Titra

Weak Password Requirements in GitHub repository kromitgmbh/titra prior to 0.78.1.

5.0
2022-06-15 CVE-2022-21935 Johnsoncontrols Improper Authentication vulnerability in Johnsoncontrols products

A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change.

5.0
2022-06-15 CVE-2022-31044 Pagerduty Insufficiently Protected Credentials vulnerability in Pagerduty Rundeck 4.2.0/4.2.1

Rundeck is an open source automation service with a web console, command line tools and a WebAPI.

5.0
2022-06-15 CVE-2022-31069 Finastra
Nestjs Proxy Project
Information Exposure vulnerability in multiple products

NestJS Proxy is a NestJS module to decorate and proxy calls.

5.0
2022-06-15 CVE-2022-31070 Finastra
Nestjs Proxy Project
Information Exposure vulnerability in multiple products

NestJS Proxy is a NestJS module to decorate and proxy calls.

5.0
2022-06-15 CVE-2022-32155 Splunk Incorrect Permission Assignment for Critical Resource vulnerability in Splunk

In universal forwarder versions before 9.0, management services are available remotely by default.

5.0
2022-06-15 CVE-2022-32157 Splunk Missing Authentication for Critical Function vulnerability in Splunk

Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles.

5.0
2022-06-15 CVE-2022-20149 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A

5.0
2022-06-15 CVE-2022-20151 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A

5.0
2022-06-15 CVE-2022-20169 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A

5.0
2022-06-15 CVE-2022-20175 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A

5.0
2022-06-15 CVE-2022-20177 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A

5.0
2022-06-15 CVE-2022-20179 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A

5.0
2022-06-15 CVE-2022-20184 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A

5.0
2022-06-15 CVE-2022-20188 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A

5.0
2022-06-15 CVE-2022-20209 Google Out-of-bounds Write vulnerability in Google Android 12.1

In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow.

5.0
2022-06-14 CVE-2022-31060 Discourse Unspecified vulnerability in Discourse

Discourse is an open-source discussion platform.

5.0
2022-06-14 CVE-2022-29614 SAP Improper Privilege Management vulnerability in SAP Host Agent and Netweaver Abap

SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability.

5.0
2022-06-14 CVE-2022-31845 Wavlink Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927

A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.

5.0
2022-06-14 CVE-2022-31846 Wavlink Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wn535G3 Firmware M35G3R.V5030.180927

A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function.

5.0
2022-06-14 CVE-2022-31273 17Ido Improper Restriction of Excessive Authentication Attempts vulnerability in 17Ido Topidp3000 Topsec Operating System Tos3.3.005.665B.15Smpidp

An issue in TopIDP3000 Topsec Operating System tos_3.3.005.665b.15_smpidp allows attackers to perform a brute-force attack via a crafted session_id cookie.

5.0
2022-06-14 CVE-2022-30229 Siemens Improper Authentication vulnerability in Siemens Sicam Gridedge Essential

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6).

5.0
2022-06-14 CVE-2022-29509 Tandd Path Traversal vulnerability in Tandd T&D Server and Thermo Recorder Data Server Firmware

Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors.

5.0
2022-06-14 CVE-2022-31447 Magicpin XXE vulnerability in Magicpin 3.4

An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file.

5.0
2022-06-13 CVE-2022-32192 Couchbase Information Exposure vulnerability in Couchbase Server

Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.

5.0
2022-06-13 CVE-2022-32565 Couchbase Information Exposure Through Log Files vulnerability in Couchbase Server

An issue was discovered in Couchbase Server before 7.0.4.

5.0
2022-06-13 CVE-2022-32558 Couchbase Unspecified vulnerability in Couchbase Server

An issue was discovered in Couchbase Server before 7.0.4.

5.0
2022-06-13 CVE-2022-32564 Couchbase Unspecified vulnerability in Couchbase Server

An issue was discovered in Couchbase Server before 7.0.4.

5.0
2022-06-13 CVE-2022-33174 Powertekpdus Incorrect Authorization vulnerability in Powertekpdus products

Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface.

5.0
2022-06-13 CVE-2021-46811 Huawei Incorrect Default Permissions vulnerability in Huawei Emui, Harmonyos and Magic UI

HwSEServiceAPP has a vulnerability in permission management.

5.0
2022-06-13 CVE-2021-46812 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The Device Manager has a vulnerability in multi-device interaction.

5.0
2022-06-13 CVE-2021-46813 Huawei Improper Cross-boundary Removal of Sensitive Data vulnerability in Huawei Emui and Magic UI

Vulnerability of residual files not being deleted after an update in the ChinaDRM module.

