Weekly Vulnerabilities Reports > July 11 to 17, 2022

Overview

556 new vulnerabilities reported during this period, including 145 critical vulnerabilities and 187 high severity vulnerabilities. This weekly summary report vulnerabilities in 707 products from 286 vendors including Google, Siemens, SAP, IBM, and Pexip. Vulnerabilities are notably categorized as "Path Traversal", "Cross-site Scripting", "Out-of-bounds Read", "Out-of-bounds Write", and "SQL Injection".

  • 425 reported vulnerabilities are remotely exploitables.
  • 30 reported vulnerabilities have public exploit available.
  • 192 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 375 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 48 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

145 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-17 CVE-2022-26479 Poly Incorrect Authorization vulnerability in Poly Eagleeye Director II Firmware

An issue was discovered in Poly EagleEye Director II before 2.2.2.1.

9.8
2022-07-17 CVE-2022-31209 Infiray Classic Buffer Overflow vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957

An issue was discovered in Infiray IRAY-A8Z3 1.0.957.

9.8
2022-07-17 CVE-2022-31210 Infiray Use of Hard-coded Credentials vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957

An issue was discovered in Infiray IRAY-A8Z3 1.0.957.

9.8
2022-07-17 CVE-2022-31211 Infiray Weak Password Requirements vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957

An issue was discovered in Infiray IRAY-A8Z3 1.0.957.

9.8
2022-07-17 CVE-2022-32985 Nexans Use of Hard-coded Credentials vulnerability in Nexans products

libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.

9.8
2022-07-17 CVE-2022-26352 Dotcms Unspecified vulnerability in Dotcms

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02.

9.8
2022-07-16 CVE-2021-36711 Octobot Unrestricted Upload of File with Dangerous Type vulnerability in Octobot 0.4.1/0.4.2/0.4.3

WebInterface in OctoBot before 0.4.4 allows remote code execution because Tentacles upload is mishandled.

9.8
2022-07-16 CVE-2017-20130 Itechscripts SQL Injection vulnerability in Itechscripts Real Estate Script 3.12

A vulnerability was found in Itech Real Estate Script 3.12.

9.8
2022-07-16 CVE-2017-20131 Itechscripts SQL Injection vulnerability in Itechscripts News Portal Script 6.28

A vulnerability was found in Itech News Portal 6.28.

9.8
2022-07-16 CVE-2017-20132 Itechscripts SQL Injection vulnerability in Itechscripts Multi Vendor Script 6.49

A vulnerability was found in Itech Multi Vendor Script 6.49 and classified as critical.

9.8
2022-07-16 CVE-2017-20133 Itechscripts Improper Authentication vulnerability in Itechscripts JOB Portal Script 9.13

A vulnerability, which was classified as critical, was found in Itech Job Portal Script 9.13.

9.8
2022-07-16 CVE-2017-20134 Itechscripts SQL Injection vulnerability in Itechscripts Freelancer Script 5.13

A vulnerability, which was classified as critical, has been found in Itech Freelancer Script 5.13.

9.8
2022-07-16 CVE-2017-20135 Itechscripts SQL Injection vulnerability in Itechscripts Dating Script 3.26

A vulnerability classified as critical was found in Itech Dating Script 3.26.

9.8
2022-07-16 CVE-2017-20138 Itechscripts SQL Injection vulnerability in Itechscripts Auction Script 6.49

A vulnerability was found in Itech Auction Script 6.49.

9.8
2022-07-15 CVE-2022-31161 Roxy WI Unspecified vulnerability in Roxy-Wi

Roxy-WI is a Web interface for managing HAProxy, Nginx and Keepalived servers.

9.8
2022-07-15 CVE-2022-35890 Inductiveautomation Incorrect Authorization vulnerability in Inductiveautomation Ignition

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17.

9.8
2022-07-14 CVE-2022-32409 Softwarepublico Path Traversal vulnerability in Softwarepublico I3Geo 7.0.5

A local file inclusion (LFI) vulnerability in the component codemirror.php of Portal do Software Publico Brasileiro i3geo v7.0.5 allows attackers to execute arbitrary PHP code via a crafted HTTP request.

9.8
2022-07-14 CVE-2022-32417 Pbootcms Code Injection vulnerability in Pbootcms 3.1.2

PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.

9.8
2022-07-14 CVE-2022-28369 Verizon Unrestricted Upload of File with Dangerous Type vulnerability in Verizon Lvskihp Indoorunit Firmware 3.4.66.162

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not validate the user-provided URL within the crtcmode function's enable_ssh sub-operation of the crtcrpc JSON listener (found at /lib/functions/wnc_jsonsh/crtcmode.sh) A remote attacker on the local network can provide a malicious URL.

9.8
2022-07-14 CVE-2022-28373 Verizon OS Command Injection vulnerability in Verizon Lvskihp Indoorunit Firmware 3.4.66.162

Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 does not properly sanitize user-controlled parameters within the crtcreadpartition function of the crtcrpc JSON listener in /usr/lib/lua/luci/crtc.lua.

9.8
2022-07-14 CVE-2022-28375 Verizon OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener.

9.8
2022-07-14 CVE-2022-30113 Fahou100 SQL Injection vulnerability in Fahou100 Electronic Mall System 1.0

Electronic mall system 1.0_build20200203 is affected vulnerable to SQL Injection.

9.8
2022-07-14 CVE-2017-20129 Logostore Project SQL Injection vulnerability in Logostore Project Logostore

A vulnerability was found in LogoStore.

9.8
2022-07-13 CVE-2022-35857 KVF Admin Project Use of Hard-coded Credentials vulnerability in Kvf-Admin Project Kvf-Admin 20220212

kvf-admin through 2022-02-12 allows remote attackers to execute arbitrary code because deserialization is mishandled.

9.8
2022-07-13 CVE-2022-34756 Schneider Electric Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware 01.401.101/01.401.102

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution or the crash of HTTPs stack which is used for the device Web HMI.

9.8
2022-07-13 CVE-2022-20216 Google Unspecified vulnerability in Google Android

android exported is used to set third-party app access permissions, and the default value of intent-filter is true.

9.8
2022-07-13 CVE-2022-20222 Google Out-of-bounds Write vulnerability in Google Android 12.0/12.1

In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check.

9.8
2022-07-13 CVE-2022-20229 Google Out-of-bounds Write vulnerability in Google Android

In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check.

9.8
2022-07-13 CVE-2022-20238 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555

9.8
2022-07-13 CVE-2017-20126 KB Affiliate Referral Script Project SQL Injection vulnerability in KB Affiliate Referral Script Project KB Affiliate Referral Script 1.0

A vulnerability was found in KB Affiliate Referral Script 1.0.

9.8
2022-07-13 CVE-2017-20127 KB Login Authentication Script Project SQL Injection vulnerability in KB Login Authentication Script Project KB Login Authentication Script 1.1

A vulnerability was found in KB Login Authentication Script 1.1 and classified as critical.

9.8
2022-07-13 CVE-2017-20128 KB Messages PHP Script Project SQL Injection vulnerability in KB Messages PHP Script Project KB Messages PHP Script 1.0

A vulnerability has been found in KB Messages PHP Script 1.0 and classified as critical.

9.8
2022-07-13 CVE-2022-28888 Spryker OS Command Injection vulnerability in Spryker Cloud Commerce

Spryker Commerce OS 1.4.2 allows Remote Command Execution.

9.8
2022-07-13 CVE-2022-32073 Wolfssh Integer Overflow or Wraparound vulnerability in Wolfssh 1.4.7

WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR.

9.8
2022-07-12 CVE-2022-35628 In2Code SQL Injection vulnerability in In2Code Living User Experience

A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.

9.8
2022-07-12 CVE-2022-29600 Oliverklee SQL Injection vulnerability in Oliverklee Oelib

The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection.

9.8
2022-07-12 CVE-2022-29601 Oliverklee SQL Injection vulnerability in Oliverklee Seminars

The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection.

9.8
2022-07-12 CVE-2022-22997 Westerndigital OS Command Injection vulnerability in Westerndigital MY Cloud Home DUO Firmware and MY Cloud Home Firmware

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices.

9.8
2022-07-12 CVE-2022-2298 Oretnom23 SQL Injection vulnerability in Oretnom23 Clinic'S Patient Management System 2.0

A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical.

9.8
2022-07-11 CVE-2020-29506 Dell
Oracle
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.
9.8
2022-07-11 CVE-2020-29507 Dell
Oracle
Improper Input Validation vulnerability in multiple products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.

9.8
2022-07-11 CVE-2020-29508 Dell
Oracle
Improper Input Validation vulnerability in multiple products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.

9.8
2022-07-11 CVE-2020-35163 Dell
Oracle
Use of Insufficiently Random Values vulnerability in multiple products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.

9.8
2022-07-11 CVE-2020-35166 Dell
Oracle
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
9.8
2022-07-11 CVE-2020-35167 Dell
Oracle
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
9.8
2022-07-11 CVE-2020-35168 Dell
Oracle
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
9.8
2022-07-11 CVE-2020-35169 Dell
Oracle
Improper Input Validation vulnerability in multiple products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.

9.8
2022-07-11 CVE-2020-4150 IBM Use of Hard-coded Credentials vulnerability in IBM Security Siteprotector System 3.1.1

IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

9.8
2022-07-11 CVE-2022-1057 Varktech Unspecified vulnerability in Varktech Pricing Deals for Woocommerce

The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

9.8
2022-07-11 CVE-2022-1952 Syntactics Unspecified vulnerability in Syntactics Free Booking Plugin for Hotels, Restaurant and CAR Rental

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution.

9.8
2022-07-11 CVE-2022-2302 Lenze Improper Authentication vulnerability in Lenze C520 Firmware, C550 Firmware and C750 Firmware

Multiple Lenze products of the cabinet series skip the password verification upon second login.

9.8
2022-07-11 CVE-2022-2368 Microweber Unspecified vulnerability in Microweber

Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20.

9.8
2022-07-11 CVE-2022-32294 Zimbra Incorrect Authorization vulnerability in Zimbra Collaboration 8.8.15

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command).

