Weekly Vulnerabilities Reports > July 11 to 17, 2022
Overview
556 new vulnerabilities reported during this period, including 145 critical vulnerabilities and 187 high severity vulnerabilities. This weekly summary report vulnerabilities in 707 products from 286 vendors including Google, Siemens, SAP, IBM, and Pexip. Vulnerabilities are notably categorized as "Path Traversal", "Cross-site Scripting", "Out-of-bounds Read", "Out-of-bounds Write", and "SQL Injection".
- 425 reported vulnerabilities are remotely exploitables.
- 30 reported vulnerabilities have public exploit available.
- 192 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 375 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 48 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
145 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-07-17 | CVE-2022-26479 | Poly | Incorrect Authorization vulnerability in Poly Eagleeye Director II Firmware An issue was discovered in Poly EagleEye Director II before 2.2.2.1. | 9.8 |
2022-07-17 | CVE-2022-31209 | Infiray | Classic Buffer Overflow vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. | 9.8 |
2022-07-17 | CVE-2022-31210 | Infiray | Use of Hard-coded Credentials vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. | 9.8 |
2022-07-17 | CVE-2022-31211 | Infiray | Weak Password Requirements vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. | 9.8 |
2022-07-17 | CVE-2022-32985 | Nexans | Use of Hard-coded Credentials vulnerability in Nexans products libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201. | 9.8 |
2022-07-17 | CVE-2022-26352 | Dotcms | Unspecified vulnerability in Dotcms An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. | 9.8 |
2022-07-16 | CVE-2021-36711 | Octobot | Unrestricted Upload of File with Dangerous Type vulnerability in Octobot 0.4.1/0.4.2/0.4.3 WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled. | 9.8 |
2022-07-16 | CVE-2017-20130 | Itechscripts | SQL Injection vulnerability in Itechscripts Real Estate Script 3.12 A vulnerability was found in Itech Real Estate Script 3.12. | 9.8 |
2022-07-16 | CVE-2017-20131 | Itechscripts | SQL Injection vulnerability in Itechscripts News Portal Script 6.28 A vulnerability was found in Itech News Portal 6.28. | 9.8 |
2022-07-16 | CVE-2017-20132 | Itechscripts | SQL Injection vulnerability in Itechscripts Multi Vendor Script 6.49 A vulnerability was found in Itech Multi Vendor Script 6.49 and classified as critical. | 9.8 |
2022-07-16 | CVE-2017-20133 | Itechscripts | Improper Authentication vulnerability in Itechscripts JOB Portal Script 9.13 A vulnerability, which was classified as critical, was found in Itech Job Portal Script 9.13. | 9.8 |
2022-07-16 | CVE-2017-20134 | Itechscripts | SQL Injection vulnerability in Itechscripts Freelancer Script 5.13 A vulnerability, which was classified as critical, has been found in Itech Freelancer Script 5.13. | 9.8 |
2022-07-16 | CVE-2017-20135 | Itechscripts | SQL Injection vulnerability in Itechscripts Dating Script 3.26 A vulnerability classified as critical was found in Itech Dating Script 3.26. | 9.8 |
2022-07-16 | CVE-2017-20138 | Itechscripts | SQL Injection vulnerability in Itechscripts Auction Script 6.49 A vulnerability was found in Itech Auction Script 6.49. | 9.8 |
2022-07-15 | CVE-2022-31161 | Roxy WI | Unspecified vulnerability in Roxy-Wi Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers. | 9.8 |
2022-07-15 | CVE-2022-35890 | Inductiveautomation | Incorrect Authorization vulnerability in Inductiveautomation Ignition An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. | 9.8 |
2022-07-14 | CVE-2022-32409 | Softwarepublico | Path Traversal vulnerability in Softwarepublico I3Geo 7.0.5 A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request. | 9.8 |
2022-07-14 | CVE-2022-32417 | Pbootcms | Code Injection vulnerability in Pbootcms 3.1.2 PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php. | 9.8 |
2022-07-14 | CVE-2022-28369 | Verizon | Unrestricted Upload of File with Dangerous Type vulnerability in Verizon Lvskihp Indoorunit Firmware 3.4.66.162 Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provide a malicious URL. | 9.8 |
2022-07-14 | CVE-2022-28373 | Verizon | OS Command Injection vulnerability in Verizon Lvskihp Indoorunit Firmware 3.4.66.162 Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua. | 9.8 |
2022-07-14 | CVE-2022-28375 | Verizon | OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0 Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. | 9.8 |
2022-07-14 | CVE-2022-30113 | Fahou100 | SQL Injection vulnerability in Fahou100 Electronic Mall System 1.0 Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection. | 9.8 |
2022-07-14 | CVE-2017-20129 | Logostore Project | SQL Injection vulnerability in Logostore Project Logostore A vulnerability was found in LogoStore. | 9.8 |
2022-07-13 | CVE-2022-35857 | KVF Admin Project | Use of Hard-coded Credentials vulnerability in Kvf-Admin Project Kvf-Admin 20220212 kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled. | 9.8 |
2022-07-13 | CVE-2022-34756 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware 01.401.101/01.401.102 A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI. | 9.8 |
2022-07-13 | CVE-2022-20216 | Unspecified vulnerability in Google Android android exported is used to set third-party app access permissions, and the default value of intent-filter is true. | 9.8 | |
2022-07-13 | CVE-2022-20222 | Out-of-bounds Write vulnerability in Google Android 12.0/12.1 In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check. | 9.8 | |
2022-07-13 | CVE-2022-20229 | Out-of-bounds Write vulnerability in Google Android In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check. | 9.8 | |
2022-07-13 | CVE-2022-20238 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android 'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555 | 9.8 | |
2022-07-13 | CVE-2017-20126 | KB Affiliate Referral Script Project | SQL Injection vulnerability in KB Affiliate Referral Script Project KB Affiliate Referral Script 1.0 A vulnerability was found in KB Affiliate Referral Script 1.0. | 9.8 |
2022-07-13 | CVE-2017-20127 | KB Login Authentication Script Project | SQL Injection vulnerability in KB Login Authentication Script Project KB Login Authentication Script 1.1 A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical. | 9.8 |
2022-07-13 | CVE-2017-20128 | KB Messages PHP Script Project | SQL Injection vulnerability in KB Messages PHP Script Project KB Messages PHP Script 1.0 A vulnerability has been found in KB Messages PHP Script 1.0 and classified as critical. | 9.8 |
2022-07-13 | CVE-2022-28888 | Spryker | OS Command Injection vulnerability in Spryker Cloud Commerce Spryker Commerce OS 1.4.2 allows Remote Command Execution. | 9.8 |
2022-07-13 | CVE-2022-32073 | Wolfssh | Integer Overflow or Wraparound vulnerability in Wolfssh 1.4.7 WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR. | 9.8 |
2022-07-12 | CVE-2022-35628 | In2Code | SQL Injection vulnerability in In2Code Living User Experience A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3. | 9.8 |
2022-07-12 | CVE-2022-29600 | Oliverklee | SQL Injection vulnerability in Oliverklee Oelib The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection. | 9.8 |
2022-07-12 | CVE-2022-29601 | Oliverklee | SQL Injection vulnerability in Oliverklee Seminars The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection. | 9.8 |
2022-07-12 | CVE-2022-22997 | Westerndigital | OS Command Injection vulnerability in Westerndigital MY Cloud Home DUO Firmware and MY Cloud Home Firmware Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices. | 9.8 |
2022-07-12 | CVE-2022-2298 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Clinic'S Patient Management System 2.0 A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical. | 9.8 |
2022-07-11 | CVE-2020-29506 | Dell Oracle | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability. | 9.8 |
2022-07-11 | CVE-2020-29507 | Dell Oracle | Improper Input Validation vulnerability in multiple products Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability. | 9.8 |
2022-07-11 | CVE-2020-29508 | Dell Oracle | Improper Input Validation vulnerability in multiple products Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability. | 9.8 |
2022-07-11 | CVE-2020-35163 | Dell Oracle | Use of Insufficiently Random Values vulnerability in multiple products Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability. | 9.8 |
2022-07-11 | CVE-2020-35166 | Dell Oracle | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. | 9.8 |
2022-07-11 | CVE-2020-35167 | Dell Oracle | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. | 9.8 |
2022-07-11 | CVE-2020-35168 | Dell Oracle | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. | 9.8 |
2022-07-11 | CVE-2020-35169 | Dell Oracle | Improper Input Validation vulnerability in multiple products Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability. | 9.8 |
2022-07-11 | CVE-2020-4150 | IBM | Use of Hard-coded Credentials vulnerability in IBM Security Siteprotector System 3.1.1 IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 9.8 |
2022-07-11 | CVE-2022-1057 | Varktech | Unspecified vulnerability in Varktech Pricing Deals for Woocommerce The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection | 9.8 |
2022-07-11 | CVE-2022-1952 | Syntactics | Unspecified vulnerability in Syntactics Free Booking Plugin for Hotels, Restaurant and CAR Rental The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. | 9.8 |
2022-07-11 | CVE-2022-2302 | Lenze | Improper Authentication vulnerability in Lenze C520 Firmware, C550 Firmware and C750 Firmware Multiple Lenze products of the cabinet series skip the password verification upon second login. | 9.8 |
2022-07-11 | CVE-2022-2368 | Microweber | Unspecified vulnerability in Microweber Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. | 9.8 |
2022-07-11 | CVE-2022-32294 | Zimbra | Incorrect Authorization vulnerability in Zimbra Collaboration 8.8.15 Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). | 9.8 |
2022-07-11 | CVE-2022-31570 | Ceneo WEB Scrapper Project | Path Traversal vulnerability in Ceneo-Web-Scrapper Project Ceneo-Web-Scrapper 20210315 The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.8 |
2022-07-12 | CVE-2022-31105 | Linuxfoundation Argoproj | Improper Certificate Validation vulnerability in multiple products Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 9.6 |