5.0
2022-06-13 CVE-2022-31753 Huawei Use of Externally-Controlled Format String vulnerability in Huawei Emui, Harmonyos and Magic UI

The voice wakeup module has a vulnerability of using externally-controlled format strings.

5.0
2022-06-13 CVE-2022-31754 Huawei Unspecified vulnerability in Huawei Emui and Magic UI

Logical defects in code implementation in some products.

5.0
2022-06-13 CVE-2022-31757 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The setting module has a vulnerability of improper use of APIs.

5.0
2022-06-13 CVE-2022-31761 Huawei Unspecified vulnerability in Huawei Emui and Magic UI

Configuration defects in the secure OS module.

5.0
2022-06-13 CVE-2022-1595 HC Custom WP Admin URL Project Information Exposure vulnerability in HC Custom Wp-Admin URL Project HC Custom Wp-Admin URL 1.4

The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted request

5.0
2022-06-13 CVE-2022-32739 Otrs Unspecified vulnerability in Otrs Calendar Resource Planning and Otrs

When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number.

5.0
2022-06-13 CVE-2022-32741 Otrs Unspecified vulnerability in Otrs

Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time.

5.0
2022-06-13 CVE-2022-29525 Rakuten Use of Hard-coded Credentials vulnerability in Rakuten Casa Apfv141/Apfv200

Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 uses a hard-coded credential which may allow a remote unauthenticated attacker to log in with the root privilege and perform an arbitrary operation.

5.0
2022-06-15 CVE-2022-21180 Intel Improper Input Validation vulnerability in Intel products

Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access.

4.9
2022-06-15 CVE-2022-20159 Google Out-of-bounds Read vulnerability in Google Android

In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check.

4.9
2022-06-15 CVE-2022-20162 Google Out-of-bounds Read vulnerability in Google Android

In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check.

4.9
2022-06-15 CVE-2022-20165 Google Out-of-bounds Read vulnerability in Google Android

In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check.

4.9
2022-06-15 CVE-2022-20132 Google Out-of-bounds Read vulnerability in Google Android

In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation.

4.9
2022-06-14 CVE-2021-30338 Qualcomm Improper Input Validation vulnerability in Qualcomm Sd850 Firmware and Sdxr1 Firmware

Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute

4.9
2022-06-14 CVE-2021-35070 Qualcomm Information Exposure vulnerability in Qualcomm products

RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile

4.9
2022-06-14 CVE-2021-35080 Qualcomm Information Exposure vulnerability in Qualcomm products

Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

4.9
2022-06-14 CVE-2021-35101 Qualcomm Reachable Assertion vulnerability in Qualcomm products

Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile

4.9
2022-06-13 CVE-2022-31763 Huawei NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos

The kernel module has the null pointer and out-of-bounds array vulnerabilities.

4.9
2022-06-16 CVE-2021-36827 Ninjaforms Cross-site Scripting vulnerability in Ninjaforms Ninja Forms

Auth.

4.8
2022-06-16 CVE-2021-41421 Maianmedia Unrestricted Upload of File with Dangerous Type vulnerability in Maianmedia Maianaffiliate 1.0

A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel.

4.8
2022-06-15 CVE-2022-32550 1Password Unspecified vulnerability in 1Password products

An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service.

4.8
2022-06-14 CVE-2022-30903 Nokia Cross-site Scripting vulnerability in Nokia G-2425G-A Firmware 3Fe49362Ijhk42

Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management.

4.8
2022-06-14 CVE-2021-40658 Textpattern Cross-site Scripting vulnerability in Textpattern 4.8.7

Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”.

4.8
2022-06-13 CVE-2022-1750 Sticky Popup Project Cross-site Scripting vulnerability in Sticky Popup Project Sticky Popup 1.2

The Sticky Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ popup_title' parameter in versions up to, and including, 1.2 due to insufficient input sanitization and output escaping.

4.8
2022-06-13 CVE-2022-1961 Gtm4Wp Cross-site Scripting vulnerability in Gtm4Wp Google TAG Manager

The Google Tag Manager for WordPress (GTM4WP) plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the `gtm4wp-options[scroller-contentid]` parameter found in the `~/public/frontend.php` file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.1.

4.8
2022-06-15 CVE-2021-39806 Google Double Free vulnerability in Google Android 12.1

In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free.

4.6
2022-06-15 CVE-2022-20152 Google Out-of-bounds Write vulnerability in Google Android

In the TitanM chip, there is a possible out of bounds write due to a missing bounds check.

4.6
2022-06-15 CVE-2022-20166 Google Out-of-bounds Write vulnerability in Google Android

In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow.

4.6
2022-06-15 CVE-2022-20178 Google Integer Overflow or Wraparound vulnerability in Google Android

In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow.