9.8
2022-07-11 CVE-2022-31570 Ceneo WEB Scrapper Project Path Traversal vulnerability in Ceneo-Web-Scrapper Project Ceneo-Web-Scrapper 20210315

The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.8
2022-07-12 CVE-2022-31105 Linuxfoundation
Argoproj
Improper Certificate Validation vulnerability in multiple products

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

9.6
2022-07-11 CVE-2022-31501 Onyxforum Project Path Traversal vulnerability in Onyxforum Project Onyxforum

The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31502 Wormnest Project Path Traversal vulnerability in Wormnest Project Wormnest

The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31503 Orchest Path Traversal vulnerability in Orchest

The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31504 Baiduwenkuspider Flaskweb Project Path Traversal vulnerability in Baiduwenkuspider Flaskweb Project Baiduwenkuspider Flaskweb

The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31505 Mercadoenlineaback Project Path Traversal vulnerability in Mercadoenlineaback Project Mercadoenlineaback

The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31506 CMU Path Traversal vulnerability in CMU Opendiamond

The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31507 Ganga Project Path Traversal vulnerability in Ganga Project Ganga

The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31508 Idayrus Path Traversal vulnerability in Idayrus E-Voting

The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31509 Iedadata Path Traversal vulnerability in Iedadata Usap-Dc web Submission and Dataset Search 1.0/1.0.0/1.0.1

The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31510 Simple RAT Project Path Traversal vulnerability in Simple-Rat Project Simple-Rat 20220503

The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31511 Equanimity Project Path Traversal vulnerability in Equanimity Project Equanimity

The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31512 Flask MVC Project Path Traversal vulnerability in Flask-Mvc Project Flask-Mvc

The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31513 Krypton Project Path Traversal vulnerability in Krypton Project Krypton

The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31514 FAN Platform Project Path Traversal vulnerability in FAN Platform Project FAN Platform

The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31515 Carceresbe Project Path Traversal vulnerability in Carceresbe Project Carceresbe 1.0

The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31516 Harveyzyh Python Project Path Traversal vulnerability in Harveyzyh Python Project Harveyzyh Python

The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31517 Mercury Sample Manager Project Path Traversal vulnerability in Mercury Sample Manager Project Mercury Sample Manager 20210420

The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31518 Python Recipe Database Project Path Traversal vulnerability in Python-Recipe-Database Project Python-Recipe-Database

The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31519 Windmill Project Path Traversal vulnerability in Windmill Project Windmill 1.0

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31520 Logstash Management API Project Path Traversal vulnerability in Logstash-Management-Api Project Logstash-Management-Api

The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31521 Mosaic Project Path Traversal vulnerability in Mosaic Project Mosaic 1.0.0

The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31522 Karaokey Project Path Traversal vulnerability in Karaokey Project Karaokey

The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31523 Paddlepaddle Path Traversal vulnerability in Paddlepaddle Anakin 0.1.0/0.1.1

The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31524 Purestorage Path Traversal vulnerability in Purestorage Pure Swagger

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31525 Deep Learning Studio Project Path Traversal vulnerability in Deep Learning Studio Project Deep Learning Studio 0.1.0

The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31526 Thunderatz Path Traversal vulnerability in Thunderatz Thunderdocs 20200501

The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31527 Flask File Server Project Path Traversal vulnerability in Flask-File-Server Project Flask-File-Server

The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31528 Bonn Activity Maps Annotation Tool Project Path Traversal vulnerability in Bonn Activity Maps Annotation Tool Project Bonn Activity Maps Annotation Tool

The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31529 Monorepo Project Path Traversal vulnerability in Monorepo Project Monorepo

The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31530 CSM Server Project Path Traversal vulnerability in CSM Server Project CSM Server

The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31531 Dainst Path Traversal vulnerability in Dainst Cilantro

The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31532 Travel Blahg Project Path Traversal vulnerability in Travel Blahg Project Travel Blahg

The dankolbman/travel_blahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31533 Umbral Project Path Traversal vulnerability in Umbral Project Umbral 20200115

The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31534 Pythonweb Project Path Traversal vulnerability in Pythonweb Project Pythonweb 20181031

The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31535 Fishtank Project Path Traversal vulnerability in Fishtank Project Fishtank 20150624

The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31536 Ytdl Sync Project Path Traversal vulnerability in Ytdl-Sync Project Ytdl-Sync 20210102

The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31537 Solar System Simulator Project Path Traversal vulnerability in Solar-System-Simulator Project Solar-System-Simulator 20210726

The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31538 MP M08 Interface Project Path Traversal vulnerability in Mp-M08-Interface Project Mp-M08-Interface 20201210

The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31539 Kotekan Project Path Traversal vulnerability in Kotekan Project Kotekan

The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31540 HIN ENG Preprocessing Project Path Traversal vulnerability in Hin-Eng-Preprocessing Project Hin-Eng-Preprocessing 20190716

The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31541 Barry Voice Assistant Project Path Traversal vulnerability in Barry Voice Assistant Project Barry Voice Assistant 20210118

The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31542 Mdweb Project Path Traversal vulnerability in Mdweb Project Mdweb 20150507

The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31543 Setupbox Project Path Traversal vulnerability in Setupbox Project Setupbox 1.0

The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31544 Xtomo Path Traversal vulnerability in Xtomo Robo-Tom

The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31545 Modelconverter Project Path Traversal vulnerability in Modelconverter Project Modelconverter 20210426

The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31546 Glance Project Path Traversal vulnerability in Glance Project Glance 20140627

The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31547 Sphere Project Path Traversal vulnerability in Sphere Project Sphere 20200531

The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31548 Homepage Project Path Traversal vulnerability in Homepage Project Homepage 20170306

The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31549 Helm Flask Celery Project Path Traversal vulnerability in Helm-Flask-Celery Project Helm-Flask-Celery

The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31550 Python Athena Stack Project Path Traversal vulnerability in Python Athena Stack Project Python Athena Stack 20191108

The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31551 Flask Mongo Skel Project Path Traversal vulnerability in Flask-Mongo-Skel Project Flask-Mongo-Skel 20121101

The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31552 Anuvaad Corpus Project Path Traversal vulnerability in Anuvaad-Corpus Project Anuvaad-Corpus 20201123

The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31553 Sleep Learner Project Path Traversal vulnerability in Sleep Learner Project Sleep Learner 20210221

The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31554 Movie Review Sentiment Analysis Project Path Traversal vulnerability in Movie-Review-Sentiment-Analysis Project Movie-Review-Sentiment-Analysis 20170507

The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31555 Nurse Quest Project Path Traversal vulnerability in Nurse Quest Project Nurse Quest 20180222

The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31556 Trainenergyserver Project Path Traversal vulnerability in Trainenergyserver Project Trainenergyserver 20170803

The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31557 Golem Project Path Traversal vulnerability in Golem Project Golem 20160517

The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31558 Shiva Server Project Path Traversal vulnerability in Shiva-Server Project Shiva-Server

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31559 Flask Yeoman Project Path Traversal vulnerability in Flask-Yeoman Project Flask-Yeoman 20130913

The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31560 Photo TAG Project Path Traversal vulnerability in Photo TAG Project Photo TAG 20200831

The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31561 Sphere Imagebackend Project Path Traversal vulnerability in Sphere Imagebackend Project Sphere Imagebackend 20191003

The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31562 Internshipsystem Project Path Traversal vulnerability in Internshipsystem Project Internshipsystem 20180522

The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31563 Vprj Project Path Traversal vulnerability in Vprj Project Vprj 20220406

The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31564 Munhak Path Traversal vulnerability in Munhak Munhak-Moa

The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31565 Syrabond Project Path Traversal vulnerability in Syrabond Project Syrabond 20200525

The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31567 Data Stream Algorithm Benchmark Project Path Traversal vulnerability in Data Stream Algorithm Benchmark Project Data Stream Algorithm Benchmark 1.0/2.0/2.1

The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31568 Rexians Path Traversal vulnerability in Rexians Rex-Web 20220605

The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31571 Python Flask Restful API Project Path Traversal vulnerability in Python-Flask-Restful-Api Project Python-Flask-Restful-Api 20190916

The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31572 Cockybook Project Path Traversal vulnerability in Cockybook Project Cockybook 20150416

The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31573 Chainer Path Traversal vulnerability in Chainer Chainerrl-Visualizer 0.1.1

The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31574 Realestate Project Path Traversal vulnerability in Realestate Project Realestate 20181130

The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31575 Livro Python Project Path Traversal vulnerability in Livro Python Project Livro Python 20180606

The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31576 Shackerpanel Project Path Traversal vulnerability in Shackerpanel Project Shackerpanel 20210525

The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31577 Audio Aligner APP Project Path Traversal vulnerability in Audio Aligner APP Project Audio Aligner APP 20200110

The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31579 Iasset Project Path Traversal vulnerability in Iasset Project Iasset 20220504

The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31580 Caretakerr API Project Path Traversal vulnerability in Caretakerr-Api Project Caretakerr-Api 20210517

The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31581 Scorelab Path Traversal vulnerability in Scorelab Openmf

The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31582 Videoserver Project Path Traversal vulnerability in Videoserver Project Videoserver 20190921

The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31583 Automatedquizeval Project Path Traversal vulnerability in Automatedquizeval Project Automatedquizeval 20200427

The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31584 S3Label Project Path Traversal vulnerability in S3Label Project S3Label 20190814

The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31585 Home Internet Project Path Traversal vulnerability in Home Internet Project Home Internet 20200828

The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31586 Changepop Back Project Path Traversal vulnerability in Changepop-Back Project Changepop-Back 20190604

The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31587 KG Fashion Chatbot Project Path Traversal vulnerability in Kg-Fashion-Chatbot Project Kg-Fashion-Chatbot 20180522

The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-11 CVE-2022-31588 Testplatform Project Path Traversal vulnerability in Testplatform Project Testplatform

The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

9.3
2022-07-15 CVE-2022-35409 ARM
Debian
Out-of-bounds Read vulnerability in multiple products

An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0.

9.1
2022-07-14 CVE-2022-25800 Bestpractical Server-Side Request Forgery (SSRF) vulnerability in Bestpractical Request Tracker for Incident Response

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via the whois lookup tool.

9.1
2022-07-14 CVE-2022-25801 Bestpractical Server-Side Request Forgery (SSRF) vulnerability in Bestpractical Request Tracker for Incident Response

Best Practical RT for Incident Response (RTIR) before 4.0.3 and 5.x before 5.0.3 allows SSRF via Scripted Action tools.

9.1
2022-07-12 CVE-2022-34737 Huawei Incorrect Default Permissions vulnerability in Huawei Emui, Harmonyos and Magic UI

The application security module has a vulnerability in permission assignment.