2022-07-11 | CVE-2022-31501 | Onyxforum Project | Path Traversal vulnerability in Onyxforum Project Onyxforum The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31502 | Wormnest Project | Path Traversal vulnerability in Wormnest Project Wormnest The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31503 | Orchest | Path Traversal vulnerability in Orchest The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31504 | Baiduwenkuspider Flaskweb Project | Path Traversal vulnerability in Baiduwenkuspider Flaskweb Project Baiduwenkuspider Flaskweb The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31505 | Mercadoenlineaback Project | Path Traversal vulnerability in Mercadoenlineaback Project Mercadoenlineaback The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31506 | CMU | Path Traversal vulnerability in CMU Opendiamond The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31507 | Ganga Project | Path Traversal vulnerability in Ganga Project Ganga The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31508 | Idayrus | Path Traversal vulnerability in Idayrus E-Voting The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31509 | Iedadata | Path Traversal vulnerability in Iedadata Usap-Dc web Submission and Dataset Search 1.0/1.0.0/1.0.1 The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31510 | Simple RAT Project | Path Traversal vulnerability in Simple-Rat Project Simple-Rat 20220503 The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31511 | Equanimity Project | Path Traversal vulnerability in Equanimity Project Equanimity The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31512 | Flask MVC Project | Path Traversal vulnerability in Flask-Mvc Project Flask-Mvc The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31513 | Krypton Project | Path Traversal vulnerability in Krypton Project Krypton The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31514 | FAN Platform Project | Path Traversal vulnerability in FAN Platform Project FAN Platform The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31515 | Carceresbe Project | Path Traversal vulnerability in Carceresbe Project Carceresbe 1.0 The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31516 | Harveyzyh Python Project | Path Traversal vulnerability in Harveyzyh Python Project Harveyzyh Python The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31517 | Mercury Sample Manager Project | Path Traversal vulnerability in Mercury Sample Manager Project Mercury Sample Manager 20210420 The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31518 | Python Recipe Database Project | Path Traversal vulnerability in Python-Recipe-Database Project Python-Recipe-Database The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31519 | Windmill Project | Path Traversal vulnerability in Windmill Project Windmill 1.0 The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31520 | Logstash Management API Project | Path Traversal vulnerability in Logstash-Management-Api Project Logstash-Management-Api The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31521 | Mosaic Project | Path Traversal vulnerability in Mosaic Project Mosaic 1.0.0 The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31522 | Karaokey Project | Path Traversal vulnerability in Karaokey Project Karaokey The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31523 | Paddlepaddle | Path Traversal vulnerability in Paddlepaddle Anakin 0.1.0/0.1.1 The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31524 | Purestorage | Path Traversal vulnerability in Purestorage Pure Swagger The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31525 | Deep Learning Studio Project | Path Traversal vulnerability in Deep Learning Studio Project Deep Learning Studio 0.1.0 The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31526 | Thunderatz | Path Traversal vulnerability in Thunderatz Thunderdocs 20200501 The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31527 | Flask File Server Project | Path Traversal vulnerability in Flask-File-Server Project Flask-File-Server The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31528 | Bonn Activity Maps Annotation Tool Project | Path Traversal vulnerability in Bonn Activity Maps Annotation Tool Project Bonn Activity Maps Annotation Tool The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31529 | Monorepo Project | Path Traversal vulnerability in Monorepo Project Monorepo The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31530 | CSM Server Project | Path Traversal vulnerability in CSM Server Project CSM Server The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31531 | Dainst | Path Traversal vulnerability in Dainst Cilantro The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31532 | Travel Blahg Project | Path Traversal vulnerability in Travel Blahg Project Travel Blahg The dankolbman/travel_blahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31533 | Umbral Project | Path Traversal vulnerability in Umbral Project Umbral 20200115 The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31534 | Pythonweb Project | Path Traversal vulnerability in Pythonweb Project Pythonweb 20181031 The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31535 | Fishtank Project | Path Traversal vulnerability in Fishtank Project Fishtank 20150624 The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31536 | Ytdl Sync Project | Path Traversal vulnerability in Ytdl-Sync Project Ytdl-Sync 20210102 The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31537 | Solar System Simulator Project | Path Traversal vulnerability in Solar-System-Simulator Project Solar-System-Simulator 20210726 The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31538 | MP M08 Interface Project | Path Traversal vulnerability in Mp-M08-Interface Project Mp-M08-Interface 20201210 The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31539 | Kotekan Project | Path Traversal vulnerability in Kotekan Project Kotekan The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31540 | HIN ENG Preprocessing Project | Path Traversal vulnerability in Hin-Eng-Preprocessing Project Hin-Eng-Preprocessing 20190716 The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31541 | Barry Voice Assistant Project | Path Traversal vulnerability in Barry Voice Assistant Project Barry Voice Assistant 20210118 The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31542 | Mdweb Project | Path Traversal vulnerability in Mdweb Project Mdweb 20150507 The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31543 | Setupbox Project | Path Traversal vulnerability in Setupbox Project Setupbox 1.0 The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31544 | Xtomo | Path Traversal vulnerability in Xtomo Robo-Tom The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31545 | Modelconverter Project | Path Traversal vulnerability in Modelconverter Project Modelconverter 20210426 The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31546 | Glance Project | Path Traversal vulnerability in Glance Project Glance 20140627 The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31547 | Sphere Project | Path Traversal vulnerability in Sphere Project Sphere 20200531 The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31548 | Homepage Project | Path Traversal vulnerability in Homepage Project Homepage 20170306 The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31549 | Helm Flask Celery Project | Path Traversal vulnerability in Helm-Flask-Celery Project Helm-Flask-Celery The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31550 | Python Athena Stack Project | Path Traversal vulnerability in Python Athena Stack Project Python Athena Stack 20191108 The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31551 | Flask Mongo Skel Project | Path Traversal vulnerability in Flask-Mongo-Skel Project Flask-Mongo-Skel 20121101 The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31552 | Anuvaad Corpus Project | Path Traversal vulnerability in Anuvaad-Corpus Project Anuvaad-Corpus 20201123 The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31553 | Sleep Learner Project | Path Traversal vulnerability in Sleep Learner Project Sleep Learner 20210221 The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31554 | Movie Review Sentiment Analysis Project | Path Traversal vulnerability in Movie-Review-Sentiment-Analysis Project Movie-Review-Sentiment-Analysis 20170507 The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31555 | Nurse Quest Project | Path Traversal vulnerability in Nurse Quest Project Nurse Quest 20180222 The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31556 | Trainenergyserver Project | Path Traversal vulnerability in Trainenergyserver Project Trainenergyserver 20170803 The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31557 | Golem Project | Path Traversal vulnerability in Golem Project Golem 20160517 The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31558 | Shiva Server Project | Path Traversal vulnerability in Shiva-Server Project Shiva-Server The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31559 | Flask Yeoman Project | Path Traversal vulnerability in Flask-Yeoman Project Flask-Yeoman 20130913 The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31560 | Photo TAG Project | Path Traversal vulnerability in Photo TAG Project Photo TAG 20200831 The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31561 | Sphere Imagebackend Project | Path Traversal vulnerability in Sphere Imagebackend Project Sphere Imagebackend 20191003 The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31562 | Internshipsystem Project | Path Traversal vulnerability in Internshipsystem Project Internshipsystem 20180522 The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31563 | Vprj Project | Path Traversal vulnerability in Vprj Project Vprj 20220406 The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31564 | Munhak | Path Traversal vulnerability in Munhak Munhak-Moa The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31565 | Syrabond Project | Path Traversal vulnerability in Syrabond Project Syrabond 20200525 The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31567 | Data Stream Algorithm Benchmark Project | Path Traversal vulnerability in Data Stream Algorithm Benchmark Project Data Stream Algorithm Benchmark 1.0/2.0/2.1 The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31568 | Rexians | Path Traversal vulnerability in Rexians Rex-Web 20220605 The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31571 | Python Flask Restful API Project | Path Traversal vulnerability in Python-Flask-Restful-Api Project Python-Flask-Restful-Api 20190916 The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31572 | Cockybook Project | Path Traversal vulnerability in Cockybook Project Cockybook 20150416 The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31573 | Chainer | Path Traversal vulnerability in Chainer Chainerrl-Visualizer 0.1.1 The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31574 | Realestate Project | Path Traversal vulnerability in Realestate Project Realestate 20181130 The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31575 | Livro Python Project | Path Traversal vulnerability in Livro Python Project Livro Python 20180606 The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31576 | Shackerpanel Project | Path Traversal vulnerability in Shackerpanel Project Shackerpanel 20210525 The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31577 | Audio Aligner APP Project | Path Traversal vulnerability in Audio Aligner APP Project Audio Aligner APP 20200110 The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31579 | Iasset Project | Path Traversal vulnerability in Iasset Project Iasset 20220504 The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31580 | Caretakerr API Project | Path Traversal vulnerability in Caretakerr-Api Project Caretakerr-Api 20210517 The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31581 | Scorelab | Path Traversal vulnerability in Scorelab Openmf The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31582 | Videoserver Project | Path Traversal vulnerability in Videoserver Project Videoserver 20190921 The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31583 | Automatedquizeval Project | Path Traversal vulnerability in Automatedquizeval Project Automatedquizeval 20200427 The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31584 | S3Label Project | Path Traversal vulnerability in S3Label Project S3Label 20190814 The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31585 | Home Internet Project | Path Traversal vulnerability in Home Internet Project Home Internet 20200828 The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31586 | Changepop Back Project | Path Traversal vulnerability in Changepop-Back Project Changepop-Back 20190604 The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31587 | KG Fashion Chatbot Project | Path Traversal vulnerability in Kg-Fashion-Chatbot Project Kg-Fashion-Chatbot 20180522 The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-11 | CVE-2022-31588 | Testplatform Project | Path Traversal vulnerability in Testplatform Project Testplatform The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 9.3 |
