Weekly Vulnerabilities Reports > July 18 to 24, 2022

Overview

174 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 101 high severity vulnerabilities. This weekly summary report vulnerabilities in 157 products from 73 vendors including Cisco, Google, Fedoraproject, Oracle, and Debian. Vulnerabilities are notably categorized as "OS Command Injection", "Classic Buffer Overflow", "Use After Free", "Integer Overflow or Wraparound", and "Out-of-bounds Write".

  • 146 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 37 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 93 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 45 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

15 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-22 CVE-2022-34113 Dataease Unspecified vulnerability in Dataease 1.11.1

An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin.

9.8
2022-07-22 CVE-2022-34115 Dataease Project Unrestricted Upload of File with Dangerous Type vulnerability in Dataease Project Dataease 1.11.1

DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId.

9.8
2022-07-22 CVE-2022-34839 Codexshaper Unspecified vulnerability in Codexshaper WP Oauth2 Server 1.0.0/1.0.1

Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress.

9.8
2022-07-22 CVE-2022-2143 Advantech Unspecified vulnerability in Advantech Iview

The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code.

9.8
2022-07-21 CVE-2022-0902 ABB Path Traversal vulnerability in ABB products

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node.

9.8
2022-07-21 CVE-2022-34767 Allnet Missing Authentication for Critical Function vulnerability in Allnet All-Wr0500Ac Firmware

Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone to Authorization bypass vulnerability – the password, located at "admin" allows changing the http[s]://wizardpwd.asp/cgi-bin.

9.8
2022-07-21 CVE-2022-20857 Cisco Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.

9.8
2022-07-21 CVE-2022-20858 Cisco Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.

9.8
2022-07-20 CVE-2022-26136 Atlassian Improper Authentication vulnerability in Atlassian products

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps.

9.8
2022-07-20 CVE-2022-2141 Micodus Missing Authentication for Critical Function vulnerability in Micodus Mv720 Firmware

SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication.

9.8
2022-07-19 CVE-2022-24082 Pega Deserialization of Untrusted Data vulnerability in Pega Infinity

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system.

9.8
2022-07-19 CVE-2022-35405 Zohocorp Deserialization of Untrusted Data vulnerability in Zohocorp products

Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution.

9.8
2022-07-18 CVE-2022-2437 Slickremix Deserialization of Untrusted Data vulnerability in Slickremix Feed Them Social

The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5.

9.8
2022-07-21 CVE-2022-0973 Google Use After Free vulnerability in Google Chrome

Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

9.6
2022-07-21 CVE-2022-0977 Google Use After Free vulnerability in Google Chrome

Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

9.6

101 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-23 CVE-2022-1096 Google Type Confusion vulnerability in Google Chrome

Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-23 CVE-2022-1125 Google Use After Free vulnerability in Google Chrome

Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

8.8
2022-07-23 CVE-2022-1127 Google Use After Free vulnerability in Google Chrome

Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction.

8.8
2022-07-23 CVE-2022-1131 Google Use After Free vulnerability in Google Chrome

Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-23 CVE-2022-1133 Google Use After Free vulnerability in Google Chrome

Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-23 CVE-2022-1134 Google Type Confusion vulnerability in Google Chrome

Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-23 CVE-2022-1135 Google Use After Free vulnerability in Google Chrome

Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction.

8.8
2022-07-23 CVE-2022-1136 Google Use After Free vulnerability in Google Chrome

Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures.

8.8
2022-07-22 CVE-2022-0978 Google Use After Free vulnerability in Google Chrome

Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-22 CVE-2022-0979 Google Use After Free vulnerability in Google Chrome

Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-22 CVE-2022-0980 Google Use After Free vulnerability in Google Chrome

Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions.

8.8
2022-07-22 CVE-2022-27235 Supsystic Unspecified vulnerability in Supsystic Social Share Buttons

Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress.

8.8
2022-07-22 CVE-2022-31168 Zulip Incorrect Authorization vulnerability in Zulip

Zulip is an open source team chat tool.

8.8
2022-07-21 CVE-2022-0971 Google Use After Free vulnerability in Google Chrome

Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-21 CVE-2022-0972 Google Use After Free vulnerability in Google Chrome

Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-21 CVE-2022-0974 Google Use After Free vulnerability in Google Chrome

Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-21 CVE-2022-0975 Google Use After Free vulnerability in Google Chrome

Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-21 CVE-2022-0976 Google Out-of-bounds Write vulnerability in Google Chrome

Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-07-21 CVE-2022-20861 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Nexus Dashboard

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack.

8.8
2022-07-20 CVE-2022-26137 Atlassian Origin Validation Error vulnerability in Atlassian products

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses.