4.6
2022-06-15 CVE-2022-20183 Google Out-of-bounds Write vulnerability in Google Android

In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check.

4.6
2022-06-15 CVE-2022-20185 Google Use After Free vulnerability in Google Android

In TBD of TBD, there is a possible use after free bug.

4.6
2022-06-15 CVE-2022-20192 Google Unspecified vulnerability in Google Android 12.1

In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass.

4.6
2022-06-15 CVE-2022-20194 Google Unspecified vulnerability in Google Android 12.1

In onCreate of ChooseLockGeneric.java, there is a possible permission bypass.

4.6
2022-06-15 CVE-2022-20197 Google Unspecified vulnerability in Google Android 12.1

In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass.

4.6
2022-06-15 CVE-2022-20207 Google Unspecified vulnerability in Google Android 12.1

In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value.

4.6
2022-06-14 CVE-2021-35098 Qualcomm Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products

Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

4.6
2022-06-14 CVE-2021-35118 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

4.6
2022-06-14 CVE-2021-35121 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

4.6
2022-06-17 CVE-2022-33915 Amazon Race Condition vulnerability in Amazon Hotpatch 1.112/1.116

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation.

4.4
2022-06-16 CVE-2017-20051 Jrsoftware Uncontrolled Search Path Element vulnerability in Jrsoftware Inno Setup

A vulnerability was found in InnoSetup Installer.

4.4
2022-06-15 CVE-2022-20154 Google Race Condition vulnerability in Google Android

In lock_sock_nested of sock.c, there is a possible use after free due to a race condition.

4.4
2022-06-15 CVE-2022-20176 Google Use of Uninitialized Resource vulnerability in Google Android

In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check.

4.4
2022-06-15 CVE-2022-20182 Google Missing Authorization vulnerability in Google Android

In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check.

4.4
2022-06-15 CVE-2022-20193 Google Unspecified vulnerability in Google Android 12.1

In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code.

4.4
2022-06-18 CVE-2021-46822 Libjpeg Turbo Out-of-bounds Write vulnerability in Libjpeg-Turbo

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer.

4.3
2022-06-17 CVE-2022-31873 Trendnet Cross-site Scripting vulnerability in Trendnet Tv-Ip110Wn Firmware 1.2.2.68

Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi.

4.3
2022-06-17 CVE-2022-31875 Trendnet Cross-site Scripting vulnerability in Trendnet Tv-Ip110Wn Firmware 1.2.2.68

Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi

4.3
2022-06-17 CVE-2022-21184 Atvise Insufficiently Protected Credentials vulnerability in Atvise 3.5.4/3.6/3.7

An information disclosure vulnerability exists in the License registration functionality of Bachmann Visutec GmbH Atvise 3.5.4, 3.6 and 3.7.

4.3
2022-06-17 CVE-2022-32442 Yuba Cross-site Scripting vulnerability in Yuba U5Cms 8.3.5

u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS).

4.3
2022-06-17 CVE-2022-31246 Electrum Argument Injection or Modification vulnerability in Electrum

paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data).

4.3
2022-06-16 CVE-2022-30327 Trendnet Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tew-831Dr Firmware 1.0601.130.1.1356

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices.

4.3
2022-06-16 CVE-2022-30328 Trendnet Cross-Site Request Forgery (CSRF) vulnerability in Trendnet Tew-831Dr Firmware 1.0601.130.1.1356

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices.

4.3
2022-06-16 CVE-2022-31299 Angtech Cross-site Scripting vulnerability in Angtech Haraj 3.7

Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form.

4.3
2022-06-16 CVE-2022-31294 Online Discussion Forum Site Project Cross-Site Request Forgery (CSRF) vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts.

4.3
2022-06-16 CVE-2017-20053 Xyzscripts Cross-Site Request Forgery (CSRF) vulnerability in Xyzscripts Contact Form Manager

A vulnerability was found in XYZScripts Contact Form Manager Plugin.

4.3
2022-06-16 CVE-2021-41458 Gpac Out-of-bounds Write vulnerability in Gpac Mp4Box 1.1.0

In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability.

4.3
2022-06-15 CVE-2022-28749 Zoom Unspecified vulnerability in Zoom On-Premise Meeting Connector Multimedia Router 4.8.113.20220526

Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee.

4.3
2022-06-15 CVE-2022-30666 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

4.3
2022-06-15 CVE-2022-30667 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

4.3
2022-06-15 CVE-2022-30668 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

4.3
2022-06-15 CVE-2022-30669 Adobe Out-of-bounds Read vulnerability in Adobe Illustrator

Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

4.3
2022-06-15 CVE-2021-36891 Supsystic Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Photo Gallery

Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings.