2022-07-15 | CVE-2022-35409 | ARM Debian | Out-of-bounds Read vulnerability in multiple products An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. | 9.1 |
2022-07-14 | CVE-2022-25800 | Bestpractical | Server-Side Request Forgery (SSRF) vulnerability in Bestpractical Request Tracker for Incident Response Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool. | 9.1 |
2022-07-14 | CVE-2022-25801 | Bestpractical | Server-Side Request Forgery (SSRF) vulnerability in Bestpractical Request Tracker for Incident Response Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools. | 9.1 |
2022-07-12 | CVE-2022-34737 | Huawei | Incorrect Default Permissions vulnerability in Huawei Emui, Harmonyos and Magic UI The application security module has a vulnerability in permission assignment. | 9.1 |
2022-07-12 | CVE-2021-44222 | Siemens | Missing Authentication for Critical Function vulnerability in Siemens Simatic Easie Core Package A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). | 9.1 |
2022-07-11 | CVE-2022-31140 | Cuyz | Unspecified vulnerability in Cuyz Valinor Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. | 9.1 |
187 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-07-17 | CVE-2022-26481 | Poly | OS Command Injection vulnerability in Poly products An issue was discovered in Poly Studio before 3.7.0. | 8.8 |
2022-07-17 | CVE-2022-30981 | Gentics | Deserialization of Untrusted Data vulnerability in Gentics CMS 5.43.0 An issue was discovered in Gentics CMS before 5.43.1. | 8.8 |
2022-07-17 | CVE-2022-31208 | Infiray | Unspecified vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957 An issue was discovered in Infiray IRAY-A8Z3 1.0.957. | 8.8 |
2022-07-17 | CVE-2022-30550 | Dovecot Debian | Improper Authentication vulnerability in multiple products An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. | 8.8 |
2022-07-17 | CVE-2022-32320 | Getferdi Ferdium | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file. | 8.8 |
2022-07-17 | CVE-2022-1672 | Insights From Google Pagespeed Project | Unspecified vulnerability in Insights From Google Pagespeed Project Insights From Google Pagespeed The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks | 8.8 |
2022-07-15 | CVE-2021-36461 | Microweber | Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.3 An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini. | 8.8 |
2022-07-15 | CVE-2022-30243 | Honeywell | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Honeywell Alterton Visual Logic Firmware Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. | 8.8 |
2022-07-15 | CVE-2022-32119 | Arox | Unrestricted Upload of File with Dangerous Type vulnerability in Arox School ERP PRO 1.0 Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php. | 8.8 |
2022-07-14 | CVE-2022-32415 | Product Show Room Site Project | SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=. | 8.8 |
2022-07-14 | CVE-2022-30024 | TP Link | Classic Buffer Overflow vulnerability in Tp-Link products A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network. | 8.8 |
2022-07-14 | CVE-2022-28374 | Verizon | OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0 Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal. | 8.8 |
2022-07-13 | CVE-2022-32114 | Strapi | Unrestricted Upload of File with Dangerous Type vulnerability in Strapi 4.1.12 An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file. | 8.8 |
2022-07-13 | CVE-2022-34753 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Spacelogic C-Bus Home Controller Firmware A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised. | 8.8 |
2022-07-12 | CVE-2022-1025 | Argoproj | Unspecified vulnerability in Argoproj Argo CD All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. | 8.8 |
2022-07-12 | CVE-2022-31593 | SAP | Unspecified vulnerability in SAP Business ONE 10.0 SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application. | 8.8 |
2022-07-12 | CVE-2022-35228 | SAP | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted. | 8.8 |
2022-07-12 | CVE-2022-2385 | Kubernetes | Unspecified vulnerability in Kubernetes Aws-Iam-Authenticator A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges. | 8.8 |
2022-07-12 | CVE-2022-2297 | Oretnom23 | Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Clinic'S Patient Management System 2.0 A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. | 8.8 |
2022-07-12 | CVE-2021-38289 | Novastar | Incorrect Permission Assignment for Critical Resource vulnerability in Novastar Novaicare 7.16.0 An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete users, view roles, and other unspecified impacts. | 8.8 |
2022-07-11 | CVE-2022-31138 | Mailcow | Unspecified vulnerability in Mailcow Mailcow: Dockerized mailcow is a mailserver suite. | 8.8 |
2022-07-11 | CVE-2022-35414 | Qemu Debian | Use of Uninitialized Resource vulnerability in multiple products softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash. | 8.8 |
2022-07-15 | CVE-2022-31097 | Grafana Netapp | Cross-site Scripting vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. | 8.7 |
2022-07-11 | CVE-2022-31566 | Data Stream Algorithm Benchmark Project | Path Traversal vulnerability in Data Stream Algorithm Benchmark Project Data Stream Algorithm Benchmark The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 8.6 |
2022-07-13 | CVE-2019-10761 | VM2 Project | Uncontrolled Recursion vulnerability in VM2 Project VM2 This affects the package vm2 before 3.6.11. | 8.3 |
2022-07-17 | CVE-2022-26656 | Pexip | Unspecified vulnerability in Pexip Infinity Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join. | 8.2 |
2022-07-17 | CVE-2022-27933 | Pexip | Unspecified vulnerability in Pexip Infinity Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. | 8.2 |
2022-07-15 | CVE-2021-34987 | Parallels | Unspecified vulnerability in Parallels Desktop 16.5.1 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 (49187). | 8.2 |
2022-07-14 | CVE-2022-32212 | Nodejs Debian Fedoraproject Siemens | OS Command Injection vulnerability in multiple products A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. | 8.1 |
2022-07-12 | CVE-2022-24800 | Octobercms | Unspecified vulnerability in Octobercms October October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. | 8.1 |
2022-07-11 | CVE-2020-35164 | Dell Oracle | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. | 8.1 |
2022-07-11 | CVE-2022-30602 | Cybozu | Unspecified vulnerability in Cybozu Garoon Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files. | 8.1 |
2022-07-15 | CVE-2022-30244 | Honeywell | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Honeywell Alerton Ascent Control Module Firmware Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users. | 8.0 |
2022-07-15 | CVE-2022-2418 | Eveo | Unrestricted Upload of File with Dangerous Type vulnerability in Eveo Urve web Manager A vulnerability was found in URVE Web Manager. | 8.0 |
2022-07-15 | CVE-2022-2419 | Eveo | Unrestricted Upload of File with Dangerous Type vulnerability in Eveo Urve web Manager A vulnerability was found in URVE Web Manager. | 8.0 |
2022-07-15 | CVE-2022-2420 | Eveo | Unrestricted Upload of File with Dangerous Type vulnerability in Eveo Urve web Manager A vulnerability was found in URVE Web Manager. | 8.0 |
2022-07-12 | CVE-2022-33137 | Siemens | Insufficient Session Expiration vulnerability in Siemens products A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). | 8.0 |
2022-07-17 | CVE-2022-28807 | Opendesign | Out-of-bounds Read vulnerability in Opendesign Drawings SDK An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. | 7.8 |
2022-07-17 | CVE-2022-28808 | Opendesign | Out-of-bounds Read vulnerability in Opendesign Drawings SDK An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. | 7.8 |
2022-07-17 | CVE-2022-28809 | Opendesign | Missing Authentication for Critical Function vulnerability in Opendesign Drawings SDK An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. | 7.8 |
2022-07-17 | CVE-2022-35861 | Pyenv | Path Traversal vulnerability in Pyenv pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory. | 7.8 |
2022-07-17 | CVE-2020-7641 | Grunt Util Property Project | Unspecified vulnerability in Grunt-Util-Property Project Grunt-Util-Property 0.0.1/0.0.2 This affects all versions of package grunt-util-property. | 7.8 |
2022-07-15 | CVE-2022-32434 | Opener Project | Out-of-bounds Write vulnerability in Opener Project Opener 2.3.0 EIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow via /bin/posix/src/ports/POSIX/OpENer+0x56073d. | 7.8 |
2022-07-15 | CVE-2021-34986 | Parallels | Unspecified vulnerability in Parallels Desktop 16.5.0 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 (49183). | 7.8 |
2022-07-15 | CVE-2022-34216 | Adobe | Unspecified vulnerability in Adobe products Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-07-15 | CVE-2022-34217 | Adobe | Unspecified vulnerability in Adobe products Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-07-15 | CVE-2022-34219 | Adobe | Unspecified vulnerability in Adobe products Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-07-15 | CVE-2022-34220 | Adobe | Unspecified vulnerability in Adobe products Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-07-15 | CVE-2022-34221 | Adobe | Unspecified vulnerability in Adobe products Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-07-15 | CVE-2022-34230 | Adobe | Use After Free vulnerability in Adobe products Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-07-15 | CVE-2022-34245 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-07-15 | CVE-2022-34246 | Adobe | Unspecified vulnerability in Adobe Indesign Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-07-15 | CVE-2022-34247 | Adobe | Unspecified vulnerability in Adobe Indesign Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-07-15 | CVE-2022-34249 | Adobe | Unspecified vulnerability in Adobe Incopy Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-07-15 | CVE-2022-34250 | Adobe | Unspecified vulnerability in Adobe Incopy Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-07-15 | CVE-2022-34251 | Adobe | Unspecified vulnerability in Adobe Incopy Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-07-14 | CVE-2021-26384 | AMD | Out-of-bounds Write vulnerability in AMD products A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources. | 7.8 |
2022-07-14 | CVE-2021-45492 | Sage | Incorrect Permission Assignment for Critical Resource vulnerability in Sage 300 In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. | 7.8 |
2022-07-13 | CVE-2022-32117 | Jerryscript | Out-of-bounds Write vulnerability in Jerryscript 2.4.0 Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c. | 7.8 |
2022-07-13 | CVE-2022-20212 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0 In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack. | 7.8 | |
2022-07-13 | CVE-2022-20218 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 12.0/12.1 In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code. | 7.8 | |