8.8
2022-07-19 CVE-2022-31144 Redis Heap-based Buffer Overflow vulnerability in Redis

Redis is an in-memory database that persists on disk.

8.8
2022-07-19 CVE-2022-34538 DW OS Command Injection vulnerability in DW Megapix Firmware 4.2.0.32842

Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/bia/addacph.cgi.

8.8
2022-07-19 CVE-2022-34539 DW OS Command Injection vulnerability in DW Megapix Firmware 4.2.0.32842

Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/curltest.cgi.

8.8
2022-07-19 CVE-2022-34540 DW OS Command Injection vulnerability in DW Megapix Firmware 4.2.0.32842

Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/license/license_tok.cgi.

8.8
2022-07-19 CVE-2022-27373 Phicomm OS Command Injection vulnerability in Phicomm Fir303B Firmware

Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution (RCE) vulnerability via the Ping function.

8.8
2022-07-19 CVE-2022-22360 IBM Injection vulnerability in IBM products

IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection.

8.8
2022-07-18 CVE-2022-26117 Fortinet Weak Password Requirements vulnerability in Fortinet Fortinac

An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI.

8.8
2022-07-18 CVE-2022-1912 Smartsoft Cross-Site Request Forgery (CSRF) vulnerability in Smartsoft Button Widget Smartsoft 1.0.1

The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1.

8.8
2022-07-18 CVE-2022-2001 Devrix Cross-Site Request Forgery (CSRF) vulnerability in Devrix DX Share Selection 1.2/1.3/1.4

The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4.

8.8
2022-07-18 CVE-2022-2039 Livesupporti Unspecified vulnerability in Livesupporti Free Live Chat Support

The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11.

8.8
2022-07-18 CVE-2022-2435 Anymind Cross-Site Request Forgery (CSRF) vulnerability in Anymind Widget

The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.

8.8
2022-07-18 CVE-2022-2443 Freemind WP Browser Project Unspecified vulnerability in Freemind WP Browser Project Freemind WP Browser 1.2

The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2.

8.8
2022-07-18 CVE-2022-2444 Themeisle Deserialization of Untrusted Data vulnerability in Themeisle Visualizer

The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9.

8.8
2022-07-18 CVE-2022-30620 Cellinx Reliance on Cookies without Validation and Integrity Checking vulnerability in Cellinx NVT - IP PTZ Camera Firmware 3.2.0/3.2.1

On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig".

8.8
2022-07-18 CVE-2022-33891 Apache OS Command Injection vulnerability in Apache Spark

The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable.

8.8
2022-07-19 CVE-2022-21571 Oracle Unspecified vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

8.2
2022-07-18 CVE-2022-35404 Zohocorp Improper Input Validation vulnerability in Zohocorp products

ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine.

8.2
2022-07-23 CVE-2022-1130 Google NULL Pointer Dereference vulnerability in Google Chrome

Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app.

8.1
2022-07-22 CVE-2022-31163 Tzinfo Project
Debian
Relative Path Traversal vulnerability in multiple products

TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules.

8.1
2022-07-19 CVE-2022-2469 GNU
Debian
Out-of-bounds Read vulnerability in multiple products

GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client

8.1
2022-07-24 CVE-2017-20144 Anvsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Anvsoft PDF Converter 1.7.5.0

A vulnerability has been found in Anvsoft PDFMate PDF Converter Pro 1.7.5.0 and classified as critical.

7.8
2022-07-24 CVE-2021-46829 Gnome
Fedoraproject
Debian
Integer Overflow or Wraparound vulnerability in multiple products

GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame.

7.8
2022-07-22 CVE-2022-2327 Linux Double Free vulnerability in Linux Kernel

io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP.

7.8
2022-07-21 CVE-2022-35899 Asus Unquoted Search Path or Element vulnerability in Asus Aura Ready Game Software Development KIT 1.0.0.4

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4.

7.8
2022-07-20 CVE-2022-31250 Opensuse Link Following vulnerability in Opensuse Tumbleweed 2.6.24.2

A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root.

7.8
2022-07-19 CVE-2022-1920 Gstreamer Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files.

7.8
2022-07-19 CVE-2022-1921 Gstreamer Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files.

7.8
2022-07-19 CVE-2022-1922 Gstreamer Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

DOS / potential heap overwrite in mkv demuxing using zlib decompression.

7.8
2022-07-19 CVE-2022-1923 Gstreamer Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

DOS / potential heap overwrite in mkv demuxing using bzip decompression.

7.8
2022-07-19 CVE-2022-1924 Gstreamer Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

DOS / potential heap overwrite in mkv demuxing using lzo decompression.

