Weekly Vulnerabilities Reports > July 11 to 17, 2022

Overview

486 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 55 high severity vulnerabilities. This weekly summary report vulnerabilities in 616 products from 215 vendors including Microsoft, Google, Siemens, SAP, and Pexip. Vulnerabilities are notably categorized as "Path Traversal", "Cross-site Scripting", "Exposure of Resource to Wrong Sphere", "Improper Privilege Management", and "Improper Input Validation".

  • 392 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 194 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 366 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 81 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

14 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-17 CVE-2022-31209 Infiray Classic Buffer Overflow vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957

An issue was discovered in Infiray IRAY-A8Z3 1.0.957.

10.0
2022-07-17 CVE-2022-31211 Infiray Weak Password Requirements vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957

An issue was discovered in Infiray IRAY-A8Z3 1.0.957.

10.0
2022-07-13 CVE-2022-20216 Google Unspecified vulnerability in Google Android

android exported is used to set third-party app access permissions, and the default value of intent-filter is true.

10.0
2022-07-13 CVE-2022-20222 Google Out-of-bounds Write vulnerability in Google Android 12.0/12.1

In read_attr_value of gatt_db.cc, there is a possible out of bounds write due to a missing bounds check.

10.0
2022-07-13 CVE-2022-20229 Google Out-of-bounds Write vulnerability in Google Android

In bta_hf_client_handle_cind_list_item of bta_hf_client_at.cc, there is a possible out of bounds write due to a missing bounds check.

10.0
2022-07-13 CVE-2022-20238 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555

10.0
2022-07-12 CVE-2022-29560 Siemens Command Injection vulnerability in Siemens products

A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < 2.15.1), RUGGEDCOM ROX MX5000RE (All versions < 2.15.1), RUGGEDCOM ROX RX1400 (All versions < 2.15.1), RUGGEDCOM ROX RX1500 (All versions < 2.15.1), RUGGEDCOM ROX RX1501 (All versions < 2.15.1), RUGGEDCOM ROX RX1510 (All versions < 2.15.1), RUGGEDCOM ROX RX1511 (All versions < 2.15.1), RUGGEDCOM ROX RX1512 (All versions < 2.15.1), RUGGEDCOM ROX RX1524 (All versions < 2.15.1), RUGGEDCOM ROX RX1536 (All versions < 2.15.1), RUGGEDCOM ROX RX5000 (All versions < 2.15.1).

10.0
2022-07-12 CVE-2022-34819 Siemens Out-of-bounds Write vulnerability in Siemens products

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46).

9.3
2022-07-12 CVE-2022-34820 Siemens Command Injection vulnerability in Siemens products

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46).

9.3
2022-07-12 CVE-2022-34821 Siemens Code Injection vulnerability in Siemens products

A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46).

9.3
2022-07-11 CVE-2022-2302 Lenze Improper Authentication vulnerability in Lenze C520 Firmware, C550 Firmware and C750 Firmware

Multiple Lenze products of the cabinet series skip the password verification upon second login.

9.3
2022-07-17 CVE-2022-31208 Infiray Unspecified vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957

An issue was discovered in Infiray IRAY-A8Z3 1.0.957.

9.0
2022-07-12 CVE-2022-1025 Linuxfoundation Incorrect Authorization vulnerability in Linuxfoundation Argo-Cd

All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level.

9.0
2022-07-11 CVE-2022-31138 Mailcow OS Command Injection vulnerability in Mailcow Mailcow: Dockerized

mailcow is a mailserver suite.

9.0

55 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-12 CVE-2022-22037 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability.

8.5
2022-07-12 CVE-2022-22041 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

8.5
2022-07-12 CVE-2022-30215 Microsoft Unspecified vulnerability in Microsoft products

Active Directory Federation Services Elevation of Privilege Vulnerability.

8.5
2022-07-13 CVE-2022-20236 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android

A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709

7.8
2022-07-12 CVE-2021-39999 Huawei Classic Buffer Overflow vulnerability in Huawei Ese620X Vess Firmware V100R001C10Spc200/V100R001C20Spc200

There is a buffer overflow vulnerability in eSE620X vESS V100R001C10SPC200 and V100R001C20SPC200.

7.8
2022-07-12 CVE-2022-34735 Huawei NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos

The frame scheduling module has a null pointer dereference vulnerability.

7.8
2022-07-12 CVE-2022-34736 Huawei NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos

The frame scheduling module has a null pointer dereference vulnerability.

7.8
2022-07-12 CVE-2022-26648 Siemens Classic Buffer Overflow vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6).

7.8
2022-07-12 CVE-2022-26649 Siemens Classic Buffer Overflow vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6).

7.8
2022-07-17 CVE-2022-31210 Infiray Use of Hard-coded Credentials vulnerability in Infiray Iray-A8Z3 Firmware 1.0.957

An issue was discovered in Infiray IRAY-A8Z3 1.0.957.

7.5
2022-07-16 CVE-2017-20138 Itechscripts SQL Injection vulnerability in Itechscripts Auction Script 6.49

A vulnerability was found in Itech Auction Script 6.49.

7.5
2022-07-14 CVE-2022-32417 Pbootcms Code Injection vulnerability in Pbootcms 3.1.2

PbootCMS v3.1.2 was discovered to contain a remote code execution (RCE) vulnerability via the function parserIfLabel at function.php.

7.5
2022-07-13 CVE-2022-28888 Spryker OS Command Injection vulnerability in Spryker Cloud Commerce

Spryker Commerce OS 1.4.2 allows Remote Command Execution.

7.5
2022-07-13 CVE-2022-32073 Wolfssh Integer Overflow or Wraparound vulnerability in Wolfssh 1.4.7

WolfSSH v1.4.7 was discovered to contain an integer overflow via the function wolfSSH_SFTP_RecvRMDIR.

7.5
2022-07-12 CVE-2022-22040 Microsoft Resource Exhaustion vulnerability in Microsoft products

Internet Information Services Dynamic Compression Module Denial of Service Vulnerability.

7.5
2022-07-12 CVE-2022-35628 In2Code SQL Injection vulnerability in In2Code Living User Experience

A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.

7.5
2022-07-12 CVE-2022-29600 Oliverklee SQL Injection vulnerability in Oliverklee Oelib

The oelib (aka One is Enough Library) extension through 4.1.5 for TYPO3 allows SQL Injection.

7.5
2022-07-12 CVE-2022-29601 Oliverklee SQL Injection vulnerability in Oliverklee Seminars

The seminars (aka Seminar Manager) extension through 4.1.3 for TYPO3 allows SQL Injection.

7.5
2022-07-12 CVE-2022-22997 Westerndigital OS Command Injection vulnerability in Westerndigital MY Cloud Home DUO Firmware and MY Cloud Home Firmware

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices.

7.5
2022-07-12 CVE-2022-2298 Clinic S Patient Management System Project SQL Injection vulnerability in Clinic'S Patient Management System Project Clinic'S Patient Management System 2.0

A vulnerability has been found in SourceCodester Clinics Patient Management System 2.0 and classified as critical.

7.5
2022-07-12 CVE-2022-26647 Siemens Use of Insufficiently Random Values vulnerability in Siemens products

A vulnerability has been identified in SCALANCE X200-4P IRT (All versions), SCALANCE X200-4P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X201-3P IRT PRO (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X202-2P IRT PRO (All versions), SCALANCE X204-2 (All versions < V5.2.6), SCALANCE X204-2FM (All versions < V5.2.6), SCALANCE X204-2LD (All versions < V5.2.6), SCALANCE X204-2LD TS (All versions < V5.2.6), SCALANCE X204-2TS (All versions < V5.2.6), SCALANCE X204IRT (All versions), SCALANCE X204IRT (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X204IRT PRO (All versions), SCALANCE X206-1 (All versions < V5.2.6), SCALANCE X206-1LD (All versions < V5.2.6), SCALANCE X208 (All versions < V5.2.6), SCALANCE X208PRO (All versions < V5.2.6), SCALANCE X212-2 (All versions < V5.2.6), SCALANCE X212-2LD (All versions < V5.2.6), SCALANCE X216 (All versions < V5.2.6), SCALANCE X224 (All versions < V5.2.6), SCALANCE XF201-3P IRT (All versions), SCALANCE XF202-2P IRT (All versions), SCALANCE XF204 (All versions < V5.2.6), SCALANCE XF204-2 (All versions < V5.2.6), SCALANCE XF204-2BA IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF204IRT (All versions), SCALANCE XF206-1 (All versions < V5.2.6), SCALANCE XF208 (All versions < V5.2.6).

7.5
2022-07-11 CVE-2020-29506 Dell Unspecified vulnerability in Dell products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

7.5
2022-07-11 CVE-2020-29507 Dell Improper Input Validation vulnerability in Dell products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.

7.5
2022-07-11 CVE-2020-29508 Dell Improper Input Validation vulnerability in Dell products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.

7.5
2022-07-11 CVE-2020-35163 Dell Use of Insufficiently Random Values vulnerability in Dell products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.

7.5
2022-07-11 CVE-2020-35164 Dell Unspecified vulnerability in Dell products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

7.5
2022-07-11 CVE-2020-35166 Dell Unspecified vulnerability in Dell products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

7.5
2022-07-11 CVE-2020-35167 Dell Unspecified vulnerability in Dell products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

7.5
2022-07-11 CVE-2020-35168 Dell Unspecified vulnerability in Dell products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

7.5
2022-07-11 CVE-2020-35169 Dell Improper Input Validation vulnerability in Dell products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.

7.5
2022-07-11 CVE-2020-4150 IBM Use of Hard-coded Credentials vulnerability in IBM Security Siteprotector System 3.1.1

IBM SiteProtector Appliance 3.1.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

7.5
2022-07-11 CVE-2022-1057 Varktech SQL Injection vulnerability in Varktech Pricing Deals for Woocommerce

The Pricing Deals for WooCommerce WordPress plugin through 2.0.2.02 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to an unauthenticated SQL injection

7.5
2022-07-11 CVE-2022-1952 Syntactics Unrestricted Upload of File with Dangerous Type vulnerability in Syntactics Free Booking Plugin for Hotels, Restaurant and CAR Rental

The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution.

7.5
2022-07-11 CVE-2022-2368 Microweber Business Logic Errors vulnerability in Microweber

Business Logic Errors in GitHub repository microweber/microweber prior to 1.2.20.

7.5
2022-07-11 CVE-2022-32294 Zimbra Incorrect Authorization vulnerability in Zimbra Collaboration 8.8.15

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command).

7.5
2022-07-11 CVE-2022-31570 Ceneo WEB Scrapper Project Path Traversal vulnerability in Ceneo-Web-Scrapper Project Ceneo-Web-Scrapper 20210315

The adriankoczuruek/ceneo-web-scrapper repository through 2021-03-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

7.5
2022-07-13 CVE-2022-20220 Google Path Traversal vulnerability in Google Android 12.0/12.1

In openFile of CallLogProvider.java, there is a possible permission bypass due to a path traversal error.