2022-07-13 | CVE-2022-20220 | Path Traversal vulnerability in Google Android 12.0/12.1 In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error. | 7.8 | |
2022-07-13 | CVE-2022-20223 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. | 7.8 | |
2022-07-12 | CVE-2022-29187 | GIT SCM Fedoraproject Apple Debian | Git is a distributed revision control system. | 7.8 |
2022-07-12 | CVE-2022-31591 | SAP | Unspecified vulnerability in SAP Businessobjects BW Publisher Service 420/430 SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element. | 7.8 |
2022-07-12 | CVE-2021-36665 | Druva | Deserialization of Untrusted Data vulnerability in Druva Insync Client An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon. | 7.8 |
2022-07-12 | CVE-2021-36666 | Druva | Untrusted Search Path vulnerability in Druva Insync Client An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission. | 7.8 |
2022-07-12 | CVE-2021-36667 | Druva | OS Command Injection vulnerability in Druva Insync Client Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library. | 7.8 |
2022-07-12 | CVE-2021-36668 | Druva | Injection vulnerability in Druva Insync Client URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App. | 7.8 |
2022-07-12 | CVE-2022-30754 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker. | 7.8 | |
2022-07-12 | CVE-2022-30755 | Improper Authentication vulnerability in Google Android 10.0/11.0/12.0 Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent. | 7.8 | |
2022-07-12 | CVE-2022-30756 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder. | 7.8 | |
2022-07-12 | CVE-2022-33695 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0/11.0/12.0 Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service. | 7.8 | |
2022-07-12 | CVE-2022-33703 | Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0 Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. | 7.8 | |
2022-07-12 | CVE-2022-33704 | Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0 Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities. | 7.8 | |
2022-07-12 | CVE-2022-33708 | Samsung | Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4 Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | 7.8 |
2022-07-12 | CVE-2022-33709 | Samsung | Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4 Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | 7.8 |
2022-07-12 | CVE-2022-33710 | Samsung | Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4 Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | 7.8 |
2022-07-12 | CVE-2022-34272 | Siemens | Out-of-bounds Read vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 7.8 |
2022-07-12 | CVE-2022-34273 | Siemens | Out-of-bounds Write vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 7.8 |
2022-07-12 | CVE-2022-34274 | Siemens | Out-of-bounds Write vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 7.8 |
2022-07-12 | CVE-2022-34275 | Siemens | Out-of-bounds Write vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 7.8 |
2022-07-12 | CVE-2022-34276 | Siemens | Out-of-bounds Write vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 7.8 |
2022-07-12 | CVE-2022-34277 | Siemens | Out-of-bounds Read vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 7.8 |
2022-07-12 | CVE-2022-34278 | Siemens | Out-of-bounds Read vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 7.8 |
2022-07-12 | CVE-2022-34279 | Siemens | Out-of-bounds Read vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 7.8 |
2022-07-12 | CVE-2022-34280 | Siemens | Out-of-bounds Read vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 7.8 |
2022-07-12 | CVE-2022-34281 | Siemens | Out-of-bounds Read vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 7.8 |
2022-07-12 | CVE-2022-34284 | Siemens | Out-of-bounds Write vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 7.8 |
2022-07-12 | CVE-2022-34286 | Siemens | Out-of-bounds Write vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 7.8 |
2022-07-12 | CVE-2022-34289 | Siemens | Out-of-bounds Write vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 7.8 |
2022-07-12 | CVE-2022-34465 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.250), Parasolid V34.1 (All versions < V34.1.233), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-07-12 | CVE-2022-34748 | Siemens | Out-of-bounds Write vulnerability in Siemens Simcenter Femap A vulnerability has been identified in Simcenter Femap (All versions < V2022.2). | 7.8 |
2022-07-17 | CVE-2021-40150 | Reolink | Files or Directories Accessible to External Parties vulnerability in Reolink E1 Zoom Firmware 3.0.0.716 The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. | 7.5 |
2022-07-17 | CVE-2022-31212 | Dbus Broker Project | Out-of-bounds Read vulnerability in Dbus-Broker Project Dbus-Broker An issue was discovered in dbus-broker before 31. | 7.5 |
2022-07-17 | CVE-2022-31213 | Dbus Broker Project | NULL Pointer Dereference vulnerability in Dbus-Broker Project Dbus-Broker An issue was discovered in dbus-broker before 31. | 7.5 |
2022-07-17 | CVE-2022-33903 | Torproject | Unspecified vulnerability in Torproject TOR Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. | 7.5 |
2022-07-17 | CVE-2022-29286 | Pexip | Allocation of Resources Without Limits or Throttling vulnerability in Pexip Infinity Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling. | 7.5 |
2022-07-17 | CVE-2022-32263 | Pexip | Unspecified vulnerability in Pexip Infinity Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719. | 7.5 |
2022-07-17 | CVE-2022-26654 | Pexip | Unspecified vulnerability in Pexip Infinity Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP. | 7.5 |
2022-07-17 | CVE-2022-26655 | Pexip | Improper Input Validation vulnerability in Pexip Infinity 27.0/27.1/27.2 Pexip Infinity 27.x before 27.3 has Improper Input Validation. | 7.5 |
2022-07-17 | CVE-2022-26657 | Pexip | Unspecified vulnerability in Pexip Infinity Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. | 7.5 |
2022-07-17 | CVE-2022-27928 | Pexip | Unspecified vulnerability in Pexip Infinity 27.0/27.1/27.2 Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol. | 7.5 |
2022-07-17 | CVE-2022-27929 | Pexip | Unspecified vulnerability in Pexip Infinity 27.0/27.1/27.2 Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP. | 7.5 |
2022-07-17 | CVE-2022-27931 | Pexip | Unspecified vulnerability in Pexip Infinity Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol. | 7.5 |
2022-07-17 | CVE-2022-27932 | Pexip | Unspecified vulnerability in Pexip Infinity Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join. | 7.5 |
2022-07-17 | CVE-2022-27934 | Pexip | Unspecified vulnerability in Pexip Infinity Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP. | 7.5 |
2022-07-17 | CVE-2022-27935 | Pexip | Unspecified vulnerability in Pexip Infinity Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth. | 7.5 |
2022-07-17 | CVE-2022-27936 | Pexip | Unspecified vulnerability in Pexip Infinity Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323. | 7.5 |
2022-07-17 | CVE-2022-27937 | Pexip | Resource Exhaustion vulnerability in Pexip Infinity Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264. | 7.5 |
2022-07-17 | CVE-2021-24655 | Wpusermanager | Unspecified vulnerability in Wpusermanager WP User Manager The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. | 7.5 |
2022-07-16 | CVE-2017-20136 | Itechscripts | SQL Injection vulnerability in Itechscripts Classifieds Script 7.27 A vulnerability classified as critical has been found in Itech Classifieds Script 7.27. | 7.5 |
2022-07-16 | CVE-2017-20137 | Itechscripts | SQL Injection vulnerability in Itechscripts B2B Script 4.28 A vulnerability was found in Itech B2B Script 4.28. | 7.5 |
2022-07-16 | CVE-2021-34538 | Apache | Missing Authentication for Critical Function vulnerability in Apache Hive Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query. | 7.5 |
2022-07-15 | CVE-2022-25858 | Terser | Unspecified vulnerability in Terser The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions. | 7.5 |
2022-07-15 | CVE-2022-25891 | Containrrr | Unspecified vulnerability in Containrrr Shoutrrr The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. | 7.5 |
2022-07-15 | CVE-2022-30634 | Golang Netapp | Infinite Loop vulnerability in multiple products Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. | 7.5 |
2022-07-15 | CVE-2022-31157 | Packback | Use of Insufficiently Random Values vulnerability in Packback LTI 1.3 Tool Library LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. | 7.5 |
2022-07-15 | CVE-2022-31158 | Packback | Authentication Bypass by Capture-replay vulnerability in Packback LTI 1.3 Tool Library LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. | 7.5 |
2022-07-15 | CVE-2022-23141 | ZTE | Information Exposure Through Log Files vulnerability in ZTE Zxmp M721 Firmware Commond21Bootv100004Ls1045 ZXMP M721 has an information leak vulnerability. | 7.5 |
2022-07-15 | CVE-2022-31107 | Grafana Netapp | Grafana is an open-source platform for monitoring and observability. | 7.5 |
2022-07-14 | CVE-2022-32389 | Isode | Use of Hard-coded Credentials vulnerability in Isode Swift 4.0.2 Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor. | 7.5 |
2022-07-14 | CVE-2022-31147 | Jqueryvalidation | Unspecified vulnerability in Jqueryvalidation Jquery Validation The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms. | 7.5 |
2022-07-14 | CVE-2022-32297 | Piwigo | SQL Injection vulnerability in Piwigo Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function. | 7.5 |
2022-07-14 | CVE-2022-32298 | Toybox Project | NULL Pointer Dereference vulnerability in Toybox Project Toybox 0.8.7 Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c. | 7.5 |
2022-07-14 | CVE-2022-31142 | Fastify | Information Exposure Through Discrepancy vulnerability in Fastify Bearer-Auth @fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers. | 7.5 |
2022-07-14 | CVE-2022-22452 | IBM | Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. | 7.5 |
2022-07-14 | CVE-2022-22453 | IBM | Inadequate Encryption Strength vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 7.5 |
2022-07-14 | CVE-2022-22460 | IBM | Unspecified vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system. | 7.5 |
2022-07-14 | CVE-2020-14127 | MI | Out-of-bounds Write vulnerability in MI Miui A denial of service vulnerability exists in some Xiaomi models of phones. | 7.5 |
2022-07-14 | CVE-2022-28876 | F Secure | Unspecified vulnerability in F-Secure products A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine. | 7.5 |
2022-07-14 | CVE-2022-28370 | Verizon | Insufficient Verification of Data Authenticity vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0 On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device. | 7.5 |
2022-07-14 | CVE-2022-28371 | Verizon | Use of Hard-coded Credentials vulnerability in Verizon products On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control. | 7.5 |
2022-07-14 | CVE-2022-28372 | Verizon | Unrestricted Upload of File with Dangerous Type vulnerability in Verizon products On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage. | 7.5 |
2022-07-14 | CVE-2022-28377 | Verizon | Weak Password Requirements vulnerability in Verizon products On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. | 7.5 |
2022-07-13 | CVE-2022-34759 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers. | 7.5 |
2022-07-13 | CVE-2022-34760 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies. | 7.5 |
2022-07-13 | CVE-2022-34761 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type. | 7.5 |