7.8
2022-07-19 CVE-2022-1925 Gstreamer Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression.

7.8
2022-07-19 CVE-2022-2122 Gstreamer Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

DOS / potential heap overwrite in qtdemux using zlib decompression.

7.8
2022-07-19 CVE-2022-2454 Gpac Integer Overflow or Wraparound vulnerability in Gpac

Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV.

7.8
2022-07-19 CVE-2022-30526 Zyxel Improper Privilege Management vulnerability in Zyxel products

A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.

7.8
2022-07-22 CVE-2022-34037 Caddyserver Out-of-bounds Read vulnerability in Caddyserver Caddy 2.5.1

An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI.

7.5
2022-07-22 CVE-2022-31162 Slack Morphism Project Improper Cross-boundary Removal of Sensitive Data vulnerability in Slack Morphism Project Slack Morphism

Slack Morphism is an async client library for Rust.

7.5
2022-07-21 CVE-2022-32430 Talelin Unspecified vulnerability in Talelin Lin-Cms-Spring-Boot 0.2.1

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application.

7.5
2022-07-20 CVE-2022-34046 Wavlink Incorrect Authorization vulnerability in Wavlink Wn533A8 Firmware M33A8.V5030.190716

An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);].

7.5
2022-07-20 CVE-2022-34047 Wavlink Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd].

7.5
2022-07-20 CVE-2021-46828 Libtirpc Project
Debian
Infinite Loop vulnerability in multiple products

In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled.

7.5
2022-07-19 CVE-2022-34534 DW Unspecified vulnerability in DW Spectrum Server Firmware 4.2.0.32842

Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call.

7.5
2022-07-19 CVE-2022-34169 Apache
Debian
Oracle
Fedoraproject
Netapp
Azul
Incorrect Conversion between Numeric Types vulnerability in multiple products

The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets.

7.5
2022-07-18 CVE-2022-34027 F5 Unspecified vulnerability in F5 NJS 0.7.4

Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c.

7.5
2022-07-18 CVE-2020-16093 Lemonldap NG
Debian
Improper Certificate Validation vulnerability in multiple products

In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used.

7.5
2022-07-21 CVE-2022-20860 Cisco Improper Certificate Validation vulnerability in Cisco Nexus Dashboard

A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information.

7.4
2022-07-22 CVE-2022-20892 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20893 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20894 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20895 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20896 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20897 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20898 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20899 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20900 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20901 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20902 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20903 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20904 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20910 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20911 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-22 CVE-2022-20912 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20891 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20885 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20886 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20887 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20888 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20889 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20890 Cisco Classic Buffer Overflow vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20884 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20881 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20882 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20883 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20873 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20874 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20875 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20876 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20877 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20878 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20879 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-21 CVE-2022-20880 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition.

7.2
2022-07-18 CVE-2022-1565 Wpallimport Unrestricted Upload of File with Dangerous Type vulnerability in Wpallimport WP ALL Import 3.4.6

The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7.

7.2

57 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-20 CVE-2022-32959 Hinet Unspecified vulnerability in Hinet Hicos Natural Person Credential Component Client 3.0.3.30306/3.0.3.30404/3.1.0.00002

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information.

6.8
2022-07-18 CVE-2021-33656 Huawei
Linux
Debian
Out-of-bounds Write vulnerability in multiple products

When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.

6.8
2022-07-22 CVE-2022-20906 Cisco Improper Privilege Management vulnerability in Cisco Nexus Dashboard

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.

6.7
2022-07-22 CVE-2022-20907 Cisco Improper Privilege Management vulnerability in Cisco Nexus Dashboard

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.

6.7
2022-07-22 CVE-2022-20908 Cisco Improper Input Validation vulnerability in Cisco Nexus Dashboard

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.

6.7
2022-07-22 CVE-2022-20909 Cisco Improper Input Validation vulnerability in Cisco Nexus Dashboard

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device.

6.7
2022-07-18 CVE-2021-33655 Linux
Debian
Out-of-bounds Write vulnerability in multiple products

When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.

6.7
2022-07-23 CVE-2022-1128 Google Path Traversal vulnerability in Google Chrome

Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page.

6.5
2022-07-23 CVE-2022-1129 Google Authentication Bypass by Spoofing vulnerability in Google Chrome

Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5
2022-07-23 CVE-2022-1137 Google Exposure of Resource to Wrong Sphere vulnerability in Google Chrome

Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page.

6.5
2022-07-23 CVE-2022-1138 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Chrome

Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page.