9.1
2022-07-12 CVE-2021-44222 Siemens Missing Authentication for Critical Function vulnerability in Siemens Simatic Easie Core Package

A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00).

9.1
2022-07-11 CVE-2022-31140 Cuyz Unspecified vulnerability in Cuyz Valinor

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure.

9.1

187 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-17 CVE-2022-26481 Poly OS Command Injection vulnerability in Poly products

An issue was discovered in Poly Studio before 3.7.0.

8.8
2022-07-17 CVE-2022-30981 Gentics Deserialization of Untrusted Data vulnerability in Gentics CMS 5.43.0

An issue was discovered in Gentics CMS before 5.43.1.

8.8
2022-07-17 CVE-2022-31208 Infiray Unspecified vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957

An issue was discovered in Infiray IRAY-A8Z3 1.0.957.

8.8
2022-07-17 CVE-2022-30550 Dovecot
Debian
Improper Authentication vulnerability in multiple products

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20.

8.8
2022-07-17 CVE-2022-32320 Getferdi
Ferdium
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file.

8.8
2022-07-17 CVE-2022-1672 Insights From Google Pagespeed Project Unspecified vulnerability in Insights From Google Pagespeed Project Insights From Google Pagespeed

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks

8.8
2022-07-15 CVE-2021-36461 Microweber Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.3

An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.

8.8
2022-07-15 CVE-2022-30243 Honeywell Inclusion of Functionality from Untrusted Control Sphere vulnerability in Honeywell Alterton Visual Logic Firmware

Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users.

8.8
2022-07-15 CVE-2022-32119 Arox Unrestricted Upload of File with Dangerous Type vulnerability in Arox School ERP PRO 1.0

Arox School ERP Pro v1.0 was discovered to contain multiple arbitrary file upload vulnerabilities via the Add Photo function at photogalleries.inc.php and the import staff excel function at 1finance_master.inc.php.

8.8
2022-07-14 CVE-2022-32415 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=.

8.8
2022-07-14 CVE-2022-30024 TP Link Classic Buffer Overflow vulnerability in Tp-Link products

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V12 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the System Tools of the Wi-Fi network.

8.8
2022-07-14 CVE-2022-28374 Verizon OS Command Injection vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0

Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 does not property sanitize user-controlled parameters within the DMACC URLs on the Settings page of the Engineering portal.

8.8
2022-07-13 CVE-2022-32114 Strapi Unrestricted Upload of File with Dangerous Type vulnerability in Strapi 4.1.12

An unrestricted file upload vulnerability in the Add New Assets function of Strapi 4.1.12 allows attackers to conduct XSS attacks via a crafted PDF file.

8.8
2022-07-13 CVE-2022-34753 Schneider Electric Unspecified vulnerability in Schneider-Electric Spacelogic C-Bus Home Controller Firmware

A CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote root exploit when the command is compromised.

8.8
2022-07-12 CVE-2022-1025 Argoproj Unspecified vulnerability in Argoproj Argo CD

All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.

8.8
2022-07-12 CVE-2022-31593 SAP Unspecified vulnerability in SAP Business ONE 10.0

SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application.

8.8
2022-07-12 CVE-2022-35228 SAP Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted.

8.8
2022-07-12 CVE-2022-2385 Kubernetes Unspecified vulnerability in Kubernetes Aws-Iam-Authenticator

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.

8.8
2022-07-12 CVE-2022-2297 Oretnom23 Unrestricted Upload of File with Dangerous Type vulnerability in Oretnom23 Clinic'S Patient Management System 2.0

A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0.

8.8
2022-07-12 CVE-2021-38289 Novastar Incorrect Permission Assignment for Critical Resource vulnerability in Novastar Novaicare 7.16.0

An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete users, view roles, and other unspecified impacts.

8.8
2022-07-11 CVE-2022-31138 Mailcow Unspecified vulnerability in Mailcow Mailcow: Dockerized

mailcow is a mailserver suite.

8.8
2022-07-11 CVE-2022-35414 Qemu
Debian
Use of Uninitialized Resource vulnerability in multiple products

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.

8.8
2022-07-15 CVE-2022-31097 Grafana
Netapp
Cross-site Scripting vulnerability in multiple products

Grafana is an open-source platform for monitoring and observability.

8.7
2022-07-11 CVE-2022-31566 Data Stream Algorithm Benchmark Project Path Traversal vulnerability in Data Stream Algorithm Benchmark Project Data Stream Algorithm Benchmark

The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

8.6
2022-07-13 CVE-2019-10761 VM2 Project Uncontrolled Recursion vulnerability in VM2 Project VM2

This affects the package vm2 before 3.6.11.

8.3
2022-07-17 CVE-2022-26656 Pexip Unspecified vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.

8.2
2022-07-17 CVE-2022-27933 Pexip Unspecified vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

8.2
2022-07-15 CVE-2021-34987 Parallels Unspecified vulnerability in Parallels Desktop 16.5.1

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 (49187).

8.2
2022-07-14 CVE-2022-32212 Nodejs
Debian
Fedoraproject
Siemens
OS Command Injection vulnerability in multiple products

A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

8.1
2022-07-12 CVE-2022-24800 Octobercms Unspecified vulnerability in Octobercms October

October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework.

8.1
2022-07-11 CVE-2020-35164 Dell
Oracle
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
8.1
2022-07-11 CVE-2022-30602 Cybozu Unspecified vulnerability in Cybozu Garoon

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.

8.1
2022-07-15 CVE-2022-30244 Honeywell Inclusion of Functionality from Untrusted Control Sphere vulnerability in Honeywell Alerton Ascent Control Module Firmware

Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated programming writes from remote users.

8.0
2022-07-15 CVE-2022-2418 Eveo Unrestricted Upload of File with Dangerous Type vulnerability in Eveo Urve web Manager

A vulnerability was found in URVE Web Manager.

8.0
2022-07-15 CVE-2022-2419 Eveo Unrestricted Upload of File with Dangerous Type vulnerability in Eveo Urve web Manager

A vulnerability was found in URVE Web Manager.

8.0
2022-07-15 CVE-2022-2420 Eveo Unrestricted Upload of File with Dangerous Type vulnerability in Eveo Urve web Manager

A vulnerability was found in URVE Web Manager.

8.0
2022-07-12 CVE-2022-33137 Siemens Insufficient Session Expiration vulnerability in Siemens products

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3).

8.0
2022-07-17 CVE-2022-28807 Opendesign Out-of-bounds Read vulnerability in Opendesign Drawings SDK

An issue was discovered in Open Design Alliance Drawings SDK before 2023.2.

7.8
2022-07-17 CVE-2022-28808 Opendesign Out-of-bounds Read vulnerability in Opendesign Drawings SDK

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3.

7.8
2022-07-17 CVE-2022-28809 Opendesign Missing Authentication for Critical Function vulnerability in Opendesign Drawings SDK

An issue was discovered in Open Design Alliance Drawings SDK before 2023.3.

7.8
2022-07-17 CVE-2022-35861 Pyenv Path Traversal vulnerability in Pyenv

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory.

7.8
2022-07-17 CVE-2020-7641 Grunt Util Property Project Unspecified vulnerability in Grunt-Util-Property Project Grunt-Util-Property 0.0.1/0.0.2

This affects all versions of package grunt-util-property.

7.8
2022-07-15 CVE-2022-32434 Opener Project Out-of-bounds Write vulnerability in Opener Project Opener 2.3.0

EIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow via /bin/posix/src/ports/POSIX/OpENer+0x56073d.

7.8
2022-07-15 CVE-2021-34986 Parallels Unspecified vulnerability in Parallels Desktop 16.5.0

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 (49183).

7.8
2022-07-15 CVE-2022-34216 Adobe Unspecified vulnerability in Adobe products

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-07-15 CVE-2022-34217 Adobe Unspecified vulnerability in Adobe products

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-07-15 CVE-2022-34219 Adobe Unspecified vulnerability in Adobe products

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-07-15 CVE-2022-34220 Adobe Unspecified vulnerability in Adobe products

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-07-15 CVE-2022-34221 Adobe Unspecified vulnerability in Adobe products

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-07-15 CVE-2022-34230 Adobe Use After Free vulnerability in Adobe products

Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-07-15 CVE-2022-34245 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-07-15 CVE-2022-34246 Adobe Unspecified vulnerability in Adobe Indesign

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-07-15 CVE-2022-34247 Adobe Unspecified vulnerability in Adobe Indesign

Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-07-15 CVE-2022-34249 Adobe Unspecified vulnerability in Adobe Incopy

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-07-15 CVE-2022-34250 Adobe Unspecified vulnerability in Adobe Incopy

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-07-15 CVE-2022-34251 Adobe Unspecified vulnerability in Adobe Incopy

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an Out-Of-Bounds Write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-07-14 CVE-2021-26384 AMD Out-of-bounds Write vulnerability in AMD products

A malformed SMI (System Management Interface) command may allow an attacker to establish a corrupted SMI Trigger Info data structure, potentially leading to out-of-bounds memory reads and writes when triggering an SMI resulting in a potential loss of resources.

7.8
2022-07-14 CVE-2021-45492 Sage Incorrect Permission Assignment for Critical Resource vulnerability in Sage 300

In Sage 300 ERP (formerly accpac) through 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable.

7.8
2022-07-13 CVE-2022-32117 Jerryscript Out-of-bounds Write vulnerability in Jerryscript 2.4.0

Jerryscript v2.4.0 was discovered to contain a stack buffer overflow via the function jerryx_print_unhandled_exception in /util/print.c.

7.8
2022-07-13 CVE-2022-20212 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack.

7.8
2022-07-13 CVE-2022-20218 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 12.0/12.1

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code.

7.8
2022-07-13 CVE-2022-20220 Google Path Traversal vulnerability in Google Android 12.0/12.1

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error.

7.8
2022-07-13 CVE-2022-20223 Google Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android

In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy.

7.8
2022-07-12 CVE-2022-29187 GIT SCM
Fedoraproject
Apple
Debian
Git is a distributed revision control system.
7.8
2022-07-12 CVE-2022-31591 SAP Unspecified vulnerability in SAP Businessobjects BW Publisher Service 420/430

SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element.

7.8
2022-07-12 CVE-2021-36665 Druva Deserialization of Untrusted Data vulnerability in Druva Insync Client

An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon.