7.2
2022-07-13 CVE-2022-20223 Google Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android

In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy.

7.2
2022-07-12 CVE-2022-22026 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows CSRSS Elevation of Privilege Vulnerability.

7.2
2022-07-12 CVE-2022-22031 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Credential Guard Domain-joined Public Key Elevation of Privilege Vulnerability.

7.2
2022-07-12 CVE-2022-22034 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Graphics Component Elevation of Privilege Vulnerability.

7.2
2022-07-12 CVE-2022-22043 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Fast FAT File System Driver Elevation of Privilege Vulnerability.

7.2
2022-07-12 CVE-2022-22047 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows CSRSS Elevation of Privilege Vulnerability.

7.2
2022-07-12 CVE-2022-22049 Microsoft Unspecified vulnerability in Microsoft products

Windows CSRSS Elevation of Privilege Vulnerability.

7.2
2022-07-12 CVE-2022-22050 Microsoft Unspecified vulnerability in Microsoft products

Windows Fax Service Elevation of Privilege Vulnerability.

7.2
2022-07-12 CVE-2022-30206 Microsoft Unspecified vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

7.2
2022-07-12 CVE-2022-30220 Microsoft Unspecified vulnerability in Microsoft products

Windows Common Log File System Driver Elevation of Privilege Vulnerability.

7.2
2022-07-12 CVE-2021-36665 Druva Deserialization of Untrusted Data vulnerability in Druva Insync Client

An issue was discovered in Druva 6.9.0 for macOS, allows attackers to gain escalated local privileges via the inSyncUpgradeDaemon.

7.2
2022-07-12 CVE-2021-36666 Druva Improper Privilege Management vulnerability in Druva Insync Client

An issue was discovered in Druva 6.9.0 for MacOS, allows attackers to gain escalated local privileges via the inSyncDecommission.

7.2
2022-07-12 CVE-2022-30754 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker.

7.2
2022-07-12 CVE-2022-30756 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder.

7.2
2022-07-12 CVE-2022-33708 Samsung Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

7.2
2022-07-12 CVE-2022-33709 Samsung Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4

Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

7.2
2022-07-12 CVE-2022-33710 Samsung Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4

Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

7.2
2022-07-12 CVE-2022-29884 Siemens Missing Release of Resource after Effective Lifetime vulnerability in Siemens products

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < CPC80 V16.30), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < CPC80 V16.30), CP-8021 MASTER MODULE (All versions < CPC80 V16.30), CP-8022 MASTER MODULE WITH GPRS (All versions < CPC80 V16.30).

7.1

326 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-12 CVE-2022-22023 Microsoft Unspecified vulnerability in Microsoft products

Windows Portable Device Enumerator Service Security Feature Bypass Vulnerability.

6.9
2022-07-12 CVE-2022-22045 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows.Devices.Picker.dll Elevation of Privilege Vulnerability.

6.9
2022-07-12 CVE-2022-30202 Microsoft Unspecified vulnerability in Microsoft products

Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability.

6.9
2022-07-12 CVE-2022-30224 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability.

6.9
2022-07-12 CVE-2022-29187 GIT SCM Improper Ownership Management vulnerability in Git-Scm GIT

Git is a distributed revision control system.

6.9
2022-07-17 CVE-2022-26352 Dotcms Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms

An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02.

6.8
2022-07-17 CVE-2022-1672 Insights From Google Pagespeed Project Cross-Site Request Forgery (CSRF) vulnerability in Insights From Google Pagespeed Project Insights From Google Pagespeed

The Insights from Google PageSpeed WordPress plugin before 4.0.7 does not verify for CSRF before doing various actions such as deleting Custom URLs, which could allow attackers to make a logged in admin perform such actions via CSRF attacks

6.8
2022-07-15 CVE-2022-32434 Opener Project Out-of-bounds Write vulnerability in Opener Project Opener 2.3.0

EIPStackGroup OpENer v2.3.0 was discovered to contain a stack overflow via /bin/posix/src/ports/POSIX/OpENer+0x56073d.

6.8
2022-07-14 CVE-2022-32323 Autotrace Project Out-of-bounds Write vulnerability in Autotrace Project Autotrace 0.40.0

AutoTrace v0.40.0 was discovered to contain a heap overflow via the ReadImage function at input-bmp.c:660.

6.8
2022-07-12 CVE-2022-22027 Microsoft Code Injection vulnerability in Microsoft products

Windows Fax Service Remote Code Execution Vulnerability.

6.8
2022-07-12 CVE-2022-22029 Microsoft Code Injection vulnerability in Microsoft products

Windows Network File System Remote Code Execution Vulnerability.

6.8
2022-07-12 CVE-2022-22038 Microsoft Code Injection vulnerability in Microsoft products

Remote Procedure Call Runtime Remote Code Execution Vulnerability.

6.8
2022-07-12 CVE-2022-35228 SAP Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

SAP BusinessObjects CMC allows an unauthenticated attacker to retrieve token information over the network which would otherwise be restricted.

6.8
2022-07-12 CVE-2022-24800 Octobercms Race Condition vulnerability in Octobercms October

October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework.

6.8
2022-07-12 CVE-2022-34272 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

6.8
2022-07-12 CVE-2022-34273 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

6.8
2022-07-12 CVE-2022-34274 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

6.8
2022-07-12 CVE-2022-34275 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

6.8
2022-07-12 CVE-2022-34276 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

6.8
2022-07-12 CVE-2022-34277 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

6.8
2022-07-12 CVE-2022-34278 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

6.8
2022-07-12 CVE-2022-34279 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

6.8
2022-07-12 CVE-2022-34280 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

6.8
2022-07-12 CVE-2022-34281 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

6.8
2022-07-12 CVE-2022-34284 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

6.8
2022-07-12 CVE-2022-34286 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

6.8
2022-07-12 CVE-2022-34289 Siemens Out-of-bounds Write vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

6.8
2022-07-12 CVE-2022-34465 Siemens Out-of-bounds Read vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.264), Parasolid V34.0 (All versions < V34.0.250), Parasolid V34.1 (All versions < V34.1.233), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

6.8
2022-07-12 CVE-2022-34748 Siemens Out-of-bounds Write vulnerability in Siemens Simcenter Femap

A vulnerability has been identified in Simcenter Femap (All versions < V2022.2).

6.8
2022-07-12 CVE-2022-22048 Microsoft Incorrect Authorization vulnerability in Microsoft products

BitLocker Security Feature Bypass Vulnerability.

6.6
2022-07-15 CVE-2021-36461 Microweber Unrestricted Upload of File with Dangerous Type vulnerability in Microweber 1.1.3

An Arbitrary File Upload vulnerability exists in Microweber 1.1.3 that allows attackers to getshell via the Settings Upload Picture section by uploading pictures with malicious code, user.ini.

6.5
2022-07-14 CVE-2022-32415 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/?p=products/view_product&id=.

6.5
2022-07-14 CVE-2022-32416 Product Show Room Site Project SQL Injection vulnerability in Product Show Room Site Project Product Show Room Site 1.0

Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_product.

6.5
2022-07-13 CVE-2022-32114 Strapi Unrestricted Upload of File with Dangerous Type vulnerability in Strapi 4.1.12

An unrestricted file upload vulnerability in the Add New Assets function of Strapi v4.1.12 allows attackers to execute arbitrary code via a crafted file.

6.5
2022-07-12 CVE-2022-30216 Microsoft Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft products

Windows Server Service Tampering Vulnerability.

6.5
2022-07-12 CVE-2022-33633 Microsoft Unspecified vulnerability in Microsoft Lync Server and Skype for Business

Skype for Business and Lync Remote Code Execution Vulnerability.

6.5
2022-07-12 CVE-2022-33642 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

6.5
2022-07-12 CVE-2022-33676 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Remote Code Execution Vulnerability.

6.5
2022-07-12 CVE-2022-33677 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability.

6.5
2022-07-12 CVE-2022-33678 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Remote Code Execution Vulnerability.

6.5
2022-07-12 CVE-2022-31593 SAP Injection vulnerability in SAP Business ONE 10.0

SAP Business One client - version 10.0 allows an attacker with low privileges, to inject code that can be executed by the application.

6.5
2022-07-12 CVE-2022-35169 SAP Information Exposure vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

SAP BusinessObjects Business Intelligence Platform (LCM) - versions 420, 430, allows an attacker with an admin privilege to read and decrypt LCMBIAR file's password under certain conditions, enabling the attacker to modify the password or import the file into another system causing high impact on confidentiality but a limited impact on the availability and integrity of the application.

6.5
2022-07-12 CVE-2022-2297 Clinic S Patient Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Clinic'S Patient Management System Project Clinic'S Patient Management System 2.0

A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0.

6.5
2022-07-12 CVE-2022-2262 Online Hotel Booking Project SQL Injection vulnerability in Online Hotel Booking Project Online Hotel Booking 1.0

A vulnerability has been found in Online Hotel Booking System 1.0 and classified as critical.

6.5
2022-07-12 CVE-2022-2263 Online Hotel Booking Project SQL Injection vulnerability in Online Hotel Booking Project Online Hotel Booking 1.0

A vulnerability was found in Online Hotel Booking System 1.0 and classified as critical.

6.5
2022-07-12 CVE-2021-38289 Novastar Incorrect Permission Assignment for Critical Resource vulnerability in Novastar Novaicare 7.16.0

An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker privilege escalation and allows attackers to view corporate information and SMTP server details, delete users, view roles, and other unspecified impacts.

6.5
2022-07-17 CVE-2022-26656 Pexip Unspecified vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.

6.4
2022-07-12 CVE-2022-34737 Huawei Incorrect Default Permissions vulnerability in Huawei Emui, Harmonyos and Magic UI

The application security module has a vulnerability in permission assignment.

6.4
2022-07-12 CVE-2021-44222 Siemens Missing Authentication for Critical Function vulnerability in Siemens Simatic Easie Core Package

A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00).

6.4
2022-07-11 CVE-2022-31140 Cuyz Information Exposure Through an Error Message vulnerability in Cuyz Valinor

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure.