2022-07-13 | CVE-2022-34762 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. | 7.5 |
2022-07-13 | CVE-2022-34763 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature. | 7.5 |
2022-07-13 | CVE-2022-34764 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL. | 7.5 |
2022-07-13 | CVE-2022-20224 | Out-of-bounds Read vulnerability in Google Android In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check. | 7.5 | |
2022-07-13 | CVE-2022-20234 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 12.1 In Car Settings app, the NotificationAccessConfirmationActivity is exported. | 7.5 | |
2022-07-13 | CVE-2022-20236 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709 | 7.5 | |
2022-07-13 | CVE-2022-22982 | Vmware | Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 6.5/6.7/7.0 The vCenter Server contains a server-side request forgery (SSRF) vulnerability. | 7.5 |
2022-07-13 | CVE-2022-32096 | Rhonabwy Project | Classic Buffer Overflow vulnerability in Rhonabwy Project Rhonabwy Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. | 7.5 |
2022-07-13 | CVE-2022-31781 | Apache | Unspecified vulnerability in Apache Tapestry Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. | 7.5 |
2022-07-12 | CVE-2022-35403 | Zohocorp | Unspecified vulnerability in Zohocorp products Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email. | 7.5 |
2022-07-12 | CVE-2022-1737 | Pyramidsolutions | Unspecified vulnerability in Pyramidsolutions products Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition. | 7.5 |
2022-07-12 | CVE-2022-22998 | Westerndigital | Insufficiently Protected Credentials vulnerability in Westerndigital MY Cloud Home DUO Firmware and MY Cloud Home Firmware Implemented protections on AWS credentials that were not properly protected. | 7.5 |
2022-07-12 | CVE-2022-28771 | SAP | Unspecified vulnerability in SAP Business ONE License Service API 10.0 Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network. | 7.5 |
2022-07-12 | CVE-2022-32249 | SAP | Unspecified vulnerability in SAP Business ONE 10.0 Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials) | 7.5 |
2022-07-12 | CVE-2022-35168 | SAP | Unspecified vulnerability in SAP Business ONE 10.0 Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative. | 7.5 |
2022-07-12 | CVE-2020-4157 | IBM | Use of Hard-coded Credentials vulnerability in IBM Qradar Network Security 5.4.0/5.5.0 IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
2022-07-12 | CVE-2020-4159 | IBM | Information Exposure vulnerability in IBM Qradar Network Security 5.4.0/5.5.0 IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system. | 7.5 |
2022-07-12 | CVE-2021-39999 | Huawei | Classic Buffer Overflow vulnerability in Huawei Ese620X Vess Firmware V100R001C10Spc200/V100R001C20Spc200 There is a buffer overflow vulnerability in eSE620X vESS V100R001C10SPC200 and V100R001C20SPC200. | 7.5 |
2022-07-12 | CVE-2021-40012 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI Vulnerability of pointers being incorrectly used during data transmission in the video framework. | 7.5 |
2022-07-12 | CVE-2021-41396 | Live555 | Out-of-bounds Write vulnerability in Live555 Live555 through 1.08 does not handle socket connections properly. | 7.5 |
2022-07-12 | CVE-2021-46741 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The basic framework and setting module have defects, which were introduced during the design. | 7.5 |
2022-07-12 | CVE-2022-33173 | Couchbase | Unspecified vulnerability in Couchbase Server An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4. | 7.5 |
2022-07-12 | CVE-2022-33713 | Samsung | Unspecified vulnerability in Samsung Cloud 4.7.0.3/5.1.0.8 Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information. | 7.5 |
2022-07-12 | CVE-2022-34735 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The frame scheduling module has a null pointer dereference vulnerability. | 7.5 |
2022-07-12 | CVE-2022-34736 | Huawei | NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos The frame scheduling module has a null pointer dereference vulnerability. | 7.5 |
2022-07-12 | CVE-2022-34738 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The SystemUI module has a vulnerability in permission control. | 7.5 |
2022-07-12 | CVE-2022-34739 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The fingerprint module has a vulnerability of overflow in arithmetic addition. | 7.5 |
2022-07-12 | CVE-2022-34742 | Huawei | Out-of-bounds Write vulnerability in Huawei Emui, Harmonyos and Magic UI The system module has a read/write vulnerability. | 7.5 |
2022-07-12 | CVE-2022-34743 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui, Harmonyos and Magic UI The AT commands of the USB port have an out-of-bounds read vulnerability. | 7.5 |
2022-07-12 | CVE-2021-44221 | Siemens | Improper Input Validation vulnerability in Siemens Simatic Easie Core Package A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). | 7.5 |
2022-07-12 | CVE-2022-29884 | Siemens | Missing Release of Resource after Effective Lifetime vulnerability in Siemens products A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30). | 7.5 |
2022-07-12 | CVE-2022-30938 | Siemens | Out-of-bounds Write vulnerability in Siemens products A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). | 7.5 |
2022-07-12 | CVE-2022-31257 | Mendix | Unspecified vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12). | 7.5 |
2022-07-12 | CVE-2022-33138 | Siemens | Missing Authentication for Critical Function vulnerability in Siemens products A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3). | 7.5 |
2022-07-12 | CVE-2022-33736 | Siemens | Improper Authentication vulnerability in Siemens Opcenter Quality A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624). | 7.5 |
2022-07-11 | CVE-2020-29505 | Dell Oracle | Insufficient Entropy vulnerability in multiple products Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability. | 7.5 |
2022-07-11 | CVE-2022-31073 | Linuxfoundation | Unspecified vulnerability in Linuxfoundation Kubeedge KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. | 7.5 |
2022-07-11 | CVE-2022-31139 | Unsafe Accessor Project | Incorrect Authorization vulnerability in Unsafe Accessor Project Unsafe Accessor UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. | 7.5 |
2022-07-11 | CVE-2022-31578 | BT Lnmp Project | Path Traversal vulnerability in BT Lnmp Project BT Lnmp 20191010 The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely. | 7.5 |
2022-07-17 | CVE-2022-30622 | Chcnav | Use of Hard-coded Credentials vulnerability in Chcnav P5E Gnss Firmware 4.1/4.2 Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system. | 7.3 |
2022-07-14 | CVE-2022-32323 | Autotrace Project Fedoraproject | Out-of-bounds Write vulnerability in multiple products AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660. | 7.3 |
2022-07-14 | CVE-2022-32223 | Nodejs | Uncontrolled Search Path Element vulnerability in Nodejs Node.Js Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability. | 7.3 |
2022-07-12 | CVE-2022-31012 | Gitforwindows | Unspecified vulnerability in Gitforwindows GIT 2.34.1 Git for Windows is a fork of Git that contains Windows-specific patches. | 7.3 |
2022-07-17 | CVE-2022-26482 | Poly | OS Command Injection vulnerability in Poly Eagleeye Director II Firmware An issue was discovered in Poly EagleEye Director II before 2.2.2.1. | 7.2 |
2022-07-16 | CVE-2022-36126 | Inductiveautomation | Incorrect Authorization vulnerability in Inductiveautomation Ignition An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. | 7.2 |
2022-07-14 | CVE-2022-32416 | Product Show Room Site Project | SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0 Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product. | 7.2 |
2022-07-12 | CVE-2022-2262 | Online Hotel Booking Project | SQL Injection vulnerability in Online Hotel Booking Project Online Hotel Booking 1.0 A vulnerability has been found in Online Hotel Booking System 1.0 and classified as critical. | 7.2 |
2022-07-12 | CVE-2022-2263 | Online Hotel Booking Project | SQL Injection vulnerability in Online Hotel Booking Project Online Hotel Booking 1.0 A vulnerability was found in Online Hotel Booking System 1.0 and classified as critical. | 7.2 |
2022-07-12 | CVE-2022-29560 | Siemens | Command Injection vulnerability in Siemens products A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1). | 7.2 |
193 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-07-15 | CVE-2022-30242 | Honeywell | Unspecified vulnerability in Honeywell Alerton Ascent Control Module Firmware Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users. | 6.8 |
2022-07-13 | CVE-2022-34754 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials. | 6.8 |
2022-07-17 | CVE-2022-31202 | Monitoringsoft | Path Traversal vulnerability in Monitoringsoft Softguard web The export function in SoftGuard Web (SGW) before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl. | 6.5 |
2022-07-17 | CVE-2021-46784 | Squid Cache Debian | Reachable Assertion vulnerability in multiple products In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses. | 6.5 |
2022-07-17 | CVE-2022-31260 | Montala | Missing Authentication for Critical Function vulnerability in Montala Resourcespace In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value. | 6.5 |
2022-07-15 | CVE-2022-31153 | Openzeppelin | Incorrect Authorization vulnerability in Openzeppelin Contracts 0.2.0 OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. | 6.5 |
2022-07-15 | CVE-2022-31159 | Amazon | Unspecified vulnerability in Amazon Aws-Sdk-Java The AWS SDK for Java enables Java developers to work with Amazon Web Services. | 6.5 |
2022-07-15 | CVE-2022-30245 | Honeywell | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Honeywell Alerton Compass 1.6.5 Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. | 6.5 |
2022-07-14 | CVE-2022-23825 | Debian Fedoraproject AMD Vmware | Exposure of Resource to Wrong Sphere vulnerability in multiple products Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | 6.5 |
2022-07-14 | CVE-2022-2401 | Mattermost | Information Exposure vulnerability in Mattermost Server Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs. | 6.5 |
2022-07-14 | CVE-2022-2406 | Mattermost | Allocation of Resources Without Limits or Throttling vulnerability in Mattermost The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API. | 6.5 |
2022-07-14 | CVE-2021-39017 | IBM | Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. | 6.5 |
2022-07-14 | CVE-2021-39019 | IBM | Information Exposure vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. | 6.5 |
2022-07-14 | CVE-2022-35283 | IBM | Unspecified vulnerability in IBM Security Verify Information Queue 10.0.2 IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request. | 6.5 |
2022-07-14 | CVE-2022-32210 | Nodejs | Improper Certificate Validation vulnerability in Nodejs Undici `Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy. | 6.5 |
2022-07-14 | CVE-2022-32213 | Llhttp Nodejs Fedoraproject Siemens Debian Stormshield | HTTP Request Smuggling vulnerability in multiple products The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). | 6.5 |
2022-07-14 | CVE-2022-32214 | Llhttp Nodejs Debian Stormshield | HTTP Request Smuggling vulnerability in multiple products The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. | 6.5 |
2022-07-14 | CVE-2022-32215 | Nodejs Llhttp Fedoraproject Siemens Debian Stormshield | HTTP Request Smuggling vulnerability in multiple products The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. | 6.5 |