7.8
2022-07-12 CVE-2021-36666 Druva Untrusted Search Path vulnerability in Druva Insync Client

An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.

7.8
2022-07-12 CVE-2021-36667 Druva OS Command Injection vulnerability in Druva Insync Client

Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library.

7.8
2022-07-12 CVE-2021-36668 Druva Injection vulnerability in Druva Insync Client

URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.

7.8
2022-07-12 CVE-2022-30754 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker.

7.8
2022-07-12 CVE-2022-30755 Google Improper Authentication vulnerability in Google Android 10.0/11.0/12.0

Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.

7.8
2022-07-12 CVE-2022-30756 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder.

7.8
2022-07-12 CVE-2022-33695 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0/11.0/12.0

Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.

7.8
2022-07-12 CVE-2022-33703 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

7.8
2022-07-12 CVE-2022-33704 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

7.8
2022-07-12 CVE-2022-33708 Samsung Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

7.8
2022-07-12 CVE-2022-33709 Samsung Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4

Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

7.8
2022-07-12 CVE-2022-33710 Samsung Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4

Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

7.8
2022-07-12 CVE-2022-34272 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

7.8
2022-07-12 CVE-2022-34273 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

7.8
2022-07-12 CVE-2022-34274 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

7.8
2022-07-12 CVE-2022-34275 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

7.8
2022-07-12 CVE-2022-34276 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

7.8
2022-07-12 CVE-2022-34277 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

7.8
2022-07-12 CVE-2022-34278 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

7.8
2022-07-12 CVE-2022-34279 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

7.8
2022-07-12 CVE-2022-34280 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

7.8
2022-07-12 CVE-2022-34281 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

7.8
2022-07-12 CVE-2022-34284 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

7.8
2022-07-12 CVE-2022-34286 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

7.8
2022-07-12 CVE-2022-34289 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

7.8
2022-07-12 CVE-2022-34465 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.250), Parasolid V34.1 (All versions < V34.1.233), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-07-12 CVE-2022-34748 Siemens Out-of-bounds Write vulnerability in Siemens Simcenter Femap

A vulnerability has been identified in Simcenter Femap (All versions < V2022.2).

7.8
2022-07-17 CVE-2021-40150 Reolink Files or Directories Accessible to External Parties vulnerability in Reolink E1 Zoom Firmware 3.0.0.716

The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path.

7.5
2022-07-17 CVE-2022-31212 Dbus Broker Project Out-of-bounds Read vulnerability in Dbus-Broker Project Dbus-Broker

An issue was discovered in dbus-broker before 31.

7.5
2022-07-17 CVE-2022-31213 Dbus Broker Project NULL Pointer Dereference vulnerability in Dbus-Broker Project Dbus-Broker

An issue was discovered in dbus-broker before 31.

7.5
2022-07-17 CVE-2022-33903 Torproject Unspecified vulnerability in Torproject TOR

Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.

7.5
2022-07-17 CVE-2022-29286 Pexip Allocation of Resources Without Limits or Throttling vulnerability in Pexip Infinity

Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.

7.5
2022-07-17 CVE-2022-32263 Pexip Unspecified vulnerability in Pexip Infinity

Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.

7.5
2022-07-17 CVE-2022-26654 Pexip Unspecified vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.

7.5
2022-07-17 CVE-2022-26655 Pexip Improper Input Validation vulnerability in Pexip Infinity 27.0/27.1/27.2

Pexip Infinity 27.x before 27.3 has Improper Input Validation.

7.5
2022-07-17 CVE-2022-26657 Pexip Unspecified vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

7.5
2022-07-17 CVE-2022-27928 Pexip Unspecified vulnerability in Pexip Infinity 27.0/27.1/27.2

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

7.5
2022-07-17 CVE-2022-27929 Pexip Unspecified vulnerability in Pexip Infinity 27.0/27.1/27.2

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.

7.5
2022-07-17 CVE-2022-27931 Pexip Unspecified vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

7.5
2022-07-17 CVE-2022-27932 Pexip Unspecified vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

7.5
2022-07-17 CVE-2022-27934 Pexip Unspecified vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.

7.5
2022-07-17 CVE-2022-27935 Pexip Unspecified vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.

7.5
2022-07-17 CVE-2022-27936 Pexip Unspecified vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.

7.5
2022-07-17 CVE-2022-27937 Pexip Resource Exhaustion vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

7.5
2022-07-17 CVE-2021-24655 Wpusermanager Unspecified vulnerability in Wpusermanager WP User Manager

The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given.

7.5
2022-07-16 CVE-2017-20136 Itechscripts SQL Injection vulnerability in Itechscripts Classifieds Script 7.27

A vulnerability classified as critical has been found in Itech Classifieds Script 7.27.

7.5
2022-07-16 CVE-2017-20137 Itechscripts SQL Injection vulnerability in Itechscripts B2B Script 4.28

A vulnerability was found in Itech B2B Script 4.28.

7.5
2022-07-16 CVE-2021-34538 Apache Missing Authentication for Critical Function vulnerability in Apache Hive

Apache Hive before 3.1.3 "CREATE" and "DROP" function operations does not check for necessary authorization of involved entities in the query.

7.5
2022-07-15 CVE-2022-25858 Terser Unspecified vulnerability in Terser

The package terser before 4.8.1, from 5.0.0 and before 5.14.2 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure usage of regular expressions.

7.5
2022-07-15 CVE-2022-25891 Containrrr Unspecified vulnerability in Containrrr Shoutrrr

The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function.

7.5
2022-07-15 CVE-2022-30634 Golang
Netapp
Infinite Loop vulnerability in multiple products

Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes.

7.5
2022-07-15 CVE-2022-31157 Packback Use of Insufficiently Random Values vulnerability in Packback LTI 1.3 Tool Library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP.

7.5
2022-07-15 CVE-2022-31158 Packback Authentication Bypass by Capture-replay vulnerability in Packback LTI 1.3 Tool Library

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP.

7.5
2022-07-15 CVE-2022-23141 ZTE Information Exposure Through Log Files vulnerability in ZTE Zxmp M721 Firmware Commond21Bootv100004Ls1045

ZXMP M721 has an information leak vulnerability.

7.5
2022-07-15 CVE-2022-31107 Grafana
Netapp
Grafana is an open-source platform for monitoring and observability.
7.5
2022-07-14 CVE-2022-32389 Isode Use of Hard-coded Credentials vulnerability in Isode Swift 4.0.2

Isode SWIFT v4.0.2 was discovered to contain hard-coded credentials in the Registry Editor.

7.5
2022-07-14 CVE-2022-31147 Jqueryvalidation Unspecified vulnerability in Jqueryvalidation Jquery Validation

The jQuery Validation Plugin (jquery-validation) provides drop-in validation for forms.

7.5
2022-07-14 CVE-2022-32297 Piwigo SQL Injection vulnerability in Piwigo

Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function.

7.5
2022-07-14 CVE-2022-32298 Toybox Project NULL Pointer Dereference vulnerability in Toybox Project Toybox 0.8.7

Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c.

7.5
2022-07-14 CVE-2022-31142 Fastify Information Exposure Through Discrepancy vulnerability in Fastify Bearer-Auth

@fastify/bearer-auth is a Fastify plugin to require bearer Authorization headers.

7.5
2022-07-14 CVE-2022-22452 IBM Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Verify Governance 10.0

IBM Security Verify Identity Manager 10.0 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials.

7.5
2022-07-14 CVE-2022-22453 IBM Inadequate Encryption Strength vulnerability in IBM Security Verify Governance 10.0

IBM Security Verify Identity Manager 10.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2022-07-14 CVE-2022-22460 IBM Unspecified vulnerability in IBM Security Verify Governance 10.0

IBM Security Verify Identity Manager 10.0 contains sensitive information in the source code repository that could be used in further attacks against the system.

7.5
2022-07-14 CVE-2020-14127 MI Out-of-bounds Write vulnerability in MI Miui

A denial of service vulnerability exists in some Xiaomi models of phones.

7.5
2022-07-14 CVE-2022-28876 F Secure Unspecified vulnerability in F-Secure products

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aeheur.dll component can crash the scanning engine.

7.5
2022-07-14 CVE-2022-28370 Verizon Insufficient Verification of Data Authenticity vulnerability in Verizon Lvskihp Outdoorunit Firmware 3.33.101.0

On Verizon 5G Home LVSKIHP OutDoorUnit (ODU) 3.33.101.0 devices, the RPC endpoint crtc_fw_upgrade provides a means of provisioning a firmware update for the device.

7.5
2022-07-14 CVE-2022-28371 Verizon Use of Hard-coded Credentials vulnerability in Verizon products

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static certificate for access control.

7.5
2022-07-14 CVE-2022-28372 Verizon Unrestricted Upload of File with Dangerous Type vulnerability in Verizon products

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints provide a means of provisioning a firmware update for the device via crtc_fw_upgrade or crtcfwimage.

7.5
2022-07-14 CVE-2022-28377 Verizon Weak Password Requirements vulnerability in Verizon products

On Verizon 5G Home LVSKIHP InDoorUnit (IDU) 3.4.66.162 and OutDoorUnit (ODU) 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control.

7.5
2022-07-13 CVE-2022-34759 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-787: Out-of-bounds Write vulnerability exists that could cause a denial of service of the webserver due to improper parsing of the HTTP Headers.

7.5
2022-07-13 CVE-2022-34760 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability exists that could cause a denial of service of the webserver due to improper handling of the cookies.

7.5
2022-07-13 CVE-2022-34761 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-476: NULL Pointer Dereference vulnerability exists that could cause a denial of service of the webserver when parsing JSON content type.

7.5
2022-07-13 CVE-2022-34762 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path.

7.5
2022-07-13 CVE-2022-34763 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists that could cause loading of unauthorized firmware images due to improper verification of the firmware signature.

7.5
2022-07-13 CVE-2022-34764 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause denial of service when parsing the URL.

7.5
2022-07-13 CVE-2022-20224 Google Out-of-bounds Read vulnerability in Google Android

In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check.

7.5
2022-07-13 CVE-2022-20234 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 12.1

In Car Settings app, the NotificationAccessConfirmationActivity is exported.

7.5
2022-07-13 CVE-2022-20236 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709

7.5
2022-07-13 CVE-2022-22982 Vmware Server-Side Request Forgery (SSRF) vulnerability in VMWare Vcenter Server 6.5/6.7/7.0

The vCenter Server contains a server-side request forgery (SSRF) vulnerability.