6.4
2022-07-11 CVE-2022-31501 Onyxforum Project Path Traversal vulnerability in Onyxforum Project Onyxforum

The ChaoticOnyx/OnyxForum repository before 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31502 Wormnest Project Path Traversal vulnerability in Wormnest Project Wormnest

The operatorequals/wormnest repository through 0.4.7 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31503 Orchest Path Traversal vulnerability in Orchest

The orchest/orchest repository before 2022.05.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31504 Baiduwenkuspider Flaskweb Project Path Traversal vulnerability in Baiduwenkuspider Flaskweb Project Baiduwenkuspider Flaskweb

The ChangeWeDer/BaiduWenkuSpider_flaskWeb repository before 2021-11-29 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31505 Mercadoenlineaback Project Path Traversal vulnerability in Mercadoenlineaback Project Mercadoenlineaback

The cheo0/MercadoEnLineaBack repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31506 CMU Path Traversal vulnerability in CMU Opendiamond

The cmusatyalab/opendiamond repository through 10.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31507 Ganga Project Path Traversal vulnerability in Ganga Project Ganga

The ganga-devs/ganga repository before 8.5.10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31508 Idayrus Path Traversal vulnerability in Idayrus E-Voting

The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31509 Iedadata Path Traversal vulnerability in Iedadata Usap-Dc web Submission and Dataset Search 1.0/1.0.0/1.0.1

The iedadata/usap-dc-website repository through 1.0.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31510 Simple RAT Project Path Traversal vulnerability in Simple-Rat Project Simple-Rat 20220503

The sergeKashkin/Simple-RAT repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31511 Equanimity Project Path Traversal vulnerability in Equanimity Project Equanimity

The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31512 Flask MVC Project Path Traversal vulnerability in Flask-Mvc Project Flask-Mvc

The Atom02/flask-mvc repository through 2020-09-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31513 Krypton Project Path Traversal vulnerability in Krypton Project Krypton

The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31514 FAN Platform Project Path Traversal vulnerability in FAN Platform Project FAN Platform

The Caoyongqi912/Fan_Platform repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31515 Carceresbe Project Path Traversal vulnerability in Carceresbe Project Carceresbe 1.0

The Delor4/CarceresBE repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31516 Harveyzyh Python Project Path Traversal vulnerability in Harveyzyh Python Project Harveyzyh Python

The Harveyzyh/Python repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31517 Mercury Sample Manager Project Path Traversal vulnerability in Mercury Sample Manager Project Mercury Sample Manager 20210420

The HolgerGraef/MSM repository through 2021-04-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31518 Python Recipe Database Project Path Traversal vulnerability in Python-Recipe-Database Project Python-Recipe-Database

The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31519 Windmill Project Path Traversal vulnerability in Windmill Project Windmill 1.0

The Lukasavicus/WindMill repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31520 Logstash Management API Project Path Traversal vulnerability in Logstash-Management-Api Project Logstash-Management-Api

The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31521 Mosaic Project Path Traversal vulnerability in Mosaic Project Mosaic 1.0.0

The Niyaz-Mohamed/mosaic repository through 1.0.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31522 Karaokey Project Path Traversal vulnerability in Karaokey Project Karaokey

The NotVinay/karaokey repository through 2019-12-11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31523 Paddlepaddle Path Traversal vulnerability in Paddlepaddle Anakin 0.1.0/0.1.1

The PaddlePaddle/Anakin repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31524 Purestorage Path Traversal vulnerability in Purestorage Pure Swagger

The PureStorage-OpenConnect/swagger repository through 1.1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31525 Deep Learning Studio Project Path Traversal vulnerability in Deep Learning Studio Project Deep Learning Studio 0.1.0

The SummaLabs/DLS repository through 0.1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31526 Thunderatz Path Traversal vulnerability in Thunderatz Thunderdocs 20200501

The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31527 Flask File Server Project Path Traversal vulnerability in Flask-File-Server Project Flask-File-Server

The Wildog/flask-file-server repository through 2020-02-20 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31528 Bonn Activity Maps Annotation Tool Project Path Traversal vulnerability in Bonn Activity Maps Annotation Tool Project Bonn Activity Maps Annotation Tool

The bonn-activity-maps/bam_annotation_tool repository through 2021-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31529 Monorepo Project Path Traversal vulnerability in Monorepo Project Monorepo

The cinemaproject/monorepo repository through 2021-03-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31530 CSM Server Project Path Traversal vulnerability in CSM Server Project CSM Server

The csm-aut/csm repository through 3.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31531 Dainst Path Traversal vulnerability in Dainst Cilantro

The dainst/cilantro repository through 0.0.4 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31532 Travel Blahg Project Path Traversal vulnerability in Travel Blahg Project Travel Blahg

The dankolbman/travel_blahg repository through 2016-01-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31533 Umbral Project Path Traversal vulnerability in Umbral Project Umbral

The decentraminds/umbral repository through 2020-01-15 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31534 Pythonweb Project Path Traversal vulnerability in Pythonweb Project Pythonweb

The echoleegroup/PythonWeb repository through 2018-10-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31535 Fishtank Project Path Traversal vulnerability in Fishtank Project Fishtank

The freefood89/Fishtank repository through 2015-06-24 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31536 Ytdl Sync Project Path Traversal vulnerability in Ytdl-Sync Project Ytdl-Sync

The jaygarza1982/ytdl-sync repository through 2021-01-02 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31537 Solar System Simulator Project Path Traversal vulnerability in Solar-System-Simulator Project Solar-System-Simulator

The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31538 MP M08 Interface Project Path Traversal vulnerability in Mp-M08-Interface Project Mp-M08-Interface

The joaopedro-fg/mp-m08-interface repository through 2020-12-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31539 Kotekan Project Path Traversal vulnerability in Kotekan Project Kotekan

The kotekan/kotekan repository through 2021.11 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31540 HIN ENG Preprocessing Project Path Traversal vulnerability in Hin-Eng-Preprocessing Project Hin-Eng-Preprocessing

The kumardeepak/hin-eng-preprocessing repository through 2019-07-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31541 Barry Voice Assistant Project Path Traversal vulnerability in Barry Voice Assistant Project Barry Voice Assistant

The lyubolp/Barry-Voice-Assistant repository through 2021-01-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31542 Mdweb Project Path Traversal vulnerability in Mdweb Project Mdweb

The mandoku/mdweb repository through 2015-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31543 Setupbox Project Path Traversal vulnerability in Setupbox Project Setupbox

The maxtortime/SetupBox repository through 1.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31544 Xtomo Path Traversal vulnerability in Xtomo Robo-Tom

The meerstein/rbtm repository through 1.5 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31545 Modelconverter Project Path Traversal vulnerability in Modelconverter Project Modelconverter

The ml-inory/ModelConverter repository through 2021-04-26 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31546 Glance Project Path Traversal vulnerability in Glance Project Glance

The nlpweb/glance repository through 2014-06-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31547 Sphere Project Path Traversal vulnerability in Sphere Project Sphere

The noamezekiel/sphere repository through 2020-05-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31548 Homepage Project Path Traversal vulnerability in Homepage Project Homepage

The nrlakin/homepage repository through 2017-03-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31549 Helm Flask Celery Project Path Traversal vulnerability in Helm-Flask-Celery Project Helm-Flask-Celery

The olmax99/helm-flask-celery repository before 2022-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31550 Python Athena Stack Project Path Traversal vulnerability in Python Athena Stack Project Python Athena Stack

The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31551 Flask Mongo Skel Project Path Traversal vulnerability in Flask-Mongo-Skel Project Flask-Mongo-Skel

The pleomax00/flask-mongo-skel repository through 2012-11-01 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31552 Anuvaad Corpus Project Path Traversal vulnerability in Anuvaad-Corpus Project Anuvaad-Corpus

The project-anuvaad/anuvaad-corpus repository through 2020-11-23 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31553 Sleep Learner Project Path Traversal vulnerability in Sleep Learner Project Sleep Learner

The rainsoupah/sleep-learner repository through 2021-02-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31554 Movie Review Sentiment Analysis Project Path Traversal vulnerability in Movie-Review-Sentiment-Analysis Project Movie-Review-Sentiment-Analysis

The rohitnayak/movie-review-sentiment-analysis repository through 2017-05-07 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31555 Nurse Quest Project Path Traversal vulnerability in Nurse Quest Project Nurse Quest

The romain20100/nursequest repository through 2018-02-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31556 Trainenergyserver Project Path Traversal vulnerability in Trainenergyserver Project Trainenergyserver

The rusyasoft/TrainEnergyServer repository through 2017-08-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31557 Golem Project Path Traversal vulnerability in Golem Project Golem

The seveas/golem repository through 2016-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31558 Shiva Server Project Path Traversal vulnerability in Shiva-Server Project Shiva-Server

The tooxie/shiva-server repository through 0.10.0 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31559 Flask Yeoman Project Path Traversal vulnerability in Flask-Yeoman Project Flask-Yeoman

The tsileo/flask-yeoman repository through 2013-09-13 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31560 Photo TAG Project Path Traversal vulnerability in Photo TAG Project Photo TAG

The uncleYiba/photo_tag repository through 2020-08-31 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31561 Sphere Imagebackend Project Path Traversal vulnerability in Sphere Imagebackend Project Sphere Imagebackend

The varijkapil13/Sphere_ImageBackend repository through 2019-10-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31562 Internshipsystem Project Path Traversal vulnerability in Internshipsystem Project Internshipsystem

The waveyan/internshipsystem repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31563 Vprj Project Path Traversal vulnerability in Vprj Project Vprj

The whmacmac/vprj repository through 2022-04-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31564 Munhak Path Traversal vulnerability in Munhak Munhak-Moa

The woduq1414/munhak-moa repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31565 Syrabond Project Path Traversal vulnerability in Syrabond Project Syrabond

The yogson/syrabond repository through 2020-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31567 Data Stream Algorithm Benchmark Project Path Traversal vulnerability in Data Stream Algorithm Benchmark Project Data Stream Algorithm Benchmark

The DSABenchmark/DSAB repository through 2.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31568 Rexians Path Traversal vulnerability in Rexians Rex-Web

The Rexians/rex-web repository through 2022-06-05 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31569 Projects Project Path Traversal vulnerability in Projects Project Projects

The RipudamanKaushikDal/projects repository through 2022-04-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31571 Python Flask Restful API Project Path Traversal vulnerability in Python-Flask-Restful-Api Project Python-Flask-Restful-Api

The akashtalole/python-flask-restful-api repository through 2019-09-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31572 Cockybook Project Path Traversal vulnerability in Cockybook Project Cockybook 20150416

The ceee-vip/cockybook repository through 2015-04-16 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31573 Chainer Path Traversal vulnerability in Chainer Chainerrl-Visualizer

The chainer/chainerrl-visualizer repository through 0.1.1 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31574 Realestate Project Path Traversal vulnerability in Realestate Project Realestate

The deepaliupadhyay/RealEstate repository through 2018-11-30 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31575 Livro Python Project Path Traversal vulnerability in Livro Python Project Livro Python

The duducosmos/livro_python repository through 2018-06-06 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31576 Shackerpanel Project Path Traversal vulnerability in Shackerpanel Project Shackerpanel

The heidi-luong1109/shackerpanel repository through 2021-05-25 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31577 Audio Aligner APP Project Path Traversal vulnerability in Audio Aligner APP Project Audio Aligner APP 20200110

The longmaoteamtf/audio_aligner_app repository through 2020-01-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31579 Iasset Project Path Traversal vulnerability in Iasset Project Iasset

The ralphjzhang/iasset repository through 2022-05-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31580 Caretakerr API Project Path Traversal vulnerability in Caretakerr-Api Project Caretakerr-Api 20210517