2022-07-13 | CVE-2022-31145 | Flyte | Unspecified vulnerability in Flyte Flyteadmin FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions. | 6.5 |
2022-07-13 | CVE-2022-20217 | Unspecified vulnerability in Google Android There is a unauthorized broadcast in the SprdContactsProvider. | 6.5 | |
2022-07-13 | CVE-2022-20221 | Out-of-bounds Read vulnerability in Google Android In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. | 6.5 | |
2022-07-13 | CVE-2022-20228 | Use After Free vulnerability in Google Android 12.0/12.1 In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. | 6.5 | |
2022-07-13 | CVE-2019-10800 | Codecov | Argument Injection or Modification vulnerability in Codecov Codecov-Python This affects the package codecov before 2.0.16. | 6.5 |
2022-07-12 | CVE-2022-29619 | SAP | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted. | 6.5 |
2022-07-12 | CVE-2022-2211 | Libguestfs Redhat | Classic Buffer Overflow vulnerability in multiple products A vulnerability was found in libguestfs. | 6.5 |
2022-07-12 | CVE-2022-29900 | XEN Debian Fedoraproject AMD | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. | 6.5 |
2022-07-12 | CVE-2022-29901 | Intel XEN Fedoraproject Vmware Debian | Exposure of Resource to Wrong Sphere vulnerability in multiple products Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. | 6.5 |
2022-07-12 | CVE-2021-40013 | Huawei | Unspecified vulnerability in Huawei Emui and Magic UI Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity. | 6.5 |
2022-07-12 | CVE-2021-40016 | Huawei | Unspecified vulnerability in Huawei Emui and Magic UI Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality. | 6.5 |
2022-07-12 | CVE-2022-34740 | Huawei | Classic Buffer Overflow vulnerability in Huawei Emui, Harmonyos and Magic UI The NFC module has a buffer overflow vulnerability. | 6.5 |
2022-07-12 | CVE-2022-34741 | Huawei | Classic Buffer Overflow vulnerability in Huawei Emui, Harmonyos and Magic UI The NFC module has a buffer overflow vulnerability. | 6.5 |
2022-07-12 | CVE-2022-34466 | Mendix | Expression Language Injection vulnerability in Mendix A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3). | 6.5 |
2022-07-12 | CVE-2022-34467 | Mendix | XML Entity Expansion vulnerability in Mendix Excel Importer A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2). | 6.5 |
2022-07-11 | CVE-2022-31075 | Linuxfoundation | Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Kubeedge KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. | 6.5 |
2022-07-11 | CVE-2022-31078 | Linuxfoundation | Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Kubeedge KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. | 6.5 |
2022-07-11 | CVE-2022-31079 | Linuxfoundation | Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Kubeedge KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. | 6.5 |
2022-07-11 | CVE-2022-31080 | Linuxfoundation | Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Kubeedge KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. | 6.5 |
2022-07-11 | CVE-2022-31074 | Linuxfoundation | Unspecified vulnerability in Linuxfoundation Kubeedge KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge. | 6.5 |
2022-07-11 | CVE-2022-1576 | Themeisle | Unspecified vulnerability in Themeisle WP Maintenance Mode & Coming Soon The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack | 6.5 |
2022-07-11 | CVE-2022-1599 | Admin Management Xtended Project | Cross-Site Request Forgery (CSRF) vulnerability in Admin Management Xtended Project Admin Management Xtended The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them. | 6.5 |
2022-07-11 | CVE-2022-1732 | Rename WP Login Project | Unspecified vulnerability in Rename Wp-Login Project Rename Wp-Login 2.6.0 The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack | 6.5 |
2022-07-11 | CVE-2022-2091 | Cache Images Project | Unspecified vulnerability in Cache Images Project Cache Images The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack. | 6.5 |
2022-07-11 | CVE-2022-29512 | Cybozu | Information Exposure vulnerability in Cybozu Garoon Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege. | 6.5 |
2022-07-17 | CVE-2022-1933 | Collect AND Deliver Interface FOR Woocommerce Project | Unspecified vulnerability in Collect and Deliver Interface for Woocommerce Project Collect and Deliver Interface for Woocommerce The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting | 6.1 |
2022-07-17 | CVE-2022-2090 | Flycart | Unspecified vulnerability in Flycart Discount Rules for Woocommerce The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting | 6.1 |
2022-07-17 | CVE-2022-2146 | Import CSV Files Project | Cross-Site Request Forgery (CSRF) vulnerability in Import CSV Files Project Import CSV Files The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting | 6.1 |
2022-07-17 | CVE-2022-2168 | Wpdownloadmanager | Unspecified vulnerability in Wpdownloadmanager Download Manager The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting | 6.1 |
2022-07-17 | CVE-2022-2173 | Sigmaplugin | Cross-site Scripting vulnerability in Sigmaplugin Advanced Database Cleaner The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting | 6.1 |
2022-07-17 | CVE-2022-2187 | Contact Form 7 Captcha Project | Unspecified vulnerability in Contact Form 7 Captcha Project Contact Form 7 Captcha 0.0.9 The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | 6.1 |
2022-07-15 | CVE-2022-25869 | Angularjs | Cross-site Scripting vulnerability in Angularjs Angular All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements. | 6.1 |
2022-07-15 | CVE-2022-23201 | Adobe | Unspecified vulnerability in Adobe Robohelp Adobe RoboHelp versions 2020.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2022-07-15 | CVE-2020-35305 | Gollum Project | Cross-site Scripting vulnerability in Gollum Project Gollum Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog. | 6.1 |
2022-07-15 | CVE-2022-32118 | Arox | Cross-site Scripting vulnerability in Arox School ERP PRO 1.0 Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php. | 6.1 |
2022-07-15 | CVE-2022-29890 | Octopus | Cross-site Scripting vulnerability in Octopus Server In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link. | 6.1 |
2022-07-14 | CVE-2022-34092 | Softwarepublico | Cross-site Scripting vulnerability in Softwarepublico I3Geo 7.0.5 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php. | 6.1 |
2022-07-14 | CVE-2022-34093 | Softwarepublico | Cross-site Scripting vulnerability in Softwarepublico I3Geo 7.0.5 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php. | 6.1 |
2022-07-14 | CVE-2022-34094 | Softwarepublico | Cross-site Scripting vulnerability in Softwarepublico I3Geo 7.0.5 Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php. | 6.1 |
2022-07-14 | CVE-2022-22477 | IBM | Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0 IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. | 6.1 |
2022-07-14 | CVE-2022-32225 | Veeam | Cross-site Scripting vulnerability in Veeam Management Pack 8.0 A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0. | 6.1 |
2022-07-14 | CVE-2022-25802 | Bestpractical | Cross-site Scripting vulnerability in Bestpractical Request Tracker Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment. | 6.1 |
2022-07-14 | CVE-2022-25803 | Bestpractical | Open Redirect vulnerability in Bestpractical Request Tracker Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search. | 6.1 |
2022-07-13 | CVE-2022-32308 | Ublock Origin Project | Cross-site Scripting vulnerability in Ublock Origin Project Ublock Origin Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process. | 6.1 |
2022-07-13 | CVE-2021-46827 | Sync | Cross-site Scripting vulnerability in Sync products An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. | 6.1 |
2022-07-12 | CVE-2022-30517 | Mogublog Project | Cross-site Scripting vulnerability in Mogublog Project Mogublog 5.2 Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS). | 6.1 |
2022-07-12 | CVE-2022-33156 | Matomo | Cross-site Scripting vulnerability in Matomo Integration The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS. | 6.1 |
2022-07-12 | CVE-2022-33157 | Libconnect Project | Cross-site Scripting vulnerability in Libconnect Project Libconnect The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS. | 6.1 |
2022-07-12 | CVE-2022-31102 | Argoproj | Unspecified vulnerability in Argoproj Argo CD Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. | 6.1 |
2022-07-12 | CVE-2022-32247 | SAP | Unspecified vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network. | 6.1 |
2022-07-12 | CVE-2022-35170 | SAP | Unspecified vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. | 6.1 |
2022-07-12 | CVE-2022-35172 | SAP | Unspecified vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2022-07-12 | CVE-2022-35224 | SAP | Unspecified vulnerability in SAP Enterprise Portal SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
2022-07-12 | CVE-2022-35225 | SAP | Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack. | 6.1 |
2022-07-12 | CVE-2022-35227 | SAP | Unspecified vulnerability in SAP Netweaver Enterprise Portal A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack. | 6.1 |
2022-07-12 | CVE-2022-25875 | Svelte | Cross-site Scripting vulnerability in Svelte The package svelte before 3.49.0 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Rendering). | 6.1 |
2022-07-12 | CVE-2022-25303 | Whoogle Search Project | Cross-site Scripting vulnerability in Whoogle-Search Project Whoogle-Search The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q. | 6.1 |
2022-07-12 | CVE-2022-31904 | Uberrider | Cross-site Scripting vulnerability in Uberrider Mediacenter EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Online_Update.php. | 6.1 |
2022-07-11 | CVE-2022-1220 | Foxy Shop | Unspecified vulnerability in Foxy-Shop Foxyshop The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-07-11 | CVE-2022-1474 | WP Eventmanager | Unspecified vulnerability in Wp-Eventmanager WP Event Manager The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-07-11 | CVE-2022-1546 | Visser | Unspecified vulnerability in Visser Woocommerce - Product Importer 1.5.2 The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-07-11 | CVE-2022-1910 | Averta | Unspecified vulnerability in Averta Shortcodes and Extra Features for Phlox Theme The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-07-11 | CVE-2022-1937 | Awin | Unspecified vulnerability in Awin Data Feed 1.6 The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting | 6.1 |
2022-07-11 | CVE-2022-1951 | Kitestudio | Unspecified vulnerability in Kitestudio Core Plugin for Kitestudio Themes The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected Cross-Site Scripting. | 6.1 |
2022-07-11 | CVE-2022-2092 | Wpovernight | Unspecified vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks. | 6.1 |
2022-07-11 | CVE-2022-35416 | H3C | Cross-site Scripting vulnerability in H3C SSL VPN H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS. | 6.1 |
2022-07-11 | CVE-2022-27168 | Litecart | Cross-site Scripting vulnerability in Litecart Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 6.1 |
2022-07-12 | CVE-2022-35169 | SAP | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430 SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application. | 6.0 |
2022-07-17 | CVE-2021-40149 | Reolink | Files or Directories Accessible to External Parties vulnerability in Reolink E1 Zoom Firmware 3.0.0.716 The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. | 5.9 |