4.3
2022-06-15 CVE-2021-41415 Subscription Manager Project Cross-site Scripting vulnerability in Subscription-Manager Project Subscription-Manager 1.0

Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter.

4.3
2022-06-15 CVE-2022-28850 Adobe Out-of-bounds Read vulnerability in Adobe Bridge

Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

4.3
2022-06-15 CVE-2021-40910 Phpcms Cross-site Scripting vulnerability in PHPcms 9.6.3

There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side.

4.3
2022-06-15 CVE-2022-29439 Nextcode Cross-Site Request Forgery (CSRF) vulnerability in Nextcode Image Slider BY Nextcode

Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides.

4.3
2022-06-15 CVE-2022-29441 Private Messages Project Cross-Site Request Forgery (CSRF) vulnerability in Private Messages Project Private Messages

Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages.

4.3
2022-06-15 CVE-2022-29453 Ayecode Cross-Site Request Forgery (CSRF) vulnerability in Ayecode API KEY for Google Maps

Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update.

4.3
2022-06-15 CVE-2021-36901 Asylumdigital Cross-site Scripting vulnerability in Asylumdigital AGE Gate

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress.

4.3
2022-06-15 CVE-2022-20202 Google Out-of-bounds Write vulnerability in Google Android 12.1

In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow.

4.3
2022-06-14 CVE-2022-32240 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-06-14 CVE-2022-32241 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-06-14 CVE-2022-32242 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-06-14 CVE-2022-32243 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-06-14 CVE-2022-32236 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-06-14 CVE-2022-32237 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-06-14 CVE-2022-32238 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-06-14 CVE-2022-29618 SAP Cross-site Scripting vulnerability in SAP Netweaver Development Infrastructure

Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser.

4.3
2022-06-14 CVE-2022-32235 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-06-14 CVE-2022-29612 SAP Server-Side Request Forgery (SSRF) vulnerability in SAP Host Agent and Netweaver Abap

SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information.

4.3
2022-06-14 CVE-2022-30930 Phpgurukul Cross-Site Request Forgery (CSRF) vulnerability in PHPgurukul Tourism Management System 3.2

Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).

4.3
2022-06-14 CVE-2022-31403 Combodo Cross-site Scripting vulnerability in Combodo Itop 3.0.1

ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php.

4.3
2022-06-14 CVE-2021-37182 Siemens Improper Validation of Integrity Check Value vulnerability in Siemens products

A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5).

4.3
2022-06-14 CVE-2021-40650 Softwareag Missing Encryption of Sensitive Data vulnerability in Softwareag Connx 6.2.0.1269

In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set.

4.3
2022-06-14 CVE-2022-27219 Siemens Improper Restriction of Rendered UI Layers or Frames vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2).

4.3
2022-06-14 CVE-2022-27220 Siemens Improper Restriction of Rendered UI Layers or Frames vulnerability in Siemens Sinema Remote Connect Server

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2).

4.3
2022-06-14 CVE-2022-30228 Siemens Origin Validation Error vulnerability in Siemens Sicam Gridedge Essential

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6).

4.3
2022-06-14 CVE-2022-32145 Siemens Cross-site Scripting vulnerability in Siemens Teamcenter Active Workspace 5.2/5.2.3

A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3).

4.3
2022-06-14 CVE-2022-32285 Mendix XXE vulnerability in Mendix Saml

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3).

4.3
2022-06-14 CVE-2022-32286 Mendix Cross-site Scripting vulnerability in Mendix Saml

A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3).

4.3
2022-06-14 CVE-2022-29482 Dena Improper Certificate Validation vulnerability in Dena Mobaoku-Auction & Flea Market

'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

4.3
2022-06-14 CVE-2022-29485 SS Proj Cross-site Scripting vulnerability in Ss-Proj Shirasagi

Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors.

4.3
2022-06-13 CVE-2021-41663 1234N Cross-site Scripting vulnerability in 1234N Minicms 1.11

A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11.

4.3
2022-06-13 CVE-2022-29455 Elementor Cross-site Scripting vulnerability in Elementor Website Builder

DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions.