The sanojtharindu/caretakerr-api repository through 2021-05-17 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31581 Scorelab Path Traversal vulnerability in Scorelab Openmf

The scorelab/OpenMF repository before 2022-05-03 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31582 Videoserver Project Path Traversal vulnerability in Videoserver Project Videoserver

The shaolo1/VideoServer repository through 2019-09-21 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31583 Automatedquizeval Project Path Traversal vulnerability in Automatedquizeval Project Automatedquizeval

The sravaniboinepelli/AutomatedQuizEval repository through 2020-04-27 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31584 S3Label Project Path Traversal vulnerability in S3Label Project S3Label

The stonethree/s3label repository through 2019-08-14 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31585 Home Internet Project Path Traversal vulnerability in Home Internet Project Home Internet

The umeshpatil-dev/Home__internet repository through 2020-08-28 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31586 Changepop Back Project Path Traversal vulnerability in Changepop-Back Project Changepop-Back

The unizar-30226-2019-06/ChangePop-Back repository through 2019-06-04 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31587 KG Fashion Chatbot Project Path Traversal vulnerability in Kg-Fashion-Chatbot Project Kg-Fashion-Chatbot

The yuriyouzhou/KG-fashion-chatbot repository through 2018-05-22 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-31588 Testplatform Project Path Traversal vulnerability in Testplatform Project Testplatform

The zippies/testplatform repository through 2016-07-19 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

6.4
2022-07-11 CVE-2022-35414 Qemu Use of Uninitialized Resource vulnerability in Qemu

** DISPUTED ** softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path, leading to an io_readx or io_writex crash.

6.1
2022-07-17 CVE-2021-24655 Wpusermanager Authorization Bypass Through User-Controlled Key vulnerability in Wpusermanager WP User Manager

The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given.

6.0
2022-07-12 CVE-2022-22039 Microsoft Code Injection vulnerability in Microsoft products

Windows Network File System Remote Code Execution Vulnerability.

6.0
2022-07-12 CVE-2022-30205 Microsoft Race Condition vulnerability in Microsoft products

Windows Group Policy Elevation of Privilege Vulnerability.

6.0
2022-07-12 CVE-2022-30211 Microsoft Unspecified vulnerability in Microsoft products

Windows Layer 2 Tunneling Protocol (L2TP) Remote Code Execution Vulnerability.

6.0
2022-07-12 CVE-2022-30214 Microsoft Race Condition vulnerability in Microsoft products

Windows DNS Server Remote Code Execution Vulnerability.

6.0
2022-07-12 CVE-2022-2385 Kubernetes Unspecified vulnerability in Kubernetes Aws-Iam-Authenticator

A security issue was discovered in aws-iam-authenticator where an allow-listed IAM identity may be able to modify their username and escalate privileges.

6.0
2022-07-12 CVE-2022-33137 Siemens Insufficient Session Expiration vulnerability in Siemens products

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3).

6.0
2022-07-12 CVE-2022-34663 Siemens Code Injection vulnerability in Siemens Ruggedcom ROS 4.3.4/5.0.1

A vulnerability has been identified in RUGGEDCOM ROS M2100 (All versions), RUGGEDCOM ROS M2200 (All versions), RUGGEDCOM ROS M969 (All versions), RUGGEDCOM ROS RMC30 (All versions), RUGGEDCOM ROS RMC8388 (All versions < V5.6.0), RUGGEDCOM ROS RP110 (All versions), RUGGEDCOM ROS RS1600 (All versions), RUGGEDCOM ROS RS1600F (All versions), RUGGEDCOM ROS RS1600T (All versions), RUGGEDCOM ROS RS400 (All versions), RUGGEDCOM ROS RS401 (All versions), RUGGEDCOM ROS RS416 (All versions), RUGGEDCOM ROS RS416v2 (All versions < V5.6.0), RUGGEDCOM ROS RS8000 (All versions), RUGGEDCOM ROS RS8000A (All versions), RUGGEDCOM ROS RS8000H (All versions), RUGGEDCOM ROS RS8000T (All versions), RUGGEDCOM ROS RS900 (All versions), RUGGEDCOM ROS RS900 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900G (All versions), RUGGEDCOM ROS RS900G (32M) (All versions < V5.6.0), RUGGEDCOM ROS RS900GP (All versions), RUGGEDCOM ROS RS900L (All versions), RUGGEDCOM ROS RS900W (All versions), RUGGEDCOM ROS RS910 (All versions), RUGGEDCOM ROS RS910L (All versions), RUGGEDCOM ROS RS910W (All versions), RUGGEDCOM ROS RS920L (All versions), RUGGEDCOM ROS RS920W (All versions), RUGGEDCOM ROS RS930L (All versions), RUGGEDCOM ROS RS930W (All versions), RUGGEDCOM ROS RS940G (All versions), RUGGEDCOM ROS RS969 (All versions), RUGGEDCOM ROS RSG2100 (All versions), RUGGEDCOM ROS RSG2100 (32M) (All versions < V5.6.0), RUGGEDCOM ROS RSG2100P (All versions), RUGGEDCOM ROS RSG2200 (All versions), RUGGEDCOM ROS RSG2288 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300 (All versions < V5.6.0), RUGGEDCOM ROS RSG2300P (All versions < V5.6.0), RUGGEDCOM ROS RSG2488 (All versions < V5.6.0), RUGGEDCOM ROS RSG907R (All versions < V5.6.0), RUGGEDCOM ROS RSG908C (All versions < V5.6.0), RUGGEDCOM ROS RSG909R (All versions < V5.6.0), RUGGEDCOM ROS RSG910C (All versions < V5.6.0), RUGGEDCOM ROS RSG920P (All versions < V5.6.0), RUGGEDCOM ROS RSL910 (All versions < V5.6.0), RUGGEDCOM ROS RST2228 (All versions < V5.6.0), RUGGEDCOM ROS RST2228P (All versions < V5.6.0), RUGGEDCOM ROS RST916C (All versions < V5.6.0), RUGGEDCOM ROS RST916P (All versions < V5.6.0), RUGGEDCOM ROS i800 (All versions), RUGGEDCOM ROS i801 (All versions), RUGGEDCOM ROS i802 (All versions), RUGGEDCOM ROS i803 (All versions).

6.0
2022-07-17 CVE-2022-27933 Pexip Improper Input Validation vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

5.8
2022-07-12 CVE-2022-30209 Microsoft Unspecified vulnerability in Microsoft products

Windows IIS Server Elevation of Privilege Vulnerability.

5.8
2022-07-12 CVE-2022-33674 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.8
2022-07-12 CVE-2022-30181 Microsoft Improper Privilege Management vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-33641 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-33643 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-33655 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-33656 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-33657 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-33661 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-33662 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-33663 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-33665 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-33666 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-33667 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-33672 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-33673 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

5.5
2022-07-12 CVE-2022-29619 SAP Incorrect Authorization vulnerability in SAP Businessobjects Business Intelligence Platform 420/430

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.x - versions 420,430 allows user Administrator to view, edit or modify rights of objects it doesn't own and which would otherwise be restricted.

5.5
2022-07-12 CVE-2022-31597 SAP Missing Authorization vulnerability in SAP S/4Hana and Sapscore

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.

5.5
2022-07-11 CVE-2022-30602 Cybozu Unspecified vulnerability in Cybozu Garoon

Operation restriction bypass in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to alter the file information and/or delete the files.

5.5
2022-07-14 CVE-2022-32297 Piwigo SQL Injection vulnerability in Piwigo

Piwigo v12.2.0 was discovered to contain SQL injection vulnerability via the Search function.

5.1
2022-07-12 CVE-2022-22024 Microsoft Unspecified vulnerability in Microsoft products

Windows Fax Service Remote Code Execution Vulnerability.

5.1
2022-07-12 CVE-2022-30221 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Remote Code Execution Vulnerability.

5.1
2022-07-12 CVE-2022-31105 Linuxfoundation Improper Certificate Validation vulnerability in Linuxfoundation Argo-Cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

5.1
2022-07-17 CVE-2022-29286 Pexip Allocation of Resources Without Limits or Throttling vulnerability in Pexip Infinity

Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.

5.0
2022-07-17 CVE-2022-25357 Pexip Exposure of Resource to Wrong Sphere vulnerability in Pexip Infinity 27.0/27.1

Pexip Infinity 27.x before 27.2 has Improper Access Control.

5.0
2022-07-17 CVE-2022-26654 Pexip Injection vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.

5.0
2022-07-17 CVE-2022-26655 Pexip Improper Input Validation vulnerability in Pexip Infinity 27.0/27.1/27.2

Pexip Infinity 27.x before 27.3 has Improper Input Validation.

5.0
2022-07-17 CVE-2022-26657 Pexip Unspecified vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

5.0
2022-07-17 CVE-2022-27928 Pexip Unspecified vulnerability in Pexip Infinity 27.0/27.1/27.2

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

5.0
2022-07-17 CVE-2022-27929 Pexip Improper Input Validation vulnerability in Pexip Infinity 27.0/27.1/27.2

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via HTTP.

5.0
2022-07-17 CVE-2022-27931 Pexip Improper Input Validation vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.

5.0
2022-07-17 CVE-2022-27934 Pexip Improper Input Validation vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via HTTP.

5.0
2022-07-17 CVE-2022-27935 Pexip Improper Input Validation vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via Epic Telehealth.

5.0
2022-07-17 CVE-2022-27936 Pexip Improper Input Validation vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via H.323.

5.0
2022-07-17 CVE-2022-27937 Pexip Resource Exhaustion vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264.

5.0
2022-07-17 CVE-2022-2133 Miniorange Improper Authentication vulnerability in Miniorange Oauth Single Sign on

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token requests are legitimate, which allows attackers to log onto the site with the only knowledge of a user's email address.

5.0
2022-07-16 CVE-2017-20136 Itechscripts SQL Injection vulnerability in Itechscripts Classifieds Script 7.27

A vulnerability classified as critical has been found in Itech Classifieds Script 7.27.

5.0
2022-07-16 CVE-2017-20137 Itechscripts SQL Injection vulnerability in Itechscripts B2B Script 4.28

A vulnerability was found in Itech B2B Script 4.28.

5.0
2022-07-14 CVE-2022-32298 Toybox Project NULL Pointer Dereference vulnerability in Toybox Project Toybox 0.8.7

Toybox v0.8.7 was discovered to contain a NULL pointer dereference via the component httpd.c.

5.0
2022-07-13 CVE-2022-20224 Google Out-of-bounds Read vulnerability in Google Android

In AT_SKIP_REST of bta_hf_client_at.cc, there is a possible out of bounds read due to an incorrect bounds check.

5.0
2022-07-13 CVE-2022-20234 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 12.1

In Car Settings app, the NotificationAccessConfirmationActivity is exported.

5.0
2022-07-13 CVE-2022-32096 Rhonabwy Project Classic Buffer Overflow vulnerability in Rhonabwy Project Rhonabwy

Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap.