2022-07-17 | CVE-2022-27930 | Pexip | Unspecified vulnerability in Pexip Infinity 27.0/27.1/27.2 Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed. | 5.9 |
2022-07-15 | CVE-2022-34826 | Couchbase | Information Exposure Through Log Files vulnerability in Couchbase Server 7.1.0 In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs. | 5.9 |
2022-07-14 | CVE-2022-29593 | Dingtian Tech | Authentication Bypass by Capture-replay vulnerability in Dingtian-Tech Dt-R004 Firmware 3.1.276A relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request. | 5.9 |
2022-07-14 | CVE-2022-2393 | PKI Core Project Redhat | A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled. | 5.7 |
2022-07-14 | CVE-2022-32406 | Gtkradiant Project | Classic Buffer Overflow vulnerability in Gtkradiant Project Gtkradiant 1.6.6 GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2. | 5.5 |
2022-07-14 | CVE-2021-4135 | Linux | Memory Leak vulnerability in Linux Kernel A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. | 5.5 |
2022-07-14 | CVE-2022-32317 | Mplayerhq | Use After Free vulnerability in Mplayerhq Mplayer 1.5 The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c. | 5.5 |
2022-07-14 | CVE-2022-1662 | Convert2Rhel Project | Information Exposure vulnerability in Convert2Rhel Project Convert2Rhel 0.24/0.25 In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel. | 5.5 |
2022-07-13 | CVE-2022-20219 | Cleartext Storage of Sensitive Information vulnerability in Google Android In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code. | 5.5 | |
2022-07-13 | CVE-2022-20225 | Missing Authorization vulnerability in Google Android In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check. | 5.5 | |
2022-07-13 | CVE-2022-20227 | Out-of-bounds Read vulnerability in Google Android In USB driver, there is a possible out of bounds read due to a heap buffer overflow. | 5.5 | |
2022-07-13 | CVE-2022-20230 | Improper Encoding or Escaping of Output vulnerability in Google Android In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. | 5.5 | |
2022-07-13 | CVE-2022-2380 | Linux | Out-of-bounds Write vulnerability in Linux Kernel The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function. | 5.5 |
2022-07-12 | CVE-2011-4916 | Linux | Information Exposure vulnerability in Linux Kernel Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*. | 5.5 |
2022-07-12 | CVE-2022-35171 | SAP | Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9 When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 5.5 |
2022-07-12 | CVE-2022-30758 | Incorrect Default Permissions vulnerability in Google Android 10.0/11.0/12.0 Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. | 5.5 | |
2022-07-12 | CVE-2022-33685 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. | 5.5 | |
2022-07-12 | CVE-2022-33702 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. | 5.5 | |
2022-07-12 | CVE-2022-33711 | Samsung | Improper Validation of Integrity Check Value vulnerability in Samsung Android USB Driver Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory junction. | 5.5 |
2022-07-12 | CVE-2022-34282 | Siemens | Out-of-bounds Read vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 5.5 |
2022-07-12 | CVE-2022-34283 | Siemens | Out-of-bounds Read vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 5.5 |
2022-07-12 | CVE-2022-34285 | Siemens | Out-of-bounds Read vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 5.5 |
2022-07-12 | CVE-2022-34287 | Siemens | Out-of-bounds Write vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 5.5 |
2022-07-12 | CVE-2022-34288 | Siemens | Out-of-bounds Read vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 5.5 |
2022-07-12 | CVE-2022-34290 | Siemens | Out-of-bounds Write vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 5.5 |
2022-07-12 | CVE-2022-34291 | Siemens | Out-of-bounds Write vulnerability in Siemens Pads Viewer A vulnerability has been identified in PADS Standard/Plus Viewer (All versions). | 5.5 |
2022-07-12 | CVE-2022-34464 | Siemens | Exposure of Resource to Wrong Sphere vulnerability in Siemens products A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3). | 5.5 |
2022-07-11 | CVE-2020-4138 | IBM | Unspecified vulnerability in IBM Security Siteprotector System 3.1.1 IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system. | 5.5 |
2022-07-17 | CVE-2022-30982 | Gentics | Cross-site Scripting vulnerability in Gentics CMS 5.43.0 An issue was discovered in Gentics CMS before 5.43.1. | 5.4 |
2022-07-17 | CVE-2022-31201 | Monitoringsoft | Cross-site Scripting vulnerability in Monitoringsoft Softguard web SoftGuard Web (SGW) before 5.1.5 allows HTML injection. | 5.4 |
2022-07-15 | CVE-2020-35261 | Multi Restaurant Table Reservation System Project | Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0 Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php. | 5.4 |
2022-07-15 | CVE-2020-36550 | Multi Restaurant Table Reservation System Project | Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0 Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php. | 5.4 |
2022-07-15 | CVE-2020-36551 | Multi Restaurant Table Reservation System Project | Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0 Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php. | 5.4 |
2022-07-15 | CVE-2020-36552 | Multi Restaurant Table Reservation System Project | Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0 Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php. | 5.4 |
2022-07-15 | CVE-2020-36553 | Multi Restaurant Table Reservation System Project | Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0 Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php. | 5.4 |
2022-07-14 | CVE-2022-32318 | Fast Food Ordering System Project | Cross-site Scripting vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0 Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category. | 5.4 |
2022-07-14 | CVE-2021-39015 | IBM | Cross-site Scripting vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. | 5.4 |
2022-07-14 | CVE-2021-39028 | IBM | Injection vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 5.4 |
2022-07-14 | CVE-2022-2396 | Simple E Learning System Project | Cross-site Scripting vulnerability in Simple E-Learning System Project Simple E-Learning System 1.0 A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0. | 5.4 |
2022-07-13 | CVE-2022-34358 | IBM | Cross-site Scripting vulnerability in IBM I IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. | 5.4 |
2022-07-13 | CVE-2022-32074 | Osticket | Cross-site Scripting vulnerability in Osticket A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. | 5.4 |
2022-07-13 | CVE-2022-32065 | Ruoyi | Cross-site Scripting vulnerability in Ruoyi An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file. | 5.4 |
2022-07-13 | CVE-2022-32274 | Ttpsc | Cross-site Scripting vulnerability in Ttpsc the Scheduler 6.5.0 The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function. | 5.4 |
2022-07-12 | CVE-2022-29602 | Grid Elements Project | Cross-site Scripting vulnerability in Grid Elements Project Grid Elements The gridelements (aka Grid Elements) extension through 7.6.1, 8.x through 8.7.0, 9.x through 9.7.0, and 10.x through 10.2.0 extension for TYPO3 allows XSS. | 5.4 |
2022-07-12 | CVE-2022-33154 | Schema Project | Cross-site Scripting vulnerability in Schema Project Schema The schema (aka Embedding schema.org vocabulary) extension before 1.13.1 and 2.x before 2.5.1 for TYPO3 allows XSS. | 5.4 |
2022-07-12 | CVE-2022-33155 | Ameos Tarteaucitron Project | Cross-site Scripting vulnerability in Ameos Tarteaucitron Project Ameos Tarteaucitron The ameos_tarteaucitron (aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible) extension before 1.2.23 for TYPO3 allows XSS. | 5.4 |
2022-07-12 | CVE-2022-31597 | SAP | Unspecified vulnerability in SAP S/4Hana and Sapscore Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data. | 5.4 |
2022-07-12 | CVE-2022-31598 | SAP | Insufficient Verification of Data Authenticity vulnerability in SAP Business Objects Business Intelligence Platform 420 Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation. | 5.4 |
2022-07-12 | CVE-2022-31654 | Vmware | Cross-site Scripting vulnerability in VMWare Vrealize LOG Insight VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. | 5.4 |
2022-07-12 | CVE-2022-31655 | Vmware | Cross-site Scripting vulnerability in VMWare Vrealize LOG Insight VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. | 5.4 |
2022-07-12 | CVE-2022-2364 | Simple Parking Management System Project | Cross-site Scripting vulnerability in Simple Parking Management System Project Simple Parking Management System 1.0 A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0. | 5.4 |
2022-07-12 | CVE-2022-2291 | Hotel Management System Project | Cross-site Scripting vulnerability in Hotel Management System Project Hotel Management System 2.0 A vulnerability was found in SourceCodester Hotel Management System 2.0. | 5.4 |
2022-07-12 | CVE-2022-2292 | Hotel Management System Project | Cross-site Scripting vulnerability in Hotel Management System Project Hotel Management System 2.0 A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0. | 5.4 |
2022-07-12 | CVE-2022-2293 | Simple Sales Management System Project | Cross-site Scripting vulnerability in Simple Sales Management System Project Simple Sales Management System 1.0 A vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0. | 5.4 |
2022-07-12 | CVE-2022-22682 | Synology | Unspecified vulnerability in Synology Calendar Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
2022-07-11 | CVE-2022-1626 | Sharebar Project | Unspecified vulnerability in Sharebar Project Sharebar The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them | 5.4 |
2022-07-11 | CVE-2022-1757 | Pagebar Project | Unspecified vulnerability in Pagebar Project Pagebar The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 5.4 |
2022-07-11 | CVE-2022-1938 | Awin | Unspecified vulnerability in Awin Data Feed 1.6 The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings | 5.4 |
2022-07-17 | CVE-2022-25357 | Pexip | Unspecified vulnerability in Pexip Infinity 27.0/27.1 Pexip Infinity 27.x before 27.2 has Improper Access Control. | 5.3 |
2022-07-17 | CVE-2022-2133 | Miniorange | Unspecified vulnerability in Miniorange Oauth Single Sign on The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address. | 5.3 |
2022-07-15 | CVE-2022-1881 | Octopus | Authorization Bypass Through User-Controlled Key vulnerability in Octopus Server In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. | 5.3 |
2022-07-14 | CVE-2022-32425 | Mealie | Information Exposure Through Discrepancy vulnerability in Mealie 1.0.0 The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time. | 5.3 |
2022-07-14 | CVE-2022-22473 | IBM | Unspecified vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data. | 5.3 |
2022-07-14 | CVE-2022-32222 | Nodejs Siemens | Uncontrolled Search Path Element vulnerability in multiple products A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3. | 5.3 |
2022-07-13 | CVE-2022-34757 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware 01.401.101/01.401.102 A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details. | 5.3 |
2022-07-13 | CVE-2022-34765 | Schneider Electric | Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric products A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path. | 5.3 |
2022-07-12 | CVE-2022-32248 | SAP | Unspecified vulnerability in SAP S/4Hana Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database. | 5.3 |