4.3
2022-06-13 CVE-2022-1532 Themify Cross-site Scripting vulnerability in Themify Woocommerce Product Filter

Themify WordPress plugin before 1.3.8 does not sanitise and escape the page parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

4.3
2022-06-13 CVE-2022-1594 HC Custom WP Admin URL Project Cross-Site Request Forgery (CSRF) vulnerability in HC Custom Wp-Admin URL Project HC Custom Wp-Admin URL 1.4

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL

4.3
2022-06-13 CVE-2022-1604 Mailerlite Cross-site Scripting vulnerability in Mailerlite Signup Forms

The MailerLite WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

4.3
2022-06-13 CVE-2022-1605 Email Users Project Cross-Site Request Forgery (CSRF) vulnerability in Email Users Project Email Users 4.8.8

The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users

4.3
2022-06-13 CVE-2022-1608 Byonepress Cross-Site Request Forgery (CSRF) vulnerability in Byonepress Social Locker

The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3
2022-06-13 CVE-2022-1612 Webriti Cross-Site Request Forgery (CSRF) vulnerability in Webriti Smtp Mail 1.0

The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3
2022-06-13 CVE-2022-1624 Latest Tweets Widget Project Cross-Site Request Forgery (CSRF) vulnerability in Latest Tweets Widget Project Latest Tweets Widget 1.1.4

The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3
2022-06-13 CVE-2022-1694 Useful Banner Manager Project Cross-Site Request Forgery (CSRF) vulnerability in Useful Banner Manager Project Useful Banner Manager 1.6.1

The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form.

4.3
2022-06-13 CVE-2022-1724 Simple Membership Plugin Cross-site Scripting vulnerability in Simple-Membership-Plugin Simple Membership

The Simple Membership WordPress plugin before 4.1.1 does not properly sanitise and escape parameters before outputting them back in AJAX actions, leading to Reflected Cross-Site Scripting

4.3
2022-06-13 CVE-2022-1756 Thenewsletterplugin Cross-site Scripting vulnerability in Thenewsletterplugin Newsletter

The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages.

4.3
2022-06-13 CVE-2022-1773 WP Athletics Project Cross-site Scripting vulnerability in WP Athletics Project WP Athletics

The WP Athletics WordPress plugin through 1.1.7 does not sanitise and escape a parameter before outputting back in an admin page, leading to a Reflected Cross-Site Scripting

4.3
2022-06-13 CVE-2022-1788 Change Uploaded File Permissions Project Cross-Site Request Forgery (CSRF) vulnerability in Change Uploaded File Permissions Project Change Uploaded File Permissions

Due to missing checks the Change Uploaded File Permissions WordPress plugin through 4.0.0 is vulnerable to CSRF attacks.

4.3
2022-06-13 CVE-2022-1790 NEW User Email SET UP Project Cross-Site Request Forgery (CSRF) vulnerability in NEW User Email SET UP Project NEW User Email SET UP

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3
2022-06-13 CVE-2022-1793 Private Files Project Cross-Site Request Forgery (CSRF) vulnerability in Private Files Project Private Files 0.40

The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public

4.3
2022-06-13 CVE-2022-2066 Facturascripts Cross-site Scripting vulnerability in Facturascripts

Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06.

4.3
2022-06-13 CVE-2022-32740 Otrs Unspecified vulnerability in Otrs

A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances.

4.3
2022-06-13 CVE-2017-20041 Ucweb Improper Restriction of Rendered UI Layers or Frames vulnerability in Ucweb UC Browser 11.2.5.932

A vulnerability was found in Ucweb UC Browser 11.2.5.932.

4.3
2022-06-13 CVE-2022-27174 Easy Blog Project Cross-Site Request Forgery (CSRF) vulnerability in Easy Blog Project Easy Blog

Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page.

4.3
2022-06-13 CVE-2022-27231 Veronalabs Cross-site Scripting vulnerability in Veronalabs WP Statistics

Cross-site scripting vulnerability exists in WP Statistics versions prior to 13.2.0 because it improperly processes a platform parameter.

4.3
2022-06-13 CVE-2022-2013 Octopus Unspecified vulnerability in Octopus Deploy

In Octopus Server after version 2022.1.1495 and before 2022.1.2647 if private spaces were enabled via the experimental feature flag all new users would have access to the Script Console within their private space.

4.3
2022-06-17 CVE-2022-21503 Oracle Unspecified vulnerability in Oracle Cloud Infrastructure

Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services.

4.0
2022-06-15 CVE-2022-24436 Intel Information Exposure Through Discrepancy vulnerability in Intel *

Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access.

4.0
2022-06-15 CVE-2022-23823 AMD Information Exposure Through Discrepancy vulnerability in AMD products

A potential vulnerability in some AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack to potentially enable information disclosure.

4.0
2022-06-15 CVE-2022-32154 Splunk Command Injection vulnerability in Splunk

Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request.

4.0
2022-06-14 CVE-2022-31046 Typo3 Cleartext Transmission of Sensitive Information vulnerability in Typo3

TYPO3 is an open source web content management system.

4.0
2022-06-14 CVE-2022-29238 Jupyter Forced Browsing vulnerability in Jupyter Notebook

Jupyter Notebook is a web-based notebook environment for interactive computing.