5.0
2022-07-12 CVE-2022-22025 Microsoft Unspecified vulnerability in Microsoft products

Windows Internet Information Services Cachuri Module Denial of Service Vulnerability.

5.0
2022-07-12 CVE-2022-35403 Zohocorp Unspecified vulnerability in Zohocorp products

Zoho ManageEngine ServiceDesk Plus before 13008, ServiceDesk Plus MSP before 10606, and SupportCenter Plus before 11022 are affected by an unauthenticated local file disclosure vulnerability via ticket-creation email.

5.0
2022-07-12 CVE-2022-1737 Pyramidsolutions Out-of-bounds Write vulnerability in Pyramidsolutions products

Pyramid Solutions' affected products, the Developer and DLL kits for EtherNet/IP Adapter and EtherNet/IP Scanner, are vulnerable to an out-of-bounds write, which may allow an unauthorized attacker to send a specially crafted packet that may result in a denial-of-service condition.

5.0
2022-07-12 CVE-2022-22998 Westerndigital Insufficiently Protected Credentials vulnerability in Westerndigital MY Cloud Home DUO Firmware and MY Cloud Home Firmware

Implemented protections on AWS credentials that were not properly protected.

5.0
2022-07-12 CVE-2022-28771 SAP Improper Authentication vulnerability in SAP Business ONE License Service API 10.0

Due to missing authentication check, SAP Business one License service API - version 10.0 allows an unauthenticated attacker to send malicious http requests over the network.

5.0
2022-07-12 CVE-2022-32248 SAP Improper Input Validation vulnerability in SAP S/4Hana

Due to missing input validation in the Manage Checkbooks component of SAP S/4HANA - version 101, 102, 103, 104, 105, 106, an attacker could insert or edit the value of an existing field in the database.

5.0
2022-07-12 CVE-2022-32249 SAP Exposure of Resource to Wrong Sphere vulnerability in SAP Business ONE 10.0

Under special integration scenario of SAP Business one and SAP HANA - version 10.0, an attacker can exploit HANA cockpit?s data volume to gain access to highly sensitive information (e.g., high privileged account credentials)

5.0
2022-07-12 CVE-2022-35168 SAP XXE vulnerability in SAP Business ONE 10.0

Due to improper input sanitization of XML input in SAP Business One - version 10.0, an attacker can perform a denial-of-service attack rendering the system temporarily inoperative.

5.0
2022-07-12 CVE-2020-4157 IBM Use of Hard-coded Credentials vulnerability in IBM Qradar Network Security 5.4.0/5.5.0

IBM QRadar Network Security 5.4.0 and 5.5.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

5.0
2022-07-12 CVE-2020-4159 IBM Information Exposure vulnerability in IBM Qradar Network Security 5.4.0/5.5.0

IBM QRadar Network Security 5.4.0 and 5.5.0 discloses sensitive information to unauthorized users which could be used to mount further attacks against the system.

5.0
2022-07-12 CVE-2021-39041 IBM Unspecified vulnerability in IBM Qradar Security Information and Event Manager 7.3.0/7.4.0/7.5.0

IBM QRadar SIEM 7.3, 7.4, and 7.5 may be vulnerable to partial denial of service attack, resulting in some protocols not listening to specified ports.

5.0
2022-07-12 CVE-2021-40012 Huawei Exposure of Resource to Wrong Sphere vulnerability in Huawei Emui 12.0.0

Vulnerability of pointers being incorrectly used during data transmission in the video framework.

5.0
2022-07-12 CVE-2021-41396 Live555 Out-of-bounds Write vulnerability in Live555

Live555 through 1.08 does not handle socket connections properly.

5.0
2022-07-12 CVE-2021-46741 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The basic framework and setting module have defects, which were introduced during the design.

5.0
2022-07-12 CVE-2022-2366 Mattermost Incorrect Default Permissions vulnerability in Mattermost Server

Incorrect default configuration for trusted IP header in Mattermost version 6.7.0 and earlier allows attacker to bypass some of the rate limitations in place or use manipulated IPs for audit logging via manipulating the request headers.

5.0
2022-07-12 CVE-2022-33173 Couchbase Unspecified vulnerability in Couchbase Server

An algorithm-downgrade issue was discovered in Couchbase Server before 7.0.4.

5.0
2022-07-12 CVE-2022-33707 Samsung Use of Insufficiently Random Values vulnerability in Samsung Find MY Mobile

Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device.

5.0
2022-07-12 CVE-2022-33712 Samsung Open Redirect vulnerability in Samsung Camera 10.5.03.77/11.1.02.16/9.0.6.68

Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information.

5.0
2022-07-12 CVE-2022-33713 Samsung Unspecified vulnerability in Samsung Cloud 4.7.0.3/5.1.0.8

Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information.

5.0
2022-07-12 CVE-2022-33911 Couchbase Information Exposure Through Log Files vulnerability in Couchbase Server

An issue was discovered in Couchbase Server 7.x before 7.0.4.

5.0
2022-07-12 CVE-2022-34738 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The SystemUI module has a vulnerability in permission control.

5.0
2022-07-12 CVE-2022-34739 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The fingerprint module has a vulnerability of overflow in arithmetic addition.

5.0
2022-07-12 CVE-2022-34742 Huawei Out-of-bounds Write vulnerability in Huawei Emui, Harmonyos and Magic UI

The system module has a read/write vulnerability.

5.0
2022-07-12 CVE-2022-34743 Huawei Out-of-bounds Read vulnerability in Huawei Emui, Harmonyos and Magic UI

The AT commands of the USB port have an out-of-bounds read vulnerability.

5.0
2022-07-12 CVE-2021-44221 Siemens Improper Input Validation vulnerability in Siemens Simatic Easie Core Package

A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00).

5.0
2022-07-12 CVE-2022-30938 Siemens Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens products

A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.40), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions).

5.0
2022-07-12 CVE-2022-31257 Mendix Improper Privilege Management vulnerability in Mendix

A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.31), Mendix Applications using Mendix 8 (All versions < V8.18.18), Mendix Applications using Mendix 9 (All versions < V9.14.0), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.2), Mendix Applications using Mendix 9 (V9.6) (All versions < V9.6.12).

5.0
2022-07-12 CVE-2022-33138 Siemens Missing Authentication for Critical Function vulnerability in Siemens products

A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S (All versions < V3.3), SIMATIC MV550 H (All versions < V3.3), SIMATIC MV550 S (All versions < V3.3), SIMATIC MV560 U (All versions < V3.3), SIMATIC MV560 X (All versions < V3.3).

5.0
2022-07-12 CVE-2022-33736 Siemens Improper Authentication vulnerability in Siemens Opcenter Quality

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624), Opcenter Quality V13.2 (All versions < V13.2.20220624).

5.0
2022-07-11 CVE-2020-29505 Dell Insufficient Entropy vulnerability in Dell products

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain a Key Management Error Vulnerability.

5.0
2022-07-11 CVE-2022-30791 Codesys Resource Exhaustion vulnerability in Codesys products

In CmpBlkDrvTcp of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new TCP connections.

5.0
2022-07-11 CVE-2022-30792 Codesys Resource Exhaustion vulnerability in Codesys products

In CmpChannelServer of CODESYS V3 in multiple versions an uncontrolled ressource consumption allows an unauthorized attacker to block new communication channel connections.

5.0
2022-07-11 CVE-2022-31566 Data Stream Algorithm Benchmark Project Path Traversal vulnerability in Data Stream Algorithm Benchmark Project Data Stream Algorithm Benchmark

The DSAB-local/DSAB repository through 2019-02-18 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

5.0
2022-07-11 CVE-2022-31578 BT Lnmp Project Path Traversal vulnerability in BT Lnmp Project BT Lnmp

The piaoyunsoft/bt_lnmp repository through 2019-10-10 on GitHub allows absolute path traversal because the Flask send_file function is used unsafely.

5.0
2022-07-12 CVE-2022-22711 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Windows BitLocker Information Disclosure Vulnerability.

4.9
2022-07-12 CVE-2022-31598 SAP Insufficient Verification of Data Authenticity vulnerability in SAP Business Objects Business Intelligence Platform 420

Due to insufficient input validation, SAP Business Objects - version 420, allows an authenticated attacker to submit a malicious request through an allowed operation.

4.9
2022-07-12 CVE-2022-32246 SAP SQL Injection vulnerability in SAP Business Objects Business Intelligence Platform 420/430

SAP Busines Objects Business Intelligence Platform (Visual Difference Application) - versions 420, 430, allows an authenticated attacker who has access to BI admin console to send crafted queries and extract data from the SQL backend.

4.9
2022-07-12 CVE-2022-21845 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Windows Kernel Information Disclosure Vulnerability.

4.7
2022-07-12 CVE-2022-30212 Microsoft Race Condition vulnerability in Microsoft products

Windows Connected Devices Platform Service Information Disclosure Vulnerability.

4.7
2022-07-11 CVE-2022-1794 Codesys Unprotected Storage of Credentials vulnerability in Codesys OPC DA Server

The CODESYS OPC DA Server prior V3.5.18.20 stores PLC passwords as plain text in its configuration file so that it is visible to all authorized Microsoft Windows users of the system.

4.7
2022-07-17 CVE-2022-35861 Pyenv Project Path Traversal vulnerability in Pyenv Project Pyenv

pyenv 1.2.24 through 2.3.2 allows local users to gain privileges via a .python-version file in the current working directory.

4.6
2022-07-12 CVE-2022-30203 Microsoft Unspecified vulnerability in Microsoft products

Windows Boot Manager Security Feature Bypass Vulnerability.

4.6
2022-07-12 CVE-2022-30222 Microsoft Unspecified vulnerability in Microsoft products

Windows Shell Remote Code Execution Vulnerability.

4.6
2022-07-12 CVE-2022-33632 Microsoft Incorrect Authorization vulnerability in Microsoft products

Microsoft Office Security Feature Bypass Vulnerability.

4.6
2022-07-12 CVE-2022-33675 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

4.6
2022-07-12 CVE-2022-31591 SAP Unquoted Search Path or Element vulnerability in SAP Businessobjects BW Publisher Service 420/430

SAP BusinessObjects BW Publisher Service - versions 420, 430, uses a search path that contains an unquoted element.

4.6
2022-07-12 CVE-2021-36667 Druva OS Command Injection vulnerability in Druva Insync Client

Command injection vulnerability in Druva inSync 6.9.0 for MacOS, allows attackers to execute arbitrary commands via crafted payload to the local HTTP server due to un-sanitized call to the python os.system library.

4.6
2022-07-12 CVE-2021-36668 Druva Injection vulnerability in Druva Insync Client

URL injection in Driva inSync 6.9.0 for MacOS, allows attackers to force a visit to an arbitrary url via the port parameter to the Electron App.

4.6
2022-07-12 CVE-2022-30755 Google Improper Authentication vulnerability in Google Android 10.0/11.0/12.0

Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.

4.6
2022-07-12 CVE-2022-33695 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0/11.0/12.0

Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.