2022-07-12 | CVE-2021-39041 | IBM | Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.4.0/7.5.0 IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports. | 5.3 |
2022-07-12 | CVE-2022-2366 | Mattermost | Incorrect Default Permissions vulnerability in Mattermost Server Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers. | 5.3 |
2022-07-12 | CVE-2022-33707 | Samsung | Use of Insufficiently Random Values vulnerability in Samsung Find MY Mobile Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device. | 5.3 |
2022-07-12 | CVE-2022-33712 | Samsung | Open Redirect vulnerability in Samsung Camera Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information. | 5.3 |
2022-07-12 | CVE-2022-33911 | Couchbase | Information Exposure Through Log Files vulnerability in Couchbase Server An issue was discovered in Couchbase Server 7.x before 7.0.4. | 5.3 |
2022-07-17 | CVE-2022-2222 | Wpchill | Unspecified vulnerability in Wpchill Download Monitor The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. | 4.9 |
2022-07-13 | CVE-2022-34758 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware 01.401.101/01.401.102 A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials. | 4.9 |
2022-07-12 | CVE-2022-31134 | Zulip | Unrestricted Upload of File with Dangerous Type vulnerability in Zulip Server Zulip is an open-source team collaboration tool. | 4.9 |
2022-07-17 | CVE-2022-2099 | Woocommerce | Improper Encoding or Escaping of Output vulnerability in Woocommerce The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles | 4.8 |
2022-07-17 | CVE-2022-2100 | Wpzinc | Unspecified vulnerability in Wpzinc Page Generator The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-07-17 | CVE-2022-2114 | Supsystic | Unspecified vulnerability in Supsystic Data Tables Generator The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-07-17 | CVE-2022-2118 | Tooltulips | Cross-site Scripting vulnerability in Tooltulips 404S The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-07-17 | CVE-2022-2148 | Linkedin Company Updates Project | Unspecified vulnerability in Linkedin Company Updates Project Linkedin Company Updates The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-07-17 | CVE-2022-2149 | Very Simple Breadcrumb Project | Unspecified vulnerability in Very Simple Breadcrumb Project Very Simple Breadcrumb The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-07-17 | CVE-2022-2151 | Emarketdesign | Unspecified vulnerability in Emarketdesign Best Contact Management Software The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-07-17 | CVE-2022-2169 | Dwbooster | Unspecified vulnerability in Dwbooster Loading Page With Loading Screen The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-07-17 | CVE-2022-2186 | Bracketspace | Unspecified vulnerability in Bracketspace Simple Post Notes The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-07-17 | CVE-2022-2194 | Tipsandtricks HQ | Unspecified vulnerability in Tipsandtricks-Hq Accept Stripe The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-07-13 | CVE-2020-21967 | Prestashop | Cross-site Scripting vulnerability in Prestashop 1.7.6.7 File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page. | 4.8 |
2022-07-11 | CVE-2022-1894 | Sygnoos | Unspecified vulnerability in Sygnoos Popup Builder The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed | 4.8 |
2022-07-11 | CVE-2022-2050 | Maxfoundry | Cross-site Scripting vulnerability in Maxfoundry Wp-Paginate The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed | 4.8 |
2022-07-11 | CVE-2022-2089 | Bold Themes | Unspecified vulnerability in Bold-Themes Bold Page Builder The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 4.8 |
2022-07-11 | CVE-2022-2093 | Ninjateam | Unspecified vulnerability in Ninjateam WP Duplicate Page 1.0/1.1/1.2 The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. | 4.8 |
2022-07-12 | CVE-2022-33691 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 10.0/11.0/12.0 A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations. | 4.7 | |
2022-07-12 | CVE-2022-32246 | SAP | Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430 SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend. | 4.6 |
2022-07-12 | CVE-2022-2363 | Simple Parking Management System Project | Cross-site Scripting vulnerability in Simple Parking Management System Project Simple Parking Management System 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0. | 4.6 |
2022-07-14 | CVE-2021-26382 | AMD | Unspecified vulnerability in AMD products An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service. | 4.4 |
2022-07-14 | CVE-2022-31156 | Gradle | Improper Verification of Cryptographic Signature vulnerability in Gradle Gradle is a build tool. | 4.4 |
2022-07-17 | CVE-2022-2144 | Jquery Validation FOR Contact Form 7 Project | Unspecified vulnerability in Jquery Validation for Contact Form 7 Project Jquery Validation for Contact Form 7 The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attack | 4.3 |
2022-07-17 | CVE-2015-10003 | Filezilla Project | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Filezilla-Project Filezilla Server A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. | 4.3 |
2022-07-14 | CVE-2022-2408 | Mattermost | Incorrect Authorization vulnerability in Mattermost The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels. | 4.3 |
2022-07-14 | CVE-2021-39016 | IBM | Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor. | 4.3 |
2022-07-14 | CVE-2021-39018 | IBM | Information Exposure Through an Error Message vulnerability in IBM Engineering Lifecycle Optimization Publishing IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system. | 4.3 |
2022-07-12 | CVE-2022-31592 | SAP | Unspecified vulnerability in SAP Enterprise Extension Defense Forces & Public Security The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality. | 4.3 |
2022-07-11 | CVE-2022-1956 | Shortcut Macros Project | Unspecified vulnerability in Shortcut Macros Project Shortcut Macros 1.3 The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them. | 4.3 |
2022-07-11 | CVE-2022-1957 | Comment License Project | Unspecified vulnerability in Comment License Project Comment License The Comment License WordPress plugin before 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 |
2022-07-11 | CVE-2022-2123 | WP OPT IN Project | Unspecified vulnerability in WP Opt-In Project WP Opt-In 1.4.1 The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails. | 4.3 |
2022-07-11 | CVE-2022-30943 | Cybozu | Unspecified vulnerability in Cybozu Garoon Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin. | 4.3 |
2022-07-11 | CVE-2022-31472 | Cybozu | Unspecified vulnerability in Cybozu Garoon Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet. | 4.3 |
31 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-07-13 | CVE-2022-20226 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 12.0/12.1 In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. | 3.9 | |
2022-07-14 | CVE-2022-22450 | IBM | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request. | 3.8 |
2022-07-15 | CVE-2022-35900 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation and View An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. | 3.3 |
2022-07-15 | CVE-2022-35901 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation and View An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. | 3.3 |
2022-07-15 | CVE-2022-35902 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation and View An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. | 3.3 |
2022-07-15 | CVE-2022-35903 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation and View An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. | 3.3 |
2022-07-15 | CVE-2022-35904 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation and View An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. | 3.3 |
2022-07-15 | CVE-2022-35905 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation and View An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. | 3.3 |
2022-07-15 | CVE-2022-35906 | Bentley | Out-of-bounds Read vulnerability in Bentley Microstation and View An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x. | 3.3 |
2022-07-12 | CVE-2022-30750 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. | 3.3 | |
2022-07-12 | CVE-2022-30751 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. | 3.3 | |
2022-07-12 | CVE-2022-30752 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. | 3.3 | |
2022-07-12 | CVE-2022-30753 | Incorrect Default Permissions vulnerability in Google Android 10.0/11.0/12.0 Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | 3.3 | |
2022-07-12 | CVE-2022-30757 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. | 3.3 | |
2022-07-12 | CVE-2022-33687 | Information Exposure Through Log Files vulnerability in Google Android 10.0/11.0/12.0 Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. | 3.3 | |
2022-07-12 | CVE-2022-33688 | Information Exposure Through Log Files vulnerability in Google Android 10.0/11.0/12.0 Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. | 3.3 | |
2022-07-12 | CVE-2022-33689 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call. | 3.3 | |
2022-07-12 | CVE-2022-33690 | Path Traversal vulnerability in Google Android 12.0 Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file. | 3.3 | |
2022-07-12 | CVE-2022-33692 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 11.0/12.0 Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. | 3.3 | |
2022-07-12 | CVE-2022-33694 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0 Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting. | 3.3 | |
2022-07-12 | CVE-2022-33696 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 12.0 Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. | 3.3 | |
2022-07-12 | CVE-2022-33697 | Information Exposure Through Log Files vulnerability in Google Android 10.0/11.0/12.0 Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. | 3.3 | |
2022-07-12 | CVE-2022-33698 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0 Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log. | 3.3 | |
2022-07-12 | CVE-2022-33701 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent. | 3.3 | |
2022-07-12 | CVE-2022-33705 | Samsung | Unspecified vulnerability in Samsung Calendar 11.6.08.0/12.2.11.3000 Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission. | 3.3 |
2022-07-12 | CVE-2022-33706 | Samsung | Unspecified vulnerability in Samsung Gallery Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture. | 2.4 |
2022-07-12 | CVE-2022-35648 | Nautilus | Unspecified vulnerability in Nautilus T616 Firmware and T618 Firmware Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers to cause a denial of service (fall) by connecting the power cord to a 120V circuit (which may lead to self-starting at an inopportune time). | 2.4 |
2022-07-12 | CVE-2022-33686 | Files or Directories Accessible to External Parties vulnerability in Google Android 10.0/11.0/12.0 Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | 2.3 | |
2022-07-12 | CVE-2022-33693 | Information Exposure Through Log Files vulnerability in Google Android 10.0/11.0/12.0 Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | 2.3 | |
2022-07-12 | CVE-2022-33699 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0 Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. | 2.3 | |
2022-07-12 | CVE-2022-33700 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0 Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. | 2.3 |