7.5
2022-07-13 CVE-2022-32096 Rhonabwy Project Classic Buffer Overflow vulnerability in Rhonabwy Project Rhonabwy

Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap.

7.5
2022-07-13 CVE-2022-31781 Apache Unspecified vulnerability in Apache Tapestry

Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types.

7.5
2022-07-12 CVE-2022-35403 Zohocorp Unspecified vulnerability in Zohocorp products

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email.

7.5
2022-07-12 CVE-2022-1737 Pyramidsolutions Unspecified vulnerability in Pyramidsolutions products

Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition.

7.5
2022-07-12 CVE-2022-22998 Westerndigital Insufficiently Protected Credentials vulnerability in Westerndigital MY Cloud Home DUO Firmware and MY Cloud Home Firmware

Implemented protections on AWS credentials that were not properly protected.

7.5
2022-07-12 CVE-2022-28771 SAP Unspecified vulnerability in SAP Business ONE License Service API 10.0

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network.

7.5
2022-07-12 CVE-2022-32249 SAP Unspecified vulnerability in SAP Business ONE 10.0

Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)

7.5
2022-07-12 CVE-2022-35168 SAP Unspecified vulnerability in SAP Business ONE 10.0

Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.

7.5
2022-07-12 CVE-2020-4157 IBM Use of Hard-coded Credentials vulnerability in IBM Qradar Network Security 5.4.0/5.5.0

IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

7.5
2022-07-12 CVE-2020-4159 IBM Information Exposure vulnerability in IBM Qradar Network Security 5.4.0/5.5.0

IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system.

7.5
2022-07-12 CVE-2021-39999 Huawei Classic Buffer Overflow vulnerability in Huawei Ese620X Vess Firmware V100R001C10Spc200/V100R001C20Spc200

There is a buffer overflow vulnerability in eSE620X vESS V100R001C10SPC200 and V100R001C20SPC200.

7.5
2022-07-12 CVE-2021-40012 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

Vulnerability of pointers being incorrectly used during data transmission in the video framework.

7.5
2022-07-12 CVE-2021-41396 Live555 Out-of-bounds Write vulnerability in Live555

Live555 through 1.08 does not handle socket connections properly.

7.5
2022-07-12 CVE-2021-46741 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The basic framework and setting module have defects, which were introduced during the design.

7.5
2022-07-12 CVE-2022-33173 Couchbase Unspecified vulnerability in Couchbase Server

An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4.

7.5
2022-07-12 CVE-2022-33713 Samsung Unspecified vulnerability in Samsung Cloud 4.7.0.3/5.1.0.8

Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information.

7.5
2022-07-12 CVE-2022-34735 Huawei NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos

The frame scheduling module has a null pointer dereference vulnerability.

7.5
2022-07-12 CVE-2022-34736 Huawei NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos

The frame scheduling module has a null pointer dereference vulnerability.

7.5
2022-07-12 CVE-2022-34738 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The SystemUI module has a vulnerability in permission control.

7.5
2022-07-12 CVE-2022-34739 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The fingerprint module has a vulnerability of overflow in arithmetic addition.

7.5
2022-07-12 CVE-2022-34742 Huawei Out-of-bounds Write vulnerability in Huawei Emui, Harmonyos and Magic UI

The system module has a read/write vulnerability.

7.5
2022-07-12 CVE-2022-34743 Huawei Out-of-bounds Read vulnerability in Huawei Emui, Harmonyos and Magic UI

The AT commands of the USB port have an out-of-bounds read vulnerability.

7.5
2022-07-12 CVE-2021-44221 Siemens Improper Input Validation vulnerability in Siemens Simatic Easie Core Package

A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00).

7.5
2022-07-12 CVE-2022-29884 Siemens Missing Release of Resource after Effective Lifetime vulnerability in Siemens products

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30).

7.5
2022-07-12 CVE-2022-30938 Siemens Out-of-bounds Write vulnerability in Siemens products

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions).

7.5
2022-07-12 CVE-2022-31257 Mendix Unspecified vulnerability in Mendix

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12).

7.5
2022-07-12 CVE-2022-33138 Siemens Missing Authentication for Critical Function vulnerability in Siemens products

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3).

7.5
2022-07-12 CVE-2022-33736 Siemens Improper Authentication vulnerability in Siemens Opcenter Quality

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624).

7.5
2022-07-11 CVE-2020-29505 Dell
Oracle
Insufficient Entropy vulnerability in multiple products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability.

7.5
2022-07-11 CVE-2022-31073 Linuxfoundation Unspecified vulnerability in Linuxfoundation Kubeedge

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge.

7.5
2022-07-11 CVE-2022-31139 Unsafe Accessor Project Incorrect Authorization vulnerability in Unsafe Accessor Project Unsafe Accessor

UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe.

7.5
2022-07-11 CVE-2022-31578 BT Lnmp Project Path Traversal vulnerability in BT Lnmp Project BT Lnmp 20191010

The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

7.5
2022-07-17 CVE-2022-30622 Chcnav Use of Hard-coded Credentials vulnerability in Chcnav P5E Gnss Firmware 4.1/4.2

Disclosure of information - the system allows you to view usernames and passwords without permissions, thus it will be possible to enter the system.

7.3
2022-07-14 CVE-2022-32323 Autotrace Project
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.

7.3
2022-07-14 CVE-2022-32223 Nodejs Uncontrolled Search Path Element vulnerability in Nodejs Node.Js

Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:* OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.

7.3
2022-07-12 CVE-2022-31012 Gitforwindows Unspecified vulnerability in Gitforwindows GIT 2.34.1

Git for Windows is a fork of Git that contains Windows-specific patches.

7.3
2022-07-17 CVE-2022-26482 Poly OS Command Injection vulnerability in Poly Eagleeye Director II Firmware

An issue was discovered in Poly EagleEye Director II before 2.2.2.1.

7.2
2022-07-16 CVE-2022-36126 Inductiveautomation Incorrect Authorization vulnerability in Inductiveautomation Ignition

An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17.

7.2
2022-07-14 CVE-2022-32416 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.

7.2
2022-07-12 CVE-2022-2262 Online Hotel Booking Project SQL Injection vulnerability in Online Hotel Booking Project Online Hotel Booking 1.0

A vulnerability has been found in Online Hotel Booking System 1.0 and classified as critical.

7.2
2022-07-12 CVE-2022-2263 Online Hotel Booking Project SQL Injection vulnerability in Online Hotel Booking Project Online Hotel Booking 1.0

A vulnerability was found in Online Hotel Booking System 1.0 and classified as critical.

7.2
2022-07-12 CVE-2022-29560 Siemens Command Injection vulnerability in Siemens products

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1).

7.2

193 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-15 CVE-2022-30242 Honeywell Unspecified vulnerability in Honeywell Alerton Ascent Control Module Firmware

Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated configuration changes from remote users.

6.8
2022-07-13 CVE-2022-34754 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-269: Improper Privilege Management vulnerability exists that could allow elevated functionality when guessing credentials.

6.8
2022-07-17 CVE-2022-31202 Monitoringsoft Path Traversal vulnerability in Monitoringsoft Softguard web

The export function in SoftGuard Web (SGW) before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl.

6.5
2022-07-17 CVE-2021-46784 Squid Cache
Debian
Reachable Assertion vulnerability in multiple products

In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.

6.5
2022-07-17 CVE-2022-31260 Montala Missing Authentication for Critical Function vulnerability in Montala Resourcespace

In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows attackers to export collection metadata via a non-NULL k value.

6.5
2022-07-15 CVE-2022-31153 Openzeppelin Incorrect Authorization vulnerability in Openzeppelin Contracts 0.2.0

OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup.

6.5
2022-07-15 CVE-2022-31159 Amazon Unspecified vulnerability in Amazon Aws-Sdk-Java

The AWS SDK for Java enables Java developers to work with Amazon Web Services.

6.5
2022-07-15 CVE-2022-30245 Honeywell Externally Controlled Reference to a Resource in Another Sphere vulnerability in Honeywell Alerton Compass 1.6.5

Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users.

6.5
2022-07-14 CVE-2022-23825 Debian
Fedoraproject
AMD
Vmware
Exposure of Resource to Wrong Sphere vulnerability in multiple products

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

6.5
2022-07-14 CVE-2022-2401 Mattermost Information Exposure vulnerability in Mattermost Server

Unrestricted information disclosure of all users in Mattermost version 6.7.0 and earlier allows team members to access some sensitive information by directly accessing the APIs.

6.5
2022-07-14 CVE-2022-2406 Mattermost Allocation of Resources Without Limits or Throttling vulnerability in Mattermost

The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API.

6.5
2022-07-14 CVE-2021-39017 IBM Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls.

6.5
2022-07-14 CVE-2021-39019 IBM Information Exposure vulnerability in IBM Engineering Lifecycle Optimization Publishing

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user.

6.5
2022-07-14 CVE-2022-35283 IBM Unspecified vulnerability in IBM Security Verify Information Queue 10.0.2

IBM Security Verify Information Queue 10.0.2 could allow an authenticated user to cause a denial of service with a specially crafted HTTP request.

6.5
2022-07-14 CVE-2022-32210 Nodejs Improper Certificate Validation vulnerability in Nodejs Undici

`Undici.ProxyAgent` never verifies the remote server's certificate, and always exposes all request & response data to the proxy.

6.5
2022-07-14 CVE-2022-32213 Llhttp
Nodejs
Fedoraproject
Siemens
Debian
Stormshield
HTTP Request Smuggling vulnerability in multiple products

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS).

6.5
2022-07-14 CVE-2022-32214 Llhttp
Nodejs
Debian
Stormshield
HTTP Request Smuggling vulnerability in multiple products

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests.

6.5
2022-07-14 CVE-2022-32215 Nodejs
Llhttp
Fedoraproject
Siemens
Debian
Stormshield
HTTP Request Smuggling vulnerability in multiple products

The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers.

6.5
2022-07-13 CVE-2022-31145 Flyte Unspecified vulnerability in Flyte Flyteadmin

FlyteAdmin is the control plane for Flyte responsible for managing entities and administering workflow executions.

6.5
2022-07-13 CVE-2022-20217 Google Unspecified vulnerability in Google Android

There is a unauthorized broadcast in the SprdContactsProvider.