4.6
2022-07-12 CVE-2022-33703 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

4.6
2022-07-12 CVE-2022-33704 Google Improper Input Validation vulnerability in Google Android 10.0/11.0/12.0

Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

4.6
2022-07-13 CVE-2022-20212 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 10.0/11.0

In wifi.RequestToggleWifiActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack.

4.4
2022-07-13 CVE-2022-20218 Google Improper Privilege Management vulnerability in Google Android 12.0/12.1

In PermissionController, there is a possible way to get and retain permissions without user's consent due to a logic error in the code.

4.4
2022-07-12 CVE-2022-22036 Microsoft Improper Privilege Management vulnerability in Microsoft products

Performance Counters for Windows Elevation of Privilege Vulnerability.

4.4
2022-07-12 CVE-2022-33644 Microsoft Unspecified vulnerability in Microsoft Windows 10 20H2/21H1/21H2

Xbox Live Save Service Elevation of Privilege Vulnerability.

4.4
2022-07-12 CVE-2022-31012 Gitforwindows Untrusted Search Path vulnerability in Gitforwindows GIT 2.34.1

Git for Windows is a fork of Git that contains Windows-specific patches.

4.4
2022-07-17 CVE-2022-27930 Pexip Improper Input Validation vulnerability in Pexip Infinity 27.0/27.1/27.2

Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via single-sign-on if a random Universally Unique Identifier is guessed.

4.3
2022-07-17 CVE-2022-27932 Pexip Improper Input Validation vulnerability in Pexip Infinity

Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.

4.3
2022-07-17 CVE-2022-1933 Collect AND Deliver Interface FOR Woocommerce Project Cross-site Scripting vulnerability in Collect and Deliver Interface for Woocommerce Project Collect and Deliver Interface for Woocommerce

The CDI WordPress plugin before 5.1.9 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting

4.3
2022-07-17 CVE-2022-2090 Flycart Cross-site Scripting vulnerability in Flycart Discount Rules for Woocommerce

The Discount Rules for WooCommerce WordPress plugin before 2.4.2 does not escape a parameter before outputting it back in an attribute of the plugin's discount rule page, leading to Reflected Cross-Site Scripting

4.3
2022-07-17 CVE-2022-2144 Jquery Validation FOR Contact Form 7 Project Cross-Site Request Forgery (CSRF) vulnerability in Jquery Validation for Contact Form 7 Project Jquery Validation for Contact Form 7

The Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attack

4.3
2022-07-17 CVE-2022-2146 Import CSV Files Project Cross-site Scripting vulnerability in Import CSV Files Project Import CSV Files

The Import CSV Files WordPress plugin through 1.0 does not sanitise and escaped imported data before outputting them back in a page, and is lacking CSRF check when performing such action as well, resulting in a Reflected Cross-Site Scripting

4.3
2022-07-17 CVE-2022-2168 Wpdownloadmanager Cross-site Scripting vulnerability in Wpdownloadmanager Download Manager

The Download Manager WordPress plugin before 3.2.44 does not escape a generated URL before outputting it back in an attribute of the history dashboard, leading to Reflected Cross-Site Scripting

4.3
2022-07-17 CVE-2022-2173 Sigmaplugin Cross-site Scripting vulnerability in Sigmaplugin Advanced Database Cleaner

The Advanced Database Cleaner WordPress plugin before 3.1.1 does not escape numerous generated URLs before outputting them back in href attributes of admin dashboard pages, leading to Reflected Cross-Site Scripting

4.3
2022-07-17 CVE-2022-2187 Contact Form 7 Captcha Project Cross-site Scripting vulnerability in Contact Form 7 Captcha Project Contact Form 7 Captcha 0.0.9

The Contact Form 7 Captcha WordPress plugin before 0.1.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers

4.3
2022-07-14 CVE-2022-34092 I3Geo Project Cross-site Scripting vulnerability in I3Geo Project I3Geo 7.0.5

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via svg2img.php.

4.3
2022-07-14 CVE-2022-34093 I3Geo Project Cross-site Scripting vulnerability in I3Geo Project I3Geo 7.0.5

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via access_token.php.

4.3
2022-07-14 CVE-2022-34094 I3Geo Project Cross-site Scripting vulnerability in I3Geo Project I3Geo 7.0.5

Portal do Software Publico Brasileiro i3geo v7.0.5 was discovered to contain a cross-site scripting (XSS) vulnerability via request_token.php.

4.3
2022-07-14 CVE-2022-32406 Gtkradiant Project Classic Buffer Overflow vulnerability in Gtkradiant Project Gtkradiant 1.6.6

GtkRadiant v1.6.6 was discovered to contain a buffer overflow via the component q3map2.

4.3
2022-07-14 CVE-2022-32317 Mplayerhq Use After Free vulnerability in Mplayerhq Mplayer 1.5

The MPlayer Project v1.5 was discovered to contain a heap use-after-free resulting in a double free in the preinit function at libvo/vo_v4l2.c.

4.3
2022-07-13 CVE-2022-20228 Google Use After Free vulnerability in Google Android 12.0/12.1

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free.

4.3
2022-07-12 CVE-2022-22028 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Windows Network File System Information Disclosure Vulnerability.

4.3
2022-07-12 CVE-2022-30517 Mogublog Project Cross-site Scripting vulnerability in Mogublog Project Mogublog 5.2

Mogu blog 5.2 is vulnerable to Cross Site Scripting (XSS).

4.3
2022-07-12 CVE-2022-33156 Matomo Cross-site Scripting vulnerability in Matomo Integration

The matomo_integration (aka Matomo Integration) extension before 1.3.2 for TYPO3 allows XSS.

4.3
2022-07-12 CVE-2022-33157 Libconnect Project Cross-site Scripting vulnerability in Libconnect Project Libconnect

The libconnect extension before 7.0.8 and 8.x before 8.1.0 for TYPO3 allows XSS.

4.3
2022-07-12 CVE-2022-31102 Linuxfoundation Cross-site Scripting vulnerability in Linuxfoundation Argo-Cd

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes.

4.3
2022-07-12 CVE-2022-2211 Libguestfs
Redhat
Classic Buffer Overflow vulnerability in multiple products

A vulnerability was found in libguestfs.

4.3
2022-07-12 CVE-2022-32247 SAP Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the User inputs while interacting on the Network.

4.3
2022-07-12 CVE-2022-35170 SAP Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal

SAP NetWeaver Enterprise Portal does - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack.

4.3
2022-07-12 CVE-2022-35171 SAP Improper Input Validation vulnerability in SAP 3D Visual Enterprise Viewer 9

When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application.

4.3
2022-07-12 CVE-2022-35172 SAP Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.

4.3
2022-07-12 CVE-2022-35224 SAP Cross-site Scripting vulnerability in SAP Enterprise Portal

SAP Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

4.3
2022-07-12 CVE-2022-35225 SAP Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal

SAP NetWeaver Enterprise Portal - versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs over the network, resulting in reflected Cross-Site Scripting (XSS) vulnerability, therefore changing the scope of the attack.

4.3
2022-07-12 CVE-2022-35227 SAP Cross-site Scripting vulnerability in SAP Netweaver Enterprise Portal

A vulnerability in SAP NW EP (WPC) - versions 7.30, 7.31, 7.40, 7.50, which does not sufficiently validate user-controlled input, allows a remote attacker to conduct a Cross-Site (XSS) scripting attack.

4.3
2022-07-12 CVE-2022-25875 Svelte Cross-site Scripting vulnerability in Svelte

The package svelte before 3.49.0 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization and to improper escape of attributes when using objects during SSR (Server-Side Rendering).

4.3
2022-07-12 CVE-2022-25303 Whoogle Search Project Cross-site Scripting vulnerability in Whoogle-Search Project Whoogle-Search

The package whoogle-search before 0.7.2 are vulnerable to Cross-site Scripting (XSS) via the query string parameter q.

4.3
2022-07-12 CVE-2022-2291 Hotel Management System Project Cross-site Scripting vulnerability in Hotel Management System Project Hotel Management System 2.0

A vulnerability was found in SourceCodester Hotel Management System 2.0.

4.3
2022-07-12 CVE-2022-31904 Uberrider Cross-site Scripting vulnerability in Uberrider Mediacenter

EGT-Kommunikationstechnik UG Mediacenter before v2.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Online_Update.php.

4.3
2022-07-12 CVE-2022-34282 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

4.3
2022-07-12 CVE-2022-34283 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

4.3
2022-07-12 CVE-2022-34285 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

4.3
2022-07-12 CVE-2022-34287 Siemens Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

4.3
2022-07-12 CVE-2022-34288 Siemens Out-of-bounds Read vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

4.3
2022-07-12 CVE-2022-34290 Siemens Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

4.3
2022-07-12 CVE-2022-34291 Siemens Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Siemens Pads Viewer

A vulnerability has been identified in PADS Standard/Plus Viewer (All versions).

4.3
2022-07-11 CVE-2022-31073 Linuxfoundation Resource Exhaustion vulnerability in Linuxfoundation Kubeedge

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge.

4.3
2022-07-11 CVE-2022-31139 Unsafe Accessor Project Information Exposure vulnerability in Unsafe Accessor Project Unsafe Accessor

UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe.

4.3
2022-07-11 CVE-2022-1220 Foxy Shop Cross-site Scripting vulnerability in Foxy-Shop Foxyshop

The FoxyShop WordPress plugin before 4.8.2 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

4.3
2022-07-11 CVE-2022-1474 WP Eventmanager Cross-site Scripting vulnerability in Wp-Eventmanager WP Event Manager

The WP Event Manager WordPress plugin before 3.1.28 does not sanitise and escape its search before outputting it back in an attribute on the event dashboard, leading to a Reflected Cross-Site Scripting

4.3
2022-07-11 CVE-2022-1546 Visser Cross-site Scripting vulnerability in Visser Woocommerce - Product Importer

The WooCommerce - Product Importer WordPress plugin through 1.5.2 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting

4.3
2022-07-11 CVE-2022-1576 Themeisle Cross-Site Request Forgery (CSRF) vulnerability in Themeisle WP Maintenance Mode & Coming Soon

The WP Maintenance Mode & Coming Soon WordPress plugin before 2.4.5 is lacking CSRF when emptying the subscribed users list, which could allow attackers to make a logged in admin perform such action via a CSRF attack

4.3
2022-07-11 CVE-2022-1599 Admin Management Xtended Project Cross-Site Request Forgery (CSRF) vulnerability in Admin Management Xtended Project Admin Management Xtended

The Admin Management Xtended WordPress plugin before 2.4.5 does not have CSRF checks in some of its AJAX actions, allowing attackers to make a logged users with the right capabilities to call them.