4.0
2022-06-14 CVE-2022-30231 Siemens Insufficiently Protected Credentials vulnerability in Siemens Sicam Gridedge Essential

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6).

4.0
2022-06-14 CVE-2022-31415 Online Fire Reporting System Project SQL Injection vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0

Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php.

4.0
2022-06-13 CVE-2022-0745 Likebtn Missing Authorization vulnerability in Likebtn Like Button Rating

The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body

4.0
2022-06-13 CVE-2022-31041 Maykinmedia Unrestricted Upload of File with Dangerous Type vulnerability in Maykinmedia Open Forms

Open Forms is an application for creating and publishing smart forms.

4.0

78 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-06-14 CVE-2022-31066 Edgexfoundry Unspecified vulnerability in Edgexfoundry Edgex Foundry

EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing.

3.6
2022-06-14 CVE-2022-29615 SAP Deserialization of Untrusted Data vulnerability in SAP Netweaver Developer Studio 7.50

SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x.

3.6
2022-06-14 CVE-2021-35084 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

3.6
2022-06-14 CVE-2021-35085 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer overflow due to lack of buffer length check during management frame Rx handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

3.6
2022-06-16 CVE-2022-30326 Trendnet Cross-site Scripting vulnerability in Trendnet Tew-831Dr Firmware 1.0601.130.1.1356

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices.

3.5
2022-06-16 CVE-2021-33295 Joplin Project Cross-site Scripting vulnerability in Joplin Project Joplin

Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html.

3.5
2022-06-16 CVE-2021-36608 Webtareas Project Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.2

Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php.

3.5
2022-06-16 CVE-2021-36609 Webtareas Project Cross-site Scripting vulnerability in Webtareas Project Webtareas 2.2

Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php.

3.5
2022-06-16 CVE-2022-31301 Angtech Cross-site Scripting vulnerability in Angtech Haraj 3.7

Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component.

3.5
2022-06-16 CVE-2021-41420 Maianmedia Cross-site Scripting vulnerability in Maianmedia Maianaffiliate 1.0

A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel.

3.5
2022-06-16 CVE-2022-31298 Angtech Cross-site Scripting vulnerability in Angtech Haraj 3.7

A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

3.5
2022-06-16 CVE-2022-31300 Angtech Cross-site Scripting vulnerability in Angtech Haraj 3.7

A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.

3.5
2022-06-16 CVE-2022-31906 Online Fire Reporting System Project Cross-site Scripting vulnerability in Online Fire Reporting System Project Online Fire Reporting System 1.0

Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php.

3.5
2022-06-16 CVE-2022-31910 Online Tutor Portal Site Project Cross-site Scripting vulnerability in Online Tutor Portal Site Project Online Tutor Portal Site 1.0

Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (XSS).

3.5
2022-06-16 CVE-2022-31913 Online Discussion Forum Site Project Cross-site Scripting vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0

Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name.

3.5
2022-06-16 CVE-2017-20054 Xyzscripts Cross-site Scripting vulnerability in Xyzscripts Contact Form Manager

A vulnerability was found in XYZScripts Contact Form Manager Plugin.

3.5
2022-06-16 CVE-2017-20055 Bestwebsoft Cross-site Scripting vulnerability in Bestwebsoft Contact Form 4.0.0

A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0.

3.5
2022-06-16 CVE-2017-20056 Intechnosoftware Cross-site Scripting vulnerability in Intechnosoftware User Login LOG 2.2.1

A vulnerability was found in weblizar User Login Log Plugin 2.2.1.

3.5
2022-06-16 CVE-2022-30533 Webnus Cross-site Scripting vulnerability in Webnus Modern Events Calendar Lite

Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors.

3.5
2022-06-15 CVE-2022-21938 Johnsoncontrols Cross-site Scripting vulnerability in Johnsoncontrols products

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface.

3.5
2022-06-15 CVE-2022-29452 Atlasgondal Cross-site Scripting vulnerability in Atlasgondal Export ALL Urls

Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress.

3.5
2022-06-15 CVE-2022-32280 Xakuro Cross-site Scripting vulnerability in Xakuro XO Slider

Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress.

3.5
2022-06-15 CVE-2022-24004 Vanderbilt Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11.

3.5
2022-06-15 CVE-2022-24127 Vanderbilt Cross-site Scripting vulnerability in Vanderbilt Redcap 12.0.11

A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11.

3.5
2022-06-15 CVE-2022-29443 Nicdark Cross-site Scripting vulnerability in Nicdark Hotel Booking

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress.

3.5
2022-06-15 CVE-2022-29438 Nextcode Cross-site Scripting vulnerability in Nextcode Image Slider BY Nextcode

Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress.