6.5
2022-07-13 CVE-2022-20221 Google Out-of-bounds Read vulnerability in Google Android

In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation.

6.5
2022-07-13 CVE-2022-20228 Google Use After Free vulnerability in Google Android 12.0/12.1

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free.

6.5
2022-07-13 CVE-2019-10800 Codecov Argument Injection or Modification vulnerability in Codecov Codecov-Python

This affects the package codecov before 2.0.16.

6.5
2022-07-12 CVE-2022-29619 SAP Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted.

6.5
2022-07-12 CVE-2022-2211 Libguestfs
Redhat
Classic Buffer Overflow vulnerability in multiple products

A vulnerability was found in libguestfs.

6.5
2022-07-12 CVE-2022-29900 XEN
Debian
Fedoraproject
AMD
Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

6.5
2022-07-12 CVE-2022-29901 Intel
XEN
Fedoraproject
Vmware
Debian
Exposure of Resource to Wrong Sphere vulnerability in multiple products

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data.

6.5
2022-07-12 CVE-2021-40013 Huawei Unspecified vulnerability in Huawei Emui and Magic UI

Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity.

6.5
2022-07-12 CVE-2021-40016 Huawei Unspecified vulnerability in Huawei Emui and Magic UI

Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality.

6.5
2022-07-12 CVE-2022-34740 Huawei Classic Buffer Overflow vulnerability in Huawei Emui, Harmonyos and Magic UI

The NFC module has a buffer overflow vulnerability.

6.5
2022-07-12 CVE-2022-34741 Huawei Classic Buffer Overflow vulnerability in Huawei Emui, Harmonyos and Magic UI

The NFC module has a buffer overflow vulnerability.

6.5
2022-07-12 CVE-2022-34466 Mendix Expression Language Injection vulnerability in Mendix

A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3).

6.5
2022-07-12 CVE-2022-34467 Mendix XML Entity Expansion vulnerability in Mendix Excel Importer

A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2).

6.5
2022-07-11 CVE-2022-31075 Linuxfoundation Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Kubeedge

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge.

6.5
2022-07-11 CVE-2022-31078 Linuxfoundation Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Kubeedge

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge.

6.5
2022-07-11 CVE-2022-31079 Linuxfoundation Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Kubeedge

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge.

6.5
2022-07-11 CVE-2022-31080 Linuxfoundation Allocation of Resources Without Limits or Throttling vulnerability in Linuxfoundation Kubeedge

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge.

6.5
2022-07-11 CVE-2022-31074 Linuxfoundation Unspecified vulnerability in Linuxfoundation Kubeedge

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge.

6.5
2022-07-11 CVE-2022-1576 Themeisle Unspecified vulnerability in Themeisle WP Maintenance Mode & Coming Soon

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack

6.5
2022-07-11 CVE-2022-1599 Admin Management Xtended Project Cross-Site Request Forgery (CSRF) vulnerability in Admin Management Xtended Project Admin Management Xtended

The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them.

6.5
2022-07-11 CVE-2022-1732 Rename WP Login Project Unspecified vulnerability in Rename Wp-Login Project Rename Wp-Login 2.6.0

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack

6.5
2022-07-11 CVE-2022-2091 Cache Images Project Unspecified vulnerability in Cache Images Project Cache Images

The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack.

6.5
2022-07-11 CVE-2022-29512 Cybozu Information Exposure vulnerability in Cybozu Garoon

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.

6.5
2022-07-17 CVE-2022-1933 Collect AND Deliver Interface FOR Woocommerce Project Unspecified vulnerability in Collect and Deliver Interface for Woocommerce Project Collect and Deliver Interface for Woocommerce

The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting

6.1
2022-07-17 CVE-2022-2090 Flycart Unspecified vulnerability in Flycart Discount Rules for Woocommerce

The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting

6.1
2022-07-17 CVE-2022-2146 Import CSV Files Project Cross-Site Request Forgery (CSRF) vulnerability in Import CSV Files Project Import CSV Files

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting

6.1
2022-07-17 CVE-2022-2168 Wpdownloadmanager Unspecified vulnerability in Wpdownloadmanager Download Manager

The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting

6.1
2022-07-17 CVE-2022-2173 Sigmaplugin Cross-site Scripting vulnerability in Sigmaplugin Advanced Database Cleaner

The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting

6.1
2022-07-17 CVE-2022-2187 Contact Form 7 Captcha Project Unspecified vulnerability in Contact Form 7 Captcha Project Contact Form 7 Captcha 0.0.9

The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

6.1
2022-07-15 CVE-2022-25869 Angularjs Cross-site Scripting vulnerability in Angularjs Angular

All versions of package angular are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of <textarea> elements.

6.1
2022-07-15 CVE-2022-23201 Adobe Unspecified vulnerability in Adobe Robohelp

Adobe RoboHelp versions 2020.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

6.1
2022-07-15 CVE-2020-35305 Gollum Project Cross-site Scripting vulnerability in Gollum Project Gollum

Cross site scripting (XSS) in gollum 5.0 to 5.1.2 via the filename parameter to the 'New Page' dialog.

6.1
2022-07-15 CVE-2022-32118 Arox Cross-site Scripting vulnerability in Arox School ERP PRO 1.0

Arox School ERP Pro v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the dispatchcategory parameter in backoffice.inc.php.

6.1
2022-07-15 CVE-2022-29890 Octopus Cross-site Scripting vulnerability in Octopus Server

In affected versions of Octopus Server the help sidebar can be customized to include a Cross-Site Scripting payload in the support link.

6.1
2022-07-14 CVE-2022-34092 Softwarepublico Cross-site Scripting vulnerability in Softwarepublico I3Geo 7.0.5

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php.

6.1
2022-07-14 CVE-2022-34093 Softwarepublico Cross-site Scripting vulnerability in Softwarepublico I3Geo 7.0.5

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.

6.1
2022-07-14 CVE-2022-34094 Softwarepublico Cross-site Scripting vulnerability in Softwarepublico I3Geo 7.0.5

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.

6.1
2022-07-14 CVE-2022-22477 IBM Cross-site Scripting vulnerability in IBM Websphere Application Server 8.5/9.0

IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting.

6.1
2022-07-14 CVE-2022-32225 Veeam Cross-site Scripting vulnerability in Veeam Management Pack 8.0

A reflected DOM-Based XSS vulnerability has been discovered in the Help directory of Veeam Management Pack for Microsoft System Center 8.0.

6.1
2022-07-14 CVE-2022-25802 Bestpractical Cross-site Scripting vulnerability in Bestpractical Request Tracker

Best Practical Request Tracker (RT) before 4.4.6 and 5.x before 5.0.3 allows XSS via a crafted content type for an attachment.

6.1
2022-07-14 CVE-2022-25803 Bestpractical Open Redirect vulnerability in Bestpractical Request Tracker

Best Practical Request Tracker (RT) before 5.0.3 has an Open Redirect via a ticket search.

6.1
2022-07-13 CVE-2022-32308 Ublock Origin Project Cross-site Scripting vulnerability in Ublock Origin Project Ublock Origin

Cross Site Scripting (XSS) vulnerability in uBlock Origin extension before 1.41.1 allows remote attackers to run arbitrary code via a spoofed 'MessageSender.url' to the browser renderer process.

6.1
2022-07-13 CVE-2021-46827 Sync Cross-site Scripting vulnerability in Sync products

An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310.

6.1
2022-07-12 CVE-2022-30517 Mogublog Project Cross-site Scripting vulnerability in Mogublog Project Mogublog 5.2

Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS).

6.1
2022-07-12 CVE-2022-33156 Matomo Cross-site Scripting vulnerability in Matomo Integration

The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS.

6.1
2022-07-12 CVE-2022-33157 Libconnect Project Cross-site Scripting vulnerability in Libconnect Project Libconnect

The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS.

6.1
2022-07-12 CVE-2022-31102 Argoproj Unspecified vulnerability in Argoproj Argo CD

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

6.1
2022-07-12 CVE-2022-32247 SAP Unspecified vulnerability in SAP Netweaver Enterprise Portal

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network.

6.1
2022-07-12 CVE-2022-35170 SAP Unspecified vulnerability in SAP Netweaver Enterprise Portal

SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack.

6.1
2022-07-12 CVE-2022-35172 SAP Unspecified vulnerability in SAP Netweaver Enterprise Portal

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

6.1
2022-07-12 CVE-2022-35224 SAP Unspecified vulnerability in SAP Enterprise Portal

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

6.1
2022-07-12 CVE-2022-35225 SAP Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack.

6.1
2022-07-12 CVE-2022-35227 SAP Unspecified vulnerability in SAP Netweaver Enterprise Portal

A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack.

6.1
2022-07-12 CVE-2022-25875 Svelte Cross-site Scripting vulnerability in Svelte

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Rendering).

6.1
2022-07-12 CVE-2022-25303 Whoogle Search Project Cross-site Scripting vulnerability in Whoogle-Search Project Whoogle-Search

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q.

6.1
2022-07-12 CVE-2022-31904 Uberrider Cross-site Scripting vulnerability in Uberrider Mediacenter

EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Online_Update.php.

6.1
2022-07-11 CVE-2022-1220 Foxy Shop Unspecified vulnerability in Foxy-Shop Foxyshop

The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

6.1
2022-07-11 CVE-2022-1474 WP Eventmanager Unspecified vulnerability in Wp-Eventmanager WP Event Manager

The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting

6.1
2022-07-11 CVE-2022-1546 Visser Unspecified vulnerability in Visser Woocommerce - Product Importer 1.5.2

The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting

6.1
2022-07-11 CVE-2022-1910 Averta Unspecified vulnerability in Averta Shortcodes and Extra Features for Phlox Theme

The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting

6.1
2022-07-11 CVE-2022-1937 Awin Unspecified vulnerability in Awin Data Feed 1.6

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting

6.1
2022-07-11 CVE-2022-1951 Kitestudio Unspecified vulnerability in Kitestudio Core Plugin for Kitestudio Themes

The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected Cross-Site Scripting.

6.1
2022-07-11 CVE-2022-2092 Wpovernight Unspecified vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.

6.1
2022-07-11 CVE-2022-35416 H3C Cross-site Scripting vulnerability in H3C SSL VPN

H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.

6.1
2022-07-11 CVE-2022-27168 Litecart Cross-site Scripting vulnerability in Litecart

Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

6.1
2022-07-12 CVE-2022-35169 SAP Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application.