4.3
2022-07-11 CVE-2022-1732 Rename WP Login Project Cross-Site Request Forgery (CSRF) vulnerability in Rename Wp-Login Project Rename Wp-Login

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3
2022-07-11 CVE-2022-1910 Averta Cross-site Scripting vulnerability in Averta Shortcodes and Extra Features for Phlox Theme

The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting

4.3
2022-07-11 CVE-2022-1937 Awin Cross-site Scripting vulnerability in Awin Data Feed 1.6

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a parameter before outputting it back via an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting

4.3
2022-07-11 CVE-2022-1951 Kitestudio Cross-site Scripting vulnerability in Kitestudio Core Plugin for Kitestudio Themes

The core plugin for kitestudio WordPress plugin before 2.3.1 does not sanitise and escape some parameters before outputting them back in a response of an AJAX action, available to both unauthenticated and authenticated users when a premium theme from the vendor is active, leading to a Reflected Cross-Site Scripting.

4.3
2022-07-11 CVE-2022-1957 Comment License Project Cross-Site Request Forgery (CSRF) vulnerability in Comment License Project Comment License

The Comment License WordPress plugin before 1.4.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3
2022-07-11 CVE-2022-2091 Cache Images Project Cross-Site Request Forgery (CSRF) vulnerability in Cache Images Project Cache Images

The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack.

4.3
2022-07-11 CVE-2022-2092 Wpovernight Cross-site Scripting vulnerability in Wpovernight Woocommerce PDF Invoices& Packing Slips

The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 2.16.0 doesn't escape a parameter on its setting page, making it possible for attackers to conduct reflected cross-site scripting attacks.

4.3
2022-07-11 CVE-2022-2123 WP OPT IN Project Cross-Site Request Forgery (CSRF) vulnerability in WP Opt-In Project WP Opt-In

The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails.

4.3
2022-07-11 CVE-2022-35416 H3C Cross-site Scripting vulnerability in H3C SSL VPN

H3C SSL VPN through 2022-07-10 allows wnm/login/login.json svpnlang cookie XSS.

4.3
2022-07-11 CVE-2022-27168 Litecart Cross-site Scripting vulnerability in Litecart

Cross-site scripting vulnerability in LiteCart versions prior to 2.4.2 allows a remote attacker to inject an arbitrary script via unspecified vectors.

4.3
2022-07-17 CVE-2022-2222 Wpchill Files or Directories Accessible to External Parties vulnerability in Wpchill Download Monitor

The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup.

4.0
2022-07-14 CVE-2022-2406 Mattermost Resource Exhaustion vulnerability in Mattermost

The legacy Slack import feature in Mattermost version 6.7.0 and earlier fails to properly limit the sizes of imported files, which allows an authenticated attacker to crash the server by importing large files via the Slack import REST API.

4.0
2022-07-14 CVE-2022-2408 Mattermost Exposure of Resource to Wrong Sphere vulnerability in Mattermost

The Guest account feature in Mattermost version 6.7.0 and earlier fails to properly restrict the permissions, which allows a guest user to fetch a list of all public channels in the team, in spite of not being part of those channels.

4.0
2022-07-13 CVE-2019-10800 Codecov Argument Injection or Modification vulnerability in Codecov

This affects the package codecov before 2.0.16.

4.0
2022-07-12 CVE-2022-22042 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Windows Hyper-V Information Disclosure Vulnerability.

4.0
2022-07-12 CVE-2022-30208 Microsoft Unspecified vulnerability in Microsoft products

Windows Security Account Manager (SAM) Denial of Service Vulnerability.

4.0
2022-07-12 CVE-2022-33637 Microsoft Unspecified vulnerability in Microsoft Defender for Endpoint

Microsoft Defender for Endpoint Tampering Vulnerability.

4.0
2022-07-12 CVE-2022-33650 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

4.0
2022-07-12 CVE-2022-33651 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

4.0
2022-07-12 CVE-2022-33653 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

4.0
2022-07-12 CVE-2022-33654 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

4.0
2022-07-12 CVE-2022-33659 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

4.0
2022-07-12 CVE-2022-33660 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

4.0
2022-07-12 CVE-2022-33664 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

4.0
2022-07-12 CVE-2022-33668 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

4.0
2022-07-12 CVE-2022-33669 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

4.0
2022-07-12 CVE-2022-33671 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

4.0
2022-07-12 CVE-2022-31134 Zulip Unrestricted Upload of File with Dangerous Type vulnerability in Zulip Server

Zulip is an open-source team collaboration tool.

4.0
2022-07-12 CVE-2022-31592 SAP Missing Authorization vulnerability in SAP Enterprise Extension Defense Forces & Public Security

The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606, 616,617,618, 802, 803, 804, 805, 806, does not perform necessary authorization checks for an authenticated user over the network, resulting in escalation of privileges leading to a limited impact on confidentiality.

4.0
2022-07-12 CVE-2022-34467 Mendix XML Entity Expansion vulnerability in Mendix Excel Importer

A vulnerability has been identified in Mendix Excel Importer Module (Mendix 8 compatible) (All versions < V9.2.2), Mendix Excel Importer Module (Mendix 9 compatible) (All versions < V10.1.2).

4.0
2022-07-11 CVE-2022-31080 Linuxfoundation Resource Exhaustion vulnerability in Linuxfoundation Kubeedge

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge.

4.0
2022-07-11 CVE-2022-31074 Linuxfoundation Resource Exhaustion vulnerability in Linuxfoundation Kubeedge

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge.

4.0
2022-07-11 CVE-2022-1956 Shortcut Macros Project Cross-Site Request Forgery (CSRF) vulnerability in Shortcut Macros Project Shortcut Macros

The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them.

4.0
2022-07-11 CVE-2022-29512 Cybozu Missing Authorization vulnerability in Cybozu Garoon

Exposure of sensitive information to an unauthorized actor issue in multiple applications of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data without the viewing privilege.

4.0
2022-07-11 CVE-2022-30943 Cybozu Unspecified vulnerability in Cybozu Garoon

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin.

4.0
2022-07-11 CVE-2022-31472 Cybozu Unspecified vulnerability in Cybozu Garoon

Browse restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to obtain the data of Cabinet.

4.0

91 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-12 CVE-2022-22022 Microsoft Unspecified vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

3.6
2022-07-12 CVE-2022-30225 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Media Player Network Sharing Service Elevation of Privilege Vulnerability.

3.6
2022-07-12 CVE-2022-30226 Microsoft Improper Privilege Management vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability.

3.6
2022-07-17 CVE-2022-2099 Woocommerce Code Injection vulnerability in Woocommerce

The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles

3.5
2022-07-17 CVE-2022-2100 Wpzinc Cross-site Scripting vulnerability in Wpzinc Page Generator

The Page Generator WordPress plugin before 1.6.5 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

3.5
2022-07-17 CVE-2022-2114 Supsystic Cross-site Scripting vulnerability in Supsystic Data Tables Generator

The Data Tables Generator by Supsystic WordPress plugin before 1.10.20 does not sanitise and escape some of its Table settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

3.5
2022-07-17 CVE-2022-2118 Tooltulips Cross-site Scripting vulnerability in Tooltulips 404S

The 404s WordPress plugin before 3.5.1 does not sanitise and escape its fields, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

3.5
2022-07-17 CVE-2022-2148 Linkedin Company Updates Project Cross-site Scripting vulnerability in Linkedin Company Updates Project Linkedin Company Updates

The LinkedIn Company Updates WordPress plugin through 1.5.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

3.5
2022-07-17 CVE-2022-2149 Very Simple Breadcrumb Project Cross-site Scripting vulnerability in Very Simple Breadcrumb Project Very Simple Breadcrumb

The Very Simple Breadcrumb WordPress plugin through 1.0 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

3.5
2022-07-17 CVE-2022-2151 Emarketdesign Cross-site Scripting vulnerability in Emarketdesign Best Contact Management Software

The Best Contact Management Software WordPress plugin through 3.7.3 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

3.5
2022-07-17 CVE-2022-2169 Dwbooster Cross-site Scripting vulnerability in Dwbooster Loading Page With Loading Screen

The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

3.5
2022-07-17 CVE-2022-2186 Bracketspace Cross-site Scripting vulnerability in Bracketspace Simple Post Notes

The Simple Post Notes WordPress plugin before 1.7.6 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

3.5
2022-07-17 CVE-2022-2194 Tipsandtricks HQ Cross-site Scripting vulnerability in Tipsandtricks-Hq Accept Stripe

The Accept Stripe Payments WordPress plugin before 2.0.64 does not sanitize and escape some of its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

3.5
2022-07-15 CVE-2020-35261 Multi Restaurant Table Reservation System Project Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Restaurant Name field to /dashboard/profile.php.

3.5
2022-07-15 CVE-2020-36550 Multi Restaurant Table Reservation System Project Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Table Name field to /dashboard/table-list.php.

3.5
2022-07-15 CVE-2020-36551 Multi Restaurant Table Reservation System Project Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Item Name field to /dashboard/menu-list.php.

3.5
2022-07-15 CVE-2020-36552 Multi Restaurant Table Reservation System Project Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Made field to /dashboard/menu-list.php.

3.5
2022-07-15 CVE-2020-36553 Multi Restaurant Table Reservation System Project Cross-site Scripting vulnerability in Multi Restaurant Table Reservation System Project Multi Restaurant Table Reservation System 1.0

Cross Site Scripting (XSS) vulnerability in sourcecodester Multi Restaurant Table Reservation System 1.0 via the Area(food_type) field to /dashboard/menu-list.php.

3.5
2022-07-14 CVE-2022-32318 Fast Food Ordering System Project Cross-site Scripting vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0

Fast Food Ordering System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the component /ffos/classes/Master.php?f=save_category.

3.5
2022-07-13 CVE-2020-21967 Prestashop Cross-site Scripting vulnerability in Prestashop 1.7.6.7

File upload vulnerability in the Catalog feature in Prestashop 1.7.6.7 allows remote attackers to run arbitrary code via the add new file page.

3.5
2022-07-13 CVE-2022-32065 Ruoyi Cross-site Scripting vulnerability in Ruoyi

An arbitrary file upload vulnerability in the background management module of RuoYi v4.7.3 and below allows attackers to execute arbitrary code via a crafted HTML file.

3.5
2022-07-13 CVE-2022-32274 Ttpsc Cross-site Scripting vulnerability in Ttpsc the Scheduler 6.5.0

The Transition Scheduler add-on 6.5.0 for Atlassian Jira is prone to stored XSS via the project name to the creation function.

3.5
2022-07-12 CVE-2022-29602 Grid Elements Project Cross-site Scripting vulnerability in Grid Elements Project Grid Elements

The gridelements (aka Grid Elements) extension through 7.6.1, 8.x through 8.7.0, 9.x through 9.7.0, and 10.x through 10.2.0 extension for TYPO3 allows XSS.

3.5
2022-07-12 CVE-2022-33652 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

3.5
2022-07-12 CVE-2022-33658 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure

Azure Site Recovery Elevation of Privilege Vulnerability.