3.5
2022-06-15 CVE-2022-29440 Promotion Slider Project Cross-site Scripting vulnerability in Promotion Slider Project Promotion Slider

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin <= 3.3.4 at WordPress.

3.5
2022-06-15 CVE-2022-29442 Private Messages Project Cross-site Scripting vulnerability in Private Messages Project Private Messages

Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress.

3.5
2022-06-15 CVE-2022-27859 Nicdark Cross-site Scripting vulnerability in Nicdark Nd-Travel

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o.

3.5
2022-06-15 CVE-2022-29406 Dynamicweblab Cross-site Scripting vulnerability in Dynamicweblab Wp-Team-Manager

Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin <= 1.6.9 at WordPress.

3.5
2022-06-15 CVE-2022-2087 Bank Management System Project Cross-site Scripting vulnerability in Bank Management System Project Bank Management System 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0.

3.5
2022-06-14 CVE-2022-31048 Typo3 Cross-site Scripting vulnerability in Typo3

TYPO3 is an open source web content management system.

3.5
2022-06-14 CVE-2022-31049 Typo3 Cross-site Scripting vulnerability in Typo3

TYPO3 is an open source web content management system.

3.5
2022-06-14 CVE-2022-32561 Couchbase Unspecified vulnerability in Couchbase Server

An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4.

3.5
2022-06-14 CVE-2021-40678 Piwigo Cross-site Scripting vulnerability in Piwigo 11.5.0

In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit.

3.5
2022-06-14 CVE-2022-2079 Xgenecloud Cross-site Scripting vulnerability in Xgenecloud Nocodb

Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+.

3.5
2022-06-13 CVE-2022-32193 Couchbase Information Exposure Through Log Files vulnerability in Couchbase Server

Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor.

3.5
2022-06-13 CVE-2022-0209 Facebook Wall AND Social Integration Project Cross-site Scripting vulnerability in Facebook-Wall-And-Social-Integration Project Facebook-Wall-And-Social-Integration 1.10

The Mitsol Social Post Feed WordPress plugin before 1.11 does not escape some of its settings before outputting them back in attributes, which could allow high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

3.5
2022-06-13 CVE-2021-40902 Flatcore Cross-site Scripting vulnerability in Flatcore Flatcore-Cms 2.0.8

flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page.

3.5
2022-06-13 CVE-2022-1335 Ceikay Cross-site Scripting vulnerability in Ceikay Slideshow CK 1.4.10

The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

3.5
2022-06-13 CVE-2022-1336 Ceikay Cross-site Scripting vulnerability in Ceikay Carousel CK 1.1.0

The Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

3.5
2022-06-13 CVE-2022-1549 WP Athletics Project Cross-site Scripting vulnerability in WP Athletics Project WP Athletics

The WP Athletics WordPress plugin through 1.1.7 does not sanitize parameters before storing them in the database, nor does it escape the values when outputting them back in the admin dashboard, leading to a Stored Cross-Site Scripting vulnerability.

3.5
2022-06-13 CVE-2022-1710 Dwbooster Cross-site Scripting vulnerability in Dwbooster Appointment Hour Booking

The Appointment Hour Booking WordPress plugin before 1.3.56 does not sanitise and escape a settings of its Calendar fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.

3.5
2022-06-13 CVE-2022-1759 RB Internal Links Project Cross-Site Request Forgery (CSRF) vulnerability in RB Internal Links Project RB Internal Links

The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping

3.5
2022-06-13 CVE-2022-1763 Static Page Extended Project Cross-Site Request Forgery (CSRF) vulnerability in Static Page Extended Project Static Page Extended

Due to missing checks the Static Page eXtended WordPress plugin through 2.1 is vulnerable to CSRF attacks which allows changing the plugin settings, including required user levels for specific features.

3.5
2022-06-13 CVE-2022-1764 WP Chgfontsize Project Cross-Site Request Forgery (CSRF) vulnerability in Wp-Chgfontsize Project Wp-Chgfontsize

The WP-chgFontSize WordPress plugin through 1.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

3.5
2022-06-13 CVE-2022-1780 Latex Project Cross-Site Request Forgery (CSRF) vulnerability in Latex Project Latex 3.4.10

The LaTeX for WordPress plugin through 3.4.10 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack which could also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

3.5
2022-06-13 CVE-2022-1781 Posttabs Project Cross-Site Request Forgery (CSRF) vulnerability in Posttabs Project Posttabs

The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

3.5
2022-06-13 CVE-2022-1787 Sideblog Project Cross-Site Request Forgery (CSRF) vulnerability in Sideblog Project Sideblog

The Sideblog WordPress plugin through 6.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping

3.5
2022-06-13 CVE-2022-1792 Quick Subscribe Project Cross-Site Request Forgery (CSRF) vulnerability in Quick Subscribe Project Quick Subscribe

The Quick Subscribe WordPress plugin through 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and leading to Stored XSS due to the lack of sanitisation and escaping in some of them

3.5
2022-06-13 CVE-2022-1814 WP Admin Style Project Cross-site Scripting vulnerability in WP Admin Style Project WP Admin Style 0.1.2

The WP Admin Style WordPress plugin through 0.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

3.5
2022-06-13 CVE-2022-2065 Facturascripts Cross-site Scripting vulnerability in Facturascripts

Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06.