6.0
2022-07-17 CVE-2021-40149 Reolink Files or Directories Accessible to External Parties vulnerability in Reolink E1 Zoom Firmware 3.0.0.716

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory.

5.9
2022-07-17 CVE-2022-27930 Pexip Unspecified vulnerability in Pexip Infinity 27.0/27.1/27.2

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.

5.9
2022-07-15 CVE-2022-34826 Couchbase Information Exposure Through Log Files vulnerability in Couchbase Server 7.1.0

In Couchbase Server 7.1.x before 7.1.1, an encrypted Private Key passphrase may be leaked in the logs.

5.9
2022-07-14 CVE-2022-29593 Dingtian Tech Authentication Bypass by Capture-replay vulnerability in Dingtian-Tech Dt-R004 Firmware 3.1.276A

relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to replay HTTP post requests without the need for authentication or a valid signed/authorized request.

5.9
2022-07-14 CVE-2022-2393 PKI Core Project
Redhat
A flaw was found in pki-core, which could allow a user to get a certificate for another user identity when directory-based authentication is enabled.
5.7
2022-07-14 CVE-2022-32406 Gtkradiant Project Classic Buffer Overflow vulnerability in Gtkradiant Project Gtkradiant 1.6.6

GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2.

5.5
2022-07-14 CVE-2021-4135 Linux Memory Leak vulnerability in Linux Kernel

A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called.

5.5
2022-07-14 CVE-2022-32317 Mplayerhq Use After Free vulnerability in Mplayerhq Mplayer 1.5

The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c.

5.5
2022-07-14 CVE-2022-1662 Convert2Rhel Project Information Exposure vulnerability in Convert2Rhel Project Convert2Rhel 0.24/0.25

In convert2rhel, there's an ansible playbook named ansible/run-convert2rhel.yml which passes the Red Hat Subscription Manager user password via the CLI to convert2rhel.

5.5
2022-07-13 CVE-2022-20219 Google Cleartext Storage of Sensitive Information vulnerability in Google Android

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code.

5.5
2022-07-13 CVE-2022-20225 Google Missing Authorization vulnerability in Google Android

In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check.

5.5
2022-07-13 CVE-2022-20227 Google Out-of-bounds Read vulnerability in Google Android

In USB driver, there is a possible out of bounds read due to a heap buffer overflow.

5.5
2022-07-13 CVE-2022-20230 Google Improper Encoding or Escaping of Output vulnerability in Google Android

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation.

5.5
2022-07-13 CVE-2022-2380 Linux Out-of-bounds Write vulnerability in Linux Kernel

The Linux kernel was found vulnerable out of bounds memory access in the drivers/video/fbdev/sm712fb.c:smtcfb_read() function.

5.5
2022-07-12 CVE-2011-4916 Linux Information Exposure vulnerability in Linux Kernel

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.

5.5
2022-07-12 CVE-2022-35171 SAP Unspecified vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

5.5
2022-07-12 CVE-2022-30758 Google Incorrect Default Permissions vulnerability in Google Android 10.0/11.0/12.0

Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.

5.5
2022-07-12 CVE-2022-33685 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information.

5.5
2022-07-12 CVE-2022-33702 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.

5.5
2022-07-12 CVE-2022-33711 Samsung Improper Validation of Integrity Check Value vulnerability in Samsung Android USB Driver

Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory junction.

5.5
2022-07-12 CVE-2022-34282 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

5.5
2022-07-12 CVE-2022-34283 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

5.5
2022-07-12 CVE-2022-34285 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

5.5
2022-07-12 CVE-2022-34287 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

5.5
2022-07-12 CVE-2022-34288 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

5.5
2022-07-12 CVE-2022-34290 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

5.5
2022-07-12 CVE-2022-34291 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

5.5
2022-07-12 CVE-2022-34464 Siemens Exposure of Resource to Wrong Sphere vulnerability in Siemens products

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3).

5.5
2022-07-11 CVE-2020-4138 IBM Unspecified vulnerability in IBM Security Siteprotector System 3.1.1

IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system.

5.5
2022-07-17 CVE-2022-30982 Gentics Cross-site Scripting vulnerability in Gentics CMS 5.43.0

An issue was discovered in Gentics CMS before 5.43.1.

5.4
2022-07-17 CVE-2022-31201 Monitoringsoft Cross-site Scripting vulnerability in Monitoringsoft Softguard web

SoftGuard Web (SGW) before 5.1.5 allows HTML injection.

5.4
2022-07-15 CVE-2020-35261 Multi Restaurant Table Reservation System Project Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.

5.4
2022-07-15 CVE-2020-36550 Multi Restaurant Table Reservation System Project Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php.

5.4
2022-07-15 CVE-2020-36551 Multi Restaurant Table Reservation System Project Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php.

5.4
2022-07-15 CVE-2020-36552 Multi Restaurant Table Reservation System Project Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php.

5.4
2022-07-15 CVE-2020-36553 Multi Restaurant Table Reservation System Project Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php.

5.4
2022-07-14 CVE-2022-32318 Fast Food Ordering System Project Cross-site Scripting vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0

Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category.

5.4
2022-07-14 CVE-2021-39015 IBM Cross-site Scripting vulnerability in IBM Engineering Lifecycle Optimization Publishing

IBM Engineering Lifecycle Optimization - Publishing 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting.

5.4
2022-07-14 CVE-2021-39028 IBM Injection vulnerability in IBM Engineering Lifecycle Optimization Publishing

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.

5.4
2022-07-14 CVE-2022-2396 Simple E Learning System Project Cross-site Scripting vulnerability in Simple E-Learning System Project Simple E-Learning System 1.0

A vulnerability classified as problematic was found in SourceCodester Simple e-Learning System 1.0.

5.4
2022-07-13 CVE-2022-34358 IBM Cross-site Scripting vulnerability in IBM I

IBM i 7.2, 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting.

5.4
2022-07-13 CVE-2022-32074 Osticket Cross-site Scripting vulnerability in Osticket

A stored cross-site scripting (XSS) vulnerability in the component audit/class.audit.php of osTicket-plugins - Storage-FS before commit a7842d494889fd5533d13deb3c6a7789768795ae allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file.

5.4
2022-07-13 CVE-2022-32065 Ruoyi Cross-site Scripting vulnerability in Ruoyi

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.

5.4
2022-07-13 CVE-2022-32274 Ttpsc Cross-site Scripting vulnerability in Ttpsc the Scheduler 6.5.0

The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function.

5.4
2022-07-12 CVE-2022-29602 Grid Elements Project Cross-site Scripting vulnerability in Grid Elements Project Grid Elements

The gridelements (aka Grid Elements) extension through 7.6.1, 8.x through 8.7.0, 9.x through 9.7.0, and 10.x through 10.2.0 extension for TYPO3 allows XSS.

5.4
2022-07-12 CVE-2022-33154 Schema Project Cross-site Scripting vulnerability in Schema Project Schema

The schema (aka Embedding schema.org vocabulary) extension before 1.13.1 and 2.x before 2.5.1 for TYPO3 allows XSS.

5.4
2022-07-12 CVE-2022-33155 Ameos Tarteaucitron Project Cross-site Scripting vulnerability in Ameos Tarteaucitron Project Ameos Tarteaucitron

The ameos_tarteaucitron (aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible) extension before 1.2.23 for TYPO3 allows XSS.

5.4
2022-07-12 CVE-2022-31597 SAP Unspecified vulnerability in SAP S/4Hana and Sapscore

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.

5.4
2022-07-12 CVE-2022-31598 SAP Insufficient Verification of Data Authenticity vulnerability in SAP Business Objects Business Intelligence Platform 420

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation.

5.4
2022-07-12 CVE-2022-31654 Vmware Cross-site Scripting vulnerability in VMWare Vrealize LOG Insight

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.

5.4
2022-07-12 CVE-2022-31655 Vmware Cross-site Scripting vulnerability in VMWare Vrealize LOG Insight

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.

5.4
2022-07-12 CVE-2022-2364 Simple Parking Management System Project Cross-site Scripting vulnerability in Simple Parking Management System Project Simple Parking Management System 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0.

5.4
2022-07-12 CVE-2022-2291 Hotel Management System Project Cross-site Scripting vulnerability in Hotel Management System Project Hotel Management System 2.0

A vulnerability was found in SourceCodester Hotel Management System 2.0.

5.4
2022-07-12 CVE-2022-2292 Hotel Management System Project Cross-site Scripting vulnerability in Hotel Management System Project Hotel Management System 2.0

A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0.

5.4
2022-07-12 CVE-2022-2293 Simple Sales Management System Project Cross-site Scripting vulnerability in Simple Sales Management System Project Simple Sales Management System 1.0

A vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0.

5.4
2022-07-12 CVE-2022-22682 Synology Unspecified vulnerability in Synology Calendar

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

5.4
2022-07-11 CVE-2022-1626 Sharebar Project Unspecified vulnerability in Sharebar Project Sharebar

The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them

5.4
2022-07-11 CVE-2022-1757 Pagebar Project Unspecified vulnerability in Pagebar Project Pagebar

The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

5.4
2022-07-11 CVE-2022-1938 Awin Unspecified vulnerability in Awin Data Feed 1.6

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings

5.4
2022-07-17 CVE-2022-25357 Pexip Unspecified vulnerability in Pexip Infinity 27.0/27.1

Pexip Infinity 27.x before 27.2 has Improper Access Control.

5.3
2022-07-17 CVE-2022-2133 Miniorange Unspecified vulnerability in Miniorange Oauth Single Sign on

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.

5.3
2022-07-15 CVE-2022-1881 Octopus Authorization Bypass Through User-Controlled Key vulnerability in Octopus Server

In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access.

5.3
2022-07-14 CVE-2022-32425 Mealie Information Exposure Through Discrepancy vulnerability in Mealie 1.0.0

The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time.

5.3
2022-07-14 CVE-2022-22473 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to obtain sensitive information caused by improper handling of Administrative Console data.

5.3
2022-07-14 CVE-2022-32222 Nodejs
Siemens
Uncontrolled Search Path Element vulnerability in multiple products

A cryptographic vulnerability exists on Node.js on linux in versions of 18.x prior to 18.40.0 which allowed a default path for openssl.cnf that might be accessible under some circumstances to a non-admin user instead of /etc/ssl as was the case in versions prior to the upgrade to OpenSSL 3.