3.5
2022-07-12 CVE-2022-33154 Schema Project Cross-site Scripting vulnerability in Schema Project Schema

The schema (aka Embedding schema.org vocabulary) extension before 1.13.1 and 2.x before 2.5.1 for TYPO3 allows XSS.

3.5
2022-07-12 CVE-2022-33155 Ameos Tarteaucitron Project Cross-site Scripting vulnerability in Ameos Tarteaucitron Project Ameos Tarteaucitron

The ameos_tarteaucitron (aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible) extension before 1.2.23 for TYPO3 allows XSS.

3.5
2022-07-12 CVE-2022-31654 Vmware Cross-site Scripting vulnerability in VMWare Vrealize LOG Insight

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations.

3.5
2022-07-12 CVE-2022-31655 Vmware Cross-site Scripting vulnerability in VMWare Vrealize LOG Insight

VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts.

3.5
2022-07-12 CVE-2022-2363 Simple Parking Management System Project Cross-site Scripting vulnerability in Simple Parking Management System Project Simple Parking Management System 1.0

A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Parking Management System 1.0.

3.5
2022-07-12 CVE-2022-2364 Simple Parking Management System Project Cross-site Scripting vulnerability in Simple Parking Management System Project Simple Parking Management System 1.0

A vulnerability, which was classified as problematic, was found in SourceCodester Simple Parking Management System 1.0.

3.5
2022-07-12 CVE-2022-2292 Hotel Management System Project Cross-site Scripting vulnerability in Hotel Management System Project Hotel Management System 2.0

A vulnerability classified as problematic has been found in SourceCodester Hotel Management System 2.0.

3.5
2022-07-12 CVE-2022-2293 Simple Sales Management System Project Cross-site Scripting vulnerability in Simple Sales Management System Project Simple Sales Management System 1.0

A vulnerability classified as problematic was found in SourceCodester Simple Sales Management System 1.0.

3.5
2022-07-12 CVE-2022-34466 Mendix Injection vulnerability in Mendix

A vulnerability has been identified in Mendix Applications using Mendix 9 (All versions >= V9.11 < V9.15), Mendix Applications using Mendix 9 (V9.12) (All versions < V9.12.3).

3.5
2022-07-12 CVE-2022-22682 Synology Cross-site Scripting vulnerability in Synology Calendar

Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Event Management in Synology Calendar before 2.4.5-10930 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2022-07-11 CVE-2022-31075 Linuxfoundation Resource Exhaustion vulnerability in Linuxfoundation Kubeedge

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge.

3.5
2022-07-11 CVE-2022-31078 Linuxfoundation Resource Exhaustion vulnerability in Linuxfoundation Kubeedge

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge.

3.5
2022-07-11 CVE-2022-31079 Linuxfoundation Resource Exhaustion vulnerability in Linuxfoundation Kubeedge

KubeEdge is an open source system for extending native containerized application orchestration capabilities to hosts at Edge.

3.5
2022-07-11 CVE-2022-1626 Sharebar Project Cross-Site Request Forgery (CSRF) vulnerability in Sharebar Project Sharebar

The Sharebar WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and also lead to Stored Cross-Site Scripting issue due to the lack of sanitisation and escaping in some of them

3.5
2022-07-11 CVE-2022-1757 Pagebar Project Cross-site Scripting vulnerability in Pagebar Project Pagebar

The pagebar WordPress plugin before 2.70 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

3.5
2022-07-11 CVE-2022-1894 Sygnoos Cross-site Scripting vulnerability in Sygnoos Popup Builder

The Popup Builder WordPress plugin before 4.1.11 does not escape and sanitize some settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltred_html is disallowed

3.5
2022-07-11 CVE-2022-1938 Awin Cross-site Scripting vulnerability in Awin Data Feed 1.6

The Awin Data Feed WordPress plugin before 1.8 does not sanitise and escape a header when processing request to generate analytics data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against a logged in admin viewing the plugin's settings

3.5
2022-07-11 CVE-2022-2050 Maxfoundry Cross-site Scripting vulnerability in Maxfoundry Wp-Paginate

The WP-Paginate WordPress plugin before 2.1.9 does not escape one of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when unfiltered_html is disallowed

3.5
2022-07-11 CVE-2022-2089 Bold Themes Cross-site Scripting vulnerability in Bold-Themes Bold Page Builder

The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

3.5
2022-07-11 CVE-2022-2093 Ninjateam Cross-site Scripting vulnerability in Ninjateam WP Duplicate Page 1.0/1.1/1.2

The WP Duplicate Page WordPress plugin before 1.3 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

3.5
2022-07-13 CVE-2022-20221 Google Out-of-bounds Read vulnerability in Google Android

In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation.

3.3
2022-07-13 CVE-2022-20226 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 12.0/12.1

In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation.

3.3
2022-07-12 CVE-2021-40013 Huawei Improper Authentication vulnerability in Huawei Emui and Magic UI

Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect integrity.

3.3
2022-07-12 CVE-2021-40016 Huawei Incorrect Authorization vulnerability in Huawei Emui and Magic UI

Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this vulnerability will affect confidentiality.

3.3
2022-07-12 CVE-2022-34740 Huawei Classic Buffer Overflow vulnerability in Huawei Emui, Harmonyos and Magic UI

The NFC module has a buffer overflow vulnerability.

3.3
2022-07-12 CVE-2022-34741 Huawei Classic Buffer Overflow vulnerability in Huawei Emui, Harmonyos and Magic UI

The NFC module has a buffer overflow vulnerability.

3.3
2022-07-12 CVE-2022-30223 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft products

Windows Hyper-V Information Disclosure Vulnerability.

2.7
2022-07-14 CVE-2022-23825 Debian
Fedoraproject
AMD
Vmware
Exposure of Resource to Wrong Sphere vulnerability in multiple products

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure.

2.1
2022-07-13 CVE-2022-20219 Google Missing Encryption of Sensitive Data vulnerability in Google Android

In multiple functions of StorageManagerService.java and UserManagerService.java, there is a possible way to leave user's directories unencrypted due to a logic error in the code.

2.1
2022-07-13 CVE-2022-20225 Google Missing Authorization vulnerability in Google Android

In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a sensitive identifier due to a missing permission check.

2.1
2022-07-13 CVE-2022-20227 Google Out-of-bounds Read vulnerability in Google Android

In USB driver, there is a possible out of bounds read due to a heap buffer overflow.

2.1
2022-07-12 CVE-2022-30213 Microsoft Unspecified vulnerability in Microsoft products

Windows GDI+ Information Disclosure Vulnerability.

2.1
2022-07-12 CVE-2011-4916 Linux Information Exposure vulnerability in Linux Kernel

Linux kernel through 3.1 allows local users to obtain sensitive keystroke information via access to /dev/pts/ and /dev/tty*.

2.1
2022-07-12 CVE-2022-29900 XEN
Debian
Fedoraproject
AMD
Information Exposure vulnerability in multiple products

Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.

2.1
2022-07-12 CVE-2022-30750 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.

2.1
2022-07-12 CVE-2022-30751 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.

2.1
2022-07-12 CVE-2022-30752 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.

2.1
2022-07-12 CVE-2022-30753 Google Incorrect Default Permissions vulnerability in Google Android 10.0/11.0/12.0

Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.

2.1
2022-07-12 CVE-2022-30757 Google Incorrect Authorization vulnerability in Google Android 10.0/11.0/12.0

Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.

2.1
2022-07-12 CVE-2022-30758 Google Incorrect Default Permissions vulnerability in Google Android 10.0/11.0/12.0

Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.

2.1
2022-07-12 CVE-2022-33685 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information.

2.1
2022-07-12 CVE-2022-33686 Google Files or Directories Accessible to External Parties vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.

2.1
2022-07-12 CVE-2022-33687 Google Information Exposure Through Log Files vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.

2.1
2022-07-12 CVE-2022-33688 Google Information Exposure Through Log Files vulnerability in Google Android 10.0/11.0/12.0

Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.

2.1
2022-07-12 CVE-2022-33689 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 10.0/11.0/12.0

Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call.

2.1
2022-07-12 CVE-2022-33690 Google Path Traversal vulnerability in Google Android 12.0

Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.

2.1
2022-07-12 CVE-2022-33692 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 11.0/12.0

Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.

2.1
2022-07-12 CVE-2022-33693 Google Information Exposure Through Log Files vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.

2.1
2022-07-12 CVE-2022-33694 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.

2.1
2022-07-12 CVE-2022-33696 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 12.0

Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.

2.1
2022-07-12 CVE-2022-33697 Google Information Exposure Through Log Files vulnerability in Google Android 10.0/11.0/12.0

Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.

2.1
2022-07-12 CVE-2022-33698 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.

2.1
2022-07-12 CVE-2022-33699 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

2.1
2022-07-12 CVE-2022-33700 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 10.0/11.0/12.0

Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

2.1
2022-07-12 CVE-2022-33701 Google Inclusion of Functionality from Untrusted Control Sphere vulnerability in Google Android 10.0/11.0/12.0

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent.

2.1
2022-07-12 CVE-2022-33702 Google Incorrect Authorization vulnerability in Google Android 10.0/11.0/12.0

Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.

2.1
2022-07-12 CVE-2022-33705 Samsung Incorrect Authorization vulnerability in Samsung Calendar

Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission.

2.1
2022-07-12 CVE-2022-33706 Samsung Unspecified vulnerability in Samsung Gallery

Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.

2.1
2022-07-12 CVE-2022-33711 Samsung Improper Validation of Integrity Check Value vulnerability in Samsung Android USB Driver

Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory junction.

2.1
2022-07-12 CVE-2022-35648 Nautilus Unspecified vulnerability in Nautilus T616 Firmware and T618 Firmware

Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers to cause a denial of service (fall) by connecting the power cord to a 120V circuit (which may lead to self-starting at an inopportune time).

2.1
2022-07-12 CVE-2022-34464 Siemens Exposure of Resource to Wrong Sphere vulnerability in Siemens products

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions), SICAM GridEdge Essential Intel (All versions < V2.7.3), SICAM GridEdge Essential with GDS ARM (All versions), SICAM GridEdge Essential with GDS Intel (All versions < V2.7.3).

2.1
2022-07-11 CVE-2020-4138 IBM Unspecified vulnerability in IBM Security Siteprotector System 3.1.1

IBM SiteProtector Appliance 3.1.1 allows web pages to be stored locally which can be read by another user on the system.

2.1
2022-07-13 CVE-2022-20230 Google Improper Input Validation vulnerability in Google Android

In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation.

1.9
2022-07-12 CVE-2022-30187 Microsoft Exposure of Resource to Wrong Sphere vulnerability in Microsoft Azure Storage Blobs and Azure Storage Queue

Azure Storage Library Information Disclosure Vulnerability.

1.9
2022-07-12 CVE-2022-29901 Intel
XEN
Fedoraproject
Vmware
Exposure of Resource to Wrong Sphere vulnerability in multiple products

Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data.

1.9
2022-07-12 CVE-2022-33691 Google Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Google Android 10.0/11.0/12.0

A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations.

1.9