3.5
2022-06-13 CVE-2022-31398 Helpdeskz Cross-site Scripting vulnerability in Helpdeskz 2.0.2

A cross-site scripting (XSS) vulnerability in /staff/tools/custom-fields of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field.

3.5
2022-06-13 CVE-2022-31400 Helpdeskz Cross-site Scripting vulnerability in Helpdeskz 2.0.2

A cross-site scripting (XSS) vulnerability in /staff/setup/email-addresses of Helpdeskz v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email name field.

3.5
2022-06-13 CVE-2022-29894 Strapi Cross-site Scripting vulnerability in Strapi

Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function.

3.5
2022-06-18 CVE-2022-33981 Linux
Debian
Use After Free vulnerability in multiple products

drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.

3.3
2022-06-16 CVE-2022-30325 Trendnet Weak Password Requirements vulnerability in Trendnet Tew-831Dr Firmware 1.0601.130.1.1356

An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices.

3.3
2022-06-15 CVE-2022-31071 Octopoller Project Incorrect Default Permissions vulnerability in Octopoller Project Octopoller 0.2.0

Octopoller is a micro gem for polling and retrying.

2.1
2022-06-15 CVE-2022-31072 Octokit Project Incorrect Default Permissions vulnerability in Octokit Project Octokit 4.23.0/4.24.0

Octokit is a Ruby toolkit for the GitHub API.

2.1
2022-06-15 CVE-2022-21937 Johnsoncontrols Cross-site Scripting vulnerability in Johnsoncontrols products

Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface.

2.1
2022-06-15 CVE-2022-1342 Devolutions Insufficiently Protected Credentials vulnerability in Devolutions Remote Desktop Manager

A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data.

2.1
2022-06-15 CVE-2022-22444 IBM Unspecified vulnerability in IBM AIX and Vios

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service.

2.1
2022-06-15 CVE-2022-20146 Google Unspecified vulnerability in Google Android

In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy.

2.1
2022-06-15 CVE-2022-20174 Google Out-of-bounds Read vulnerability in Google Android

In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check.

2.1
2022-06-15 CVE-2022-20198 Google Out-of-bounds Read vulnerability in Google Android 12.1

In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check.

2.1
2022-06-15 CVE-2022-20205 Google Improper Input Validation vulnerability in Google Android 12.1

In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation.

2.1
2022-06-15 CVE-2022-20208 Google Out-of-bounds Read vulnerability in Google Android 12.1

In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check.

2.1
2022-06-14 CVE-2021-35071 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

2.1
2022-06-14 CVE-2021-35079 Qualcomm Improper Preservation of Permissions vulnerability in Qualcomm products

Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

2.1
2022-06-14 CVE-2021-35119 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Potential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

2.1
2022-06-13 CVE-2022-31752 Huawei Missing Authorization vulnerability in Huawei Emui and Magic UI

Missing authorization vulnerability in the system components.

2.1
2022-06-13 CVE-2022-31756 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The fingerprint sensor module has design defects.

2.1
2022-06-13 CVE-2022-31759 Huawei Access of Uninitialized Pointer vulnerability in Huawei Emui, Harmonyos and Magic UI

AppLink has a vulnerability of accessing uninitialized pointers.

2.1
2022-06-13 CVE-2022-1772 Google Places Reviews Project Cross-site Scripting vulnerability in Google Places Reviews Project Google Places Reviews

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel.

2.1
2022-06-13 CVE-2022-2061 Chafa Project Out-of-bounds Write vulnerability in Chafa Project Chafa

Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0.

2.1
2022-06-15 CVE-2022-20195 Google Deserialization of Untrusted Data vulnerability in Google Android 12.1

In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization.

1.9
2022-06-15 CVE-2022-20196 Google Unspecified vulnerability in Google Android 12.1

In gallery3d and photos, there is a possible permission bypass due to a confused deputy.

1.9
2022-06-13 CVE-2022-31758 Huawei Race Condition vulnerability in Huawei Emui, Harmonyos and Magic UI

The kernel module has the race condition vulnerability.

1.9