5.3
2022-07-13 CVE-2022-34757 Schneider Electric Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware 01.401.101/01.401.102

A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists where weak cipher suites can be used for the SSH connection between Easergy Pro software and the device, which may allow an attacker to observe protected communication details.

5.3
2022-07-13 CVE-2022-34765 Schneider Electric Exposure of Resource to Wrong Sphere vulnerability in Schneider-Electric products

A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of unauthorized firmware images when user-controlled data is written to the file path.

5.3
2022-07-12 CVE-2022-32248 SAP Unspecified vulnerability in SAP S/4Hana

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database.

5.3
2022-07-12 CVE-2021-39041 IBM Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.4.0/7.5.0

IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports.

5.3
2022-07-12 CVE-2022-2366 Mattermost Incorrect Default Permissions vulnerability in Mattermost Server

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.

5.3
2022-07-12 CVE-2022-33707 Samsung Use of Insufficiently Random Values vulnerability in Samsung Find MY Mobile

Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device.

5.3
2022-07-12 CVE-2022-33712 Samsung Open Redirect vulnerability in Samsung Camera

Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information.

5.3
2022-07-12 CVE-2022-33911 Couchbase Information Exposure Through Log Files vulnerability in Couchbase Server

An issue was discovered in Couchbase Server 7.x before 7.0.4.

5.3
2022-07-17 CVE-2022-2222 Wpchill Unspecified vulnerability in Wpchill Download Monitor

The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.

4.9
2022-07-13 CVE-2022-34758 Schneider Electric Unspecified vulnerability in Schneider-Electric Easergy P5 Firmware 01.401.101/01.401.102

A CWE-20: Improper Input Validation vulnerability exists that could cause the device watchdog function to be disabled if the attacker had access to privileged user credentials.

4.9
2022-07-12 CVE-2022-31134 Zulip Unrestricted Upload of File with Dangerous Type vulnerability in Zulip Server

Zulip is an open-source team collaboration tool.

4.9
2022-07-17 CVE-2022-2099 Woocommerce Improper Encoding or Escaping of Output vulnerability in Woocommerce

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles

4.8
2022-07-17 CVE-2022-2100 Wpzinc Unspecified vulnerability in Wpzinc Page Generator

The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-07-17 CVE-2022-2114 Supsystic Unspecified vulnerability in Supsystic Data Tables Generator

The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-07-17 CVE-2022-2118 Tooltulips Cross-site Scripting vulnerability in Tooltulips 404S

The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-07-17 CVE-2022-2148 Linkedin Company Updates Project Unspecified vulnerability in Linkedin Company Updates Project Linkedin Company Updates

The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-07-17 CVE-2022-2149 Very Simple Breadcrumb Project Unspecified vulnerability in Very Simple Breadcrumb Project Very Simple Breadcrumb

The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-07-17 CVE-2022-2151 Emarketdesign Unspecified vulnerability in Emarketdesign Best Contact Management Software

The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-07-17 CVE-2022-2169 Dwbooster Unspecified vulnerability in Dwbooster Loading Page With Loading Screen

The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-07-17 CVE-2022-2186 Bracketspace Unspecified vulnerability in Bracketspace Simple Post Notes

The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-07-17 CVE-2022-2194 Tipsandtricks HQ Unspecified vulnerability in Tipsandtricks-Hq Accept Stripe

The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-07-13 CVE-2020-21967 Prestashop Cross-site Scripting vulnerability in Prestashop 1.7.6.7

File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.

4.8
2022-07-11 CVE-2022-1894 Sygnoos Unspecified vulnerability in Sygnoos Popup Builder

The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed

4.8
2022-07-11 CVE-2022-2050 Maxfoundry Cross-site Scripting vulnerability in Maxfoundry Wp-Paginate

The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed

4.8
2022-07-11 CVE-2022-2089 Bold Themes Unspecified vulnerability in Bold-Themes Bold Page Builder

The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

4.8
2022-07-11 CVE-2022-2093 Ninjateam Unspecified vulnerability in Ninjateam WP Duplicate Page 1.0/1.1/1.2

The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

4.8
2022-07-12 CVE-2022-33691 Google Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 10.0/11.0/12.0

A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations.

4.7
2022-07-12 CVE-2022-32246 SAP Unspecified vulnerability in SAP Business Objects Business Intelligence Platform 420/430

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend.

4.6
2022-07-12 CVE-2022-2363 Simple Parking Management System Project Cross-site Scripting vulnerability in Simple Parking Management System Project Simple Parking Management System 1.0

A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0.

4.6
2022-07-14 CVE-2021-26382 AMD Unspecified vulnerability in AMD products

An attacker with root account privileges can load any legitimately signed firmware image into the Audio Co-Processor (ACP,) irrespective of the respective signing key being declared as usable for authenticating an ACP firmware image, potentially resulting in a denial of service.

4.4
2022-07-14 CVE-2022-31156 Gradle Improper Verification of Cryptographic Signature vulnerability in Gradle

Gradle is a build tool.

4.4
2022-07-17 CVE-2022-2144 Jquery Validation FOR Contact Form 7 Project Unspecified vulnerability in Jquery Validation for Contact Form 7 Project Jquery Validation for Contact Form 7

The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attack

4.3
2022-07-17 CVE-2015-10003 Filezilla Project Externally Controlled Reference to a Resource in Another Sphere vulnerability in Filezilla-Project Filezilla Server

A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50.

4.3
2022-07-14 CVE-2022-2408 Mattermost Incorrect Authorization vulnerability in Mattermost

The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels.

4.3
2022-07-14 CVE-2021-39016 IBM Unspecified vulnerability in IBM Engineering Lifecycle Optimization Publishing

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic than should be allowed for that actor.

4.3
2022-07-14 CVE-2021-39018 IBM Information Exposure Through an Error Message vulnerability in IBM Engineering Lifecycle Optimization Publishing

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose sensitive information in a SQL error message that could aid in further attacks against the system.

4.3
2022-07-12 CVE-2022-31592 SAP Unspecified vulnerability in SAP Enterprise Extension Defense Forces & Public Security

The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality.

4.3
2022-07-11 CVE-2022-1956 Shortcut Macros Project Unspecified vulnerability in Shortcut Macros Project Shortcut Macros 1.3

The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.

4.3
2022-07-11 CVE-2022-1957 Comment License Project Unspecified vulnerability in Comment License Project Comment License

The Comment License WordPress plugin before 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3
2022-07-11 CVE-2022-2123 WP OPT IN Project Unspecified vulnerability in WP Opt-In Project WP Opt-In 1.4.1

The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.

4.3
2022-07-11 CVE-2022-30943 Cybozu Unspecified vulnerability in Cybozu Garoon

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.

4.3
2022-07-11 CVE-2022-31472 Cybozu Unspecified vulnerability in Cybozu Garoon

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.

4.3

31 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-13 CVE-2022-20226 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 12.0/12.1

In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation.

3.9
2022-07-14 CVE-2022-22450 IBM Unrestricted Upload of File with Dangerous Type vulnerability in IBM Security Verify Governance 10.0

IBM Security Verify Identity Manager 10.0 could allow a privileged user to upload a malicious file by bypassing extension security in an HTTP request.

3.8
2022-07-15 CVE-2022-35900 Bentley Out-of-bounds Read vulnerability in Bentley Microstation and View

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x.

3.3
2022-07-15 CVE-2022-35901 Bentley Out-of-bounds Read vulnerability in Bentley Microstation and View

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x.

3.3
2022-07-15 CVE-2022-35902 Bentley Out-of-bounds Read vulnerability in Bentley Microstation and View

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x.

3.3
2022-07-15 CVE-2022-35903 Bentley Out-of-bounds Read vulnerability in Bentley Microstation and View

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x.

3.3
2022-07-15 CVE-2022-35904 Bentley Out-of-bounds Read vulnerability in Bentley Microstation and View

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x.

3.3
2022-07-15 CVE-2022-35905 Bentley Out-of-bounds Read vulnerability in Bentley Microstation and View

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x.

3.3
2022-07-15 CVE-2022-35906 Bentley Out-of-bounds Read vulnerability in Bentley Microstation and View

An issue was discovered in Bentley MicroStation before 10.17.0.x and Bentley View before 10.17.0.x.

3.3
2022-07-12 CVE-2022-30750 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.

3.3
2022-07-12 CVE-2022-30751 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.

3.3
2022-07-12 CVE-2022-30752 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.

3.3
2022-07-12 CVE-2022-30753 Google Incorrect Default Permissions vulnerability in Google Android 10.0/11.0/12.0

Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.

3.3
2022-07-12 CVE-2022-30757 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.

3.3
2022-07-12 CVE-2022-33687 Google Information Exposure Through Log Files vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.

3.3
2022-07-12 CVE-2022-33688 Google Information Exposure Through Log Files vulnerability in Google Android 10.0/11.0/12.0

Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.

3.3
2022-07-12 CVE-2022-33689 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call.

3.3
2022-07-12 CVE-2022-33690 Google Path Traversal vulnerability in Google Android 12.0

Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.

3.3
2022-07-12 CVE-2022-33692 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 11.0/12.0

Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.

3.3
2022-07-12 CVE-2022-33694 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.

3.3
2022-07-12 CVE-2022-33696 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 12.0

Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.

3.3
2022-07-12 CVE-2022-33697 Google Information Exposure Through Log Files vulnerability in Google Android 10.0/11.0/12.0

Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.

3.3
2022-07-12 CVE-2022-33698 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.

3.3
2022-07-12 CVE-2022-33701 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent.

3.3
2022-07-12 CVE-2022-33705 Samsung Unspecified vulnerability in Samsung Calendar 11.6.08.0/12.2.11.3000

Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission.

3.3
2022-07-12 CVE-2022-33706 Samsung Unspecified vulnerability in Samsung Gallery

Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.

2.4
2022-07-12 CVE-2022-35648 Nautilus Unspecified vulnerability in Nautilus T616 Firmware and T618 Firmware

Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers to cause a denial of service (fall) by connecting the power cord to a 120V circuit (which may lead to self-starting at an inopportune time).

2.4
2022-07-12 CVE-2022-33686 Google Files or Directories Accessible to External Parties vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.

2.3
2022-07-12 CVE-2022-33693 Google Information Exposure Through Log Files vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.

2.3
2022-07-12 CVE-2022-33699 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

2.3
2022-07-12 CVE-2022-33700 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

2.3