6.5
2022-07-23 CVE-2022-1139 Google Information Exposure Through Discrepancy vulnerability in Google Chrome

Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5
2022-07-23 CVE-2022-1146 Google Information Exposure Through Discrepancy vulnerability in Google Chrome

Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5
2022-07-22 CVE-2022-34503 Qpdf Project Out-of-bounds Write vulnerability in Qpdf Project Qpdf 8.4.2

QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream.

6.5
2022-07-22 CVE-2022-20913 Cisco Improper Input Validation vulnerability in Cisco Nexus Dashboard

A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device.

6.5
2022-07-21 CVE-2022-31151 Nodejs Open Redirect vulnerability in Nodejs Undici

Authorization headers are cleared on cross-origin redirect.

6.5
2022-07-19 CVE-2022-31150 Nodejs CRLF Injection vulnerability in Nodejs Undici

undici is an HTTP/1.1 client, written from scratch for Node.js.

6.5
2022-07-19 CVE-2022-21586 Oracle Unspecified vulnerability in Oracle Banking Trade Finance 14.5

Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure).

6.4
2022-07-23 CVE-2022-1132 Google Incorrect Authorization vulnerability in Google Chrome

Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device.

6.1
2022-07-22 CVE-2022-20916 Cisco Cross-site Scripting vulnerability in Cisco IOT Control Center

A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

6.1
2022-07-20 CVE-2022-31160 Jqueryui
Netapp
Drupal
Fedoraproject
Debian
Cross-site Scripting vulnerability in multiple products

jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery.

6.1
2022-07-21 CVE-2022-28860 Citilog Unspecified vulnerability in Citilog 8.0

An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera.

5.9
2022-07-21 CVE-2022-28861 Citilog Cleartext Transmission of Sensitive Information vulnerability in Citilog 8.0

The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic.

5.9
2022-07-19 CVE-2022-21541 Oracle
Fedoraproject
Debian
Netapp
Azul
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
5.9
2022-07-22 CVE-2022-34502 Radare Out-of-bounds Write vulnerability in Radare Radare2 5.7.0

Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c.

5.5
2022-07-21 CVE-2022-36313 File Type Project Infinite Loop vulnerability in File-Type Project File-Type

An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js.

5.5
2022-07-19 CVE-2022-21509 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
5.5
2022-07-19 CVE-2022-21527 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
5.5
2022-07-19 CVE-2022-21528 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
5.5
2022-07-19 CVE-2022-2476 Wavpack
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access.

5.5
2022-07-18 CVE-2022-34641 Openhwgroup
Boom Core
Improper Handling of Exceptional Conditions vulnerability in multiple products

CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation.

5.5
2022-07-18 CVE-2022-2101 Wpdownloadmanager Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping.

5.4
2022-07-21 CVE-2022-33198 Oxilab Unspecified vulnerability in Oxilab Accordions

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress.

5.3
2022-07-21 CVE-2022-34487 Oxilab Unspecified vulnerability in Oxilab Shortcode Addons

Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress.

5.3
2022-07-21 CVE-2022-28666 Yikesinc Improper Authentication vulnerability in Yikesinc Custom Product Tabs for Woocommerce

Broken Access Control vulnerability in YIKES Inc.

5.3
2022-07-19 CVE-2022-21540 Oracle
Fedoraproject
Debian
Netapp
Azul
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot).
5.3
2022-07-19 CVE-2022-21549 Oracle
Azul
Fedoraproject
Debian
Netapp
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries).
5.3
2022-07-18 CVE-2022-2108 Wbcomdesigns Missing Authorization vulnerability in Wbcomdesigns Buddypress Group Reviews

The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3.

5.3
2022-07-18 CVE-2022-2117 Givewp Unspecified vulnerability in Givewp

The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled.

5.3
2022-07-18 CVE-2022-23142 ZTE Unspecified vulnerability in ZTE Zxen Cg200 Firmware 1.0.0P1N5M

ZXEN CG200 has a DoS vulnerability.

5.3
2022-07-18 CVE-2022-2400 Dompdf Project External Control of File Name or Path vulnerability in Dompdf Project Dompdf

External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.

5.3
2022-07-21 CVE-2022-31475 Givewp Path Traversal vulnerability in Givewp

Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress.

4.9
2022-07-20 CVE-2021-38936 IBM Unspecified vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive information to a privileged user.

4.9
2022-07-19 CVE-2022-21515 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options).
4.9
2022-07-19 CVE-2022-21517 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2022-07-19 CVE-2022-21525 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2022-07-19 CVE-2022-21526 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2022-07-19 CVE-2022-21529 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2022-07-19 CVE-2022-21530 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2022-07-19 CVE-2022-21531 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2022-07-19 CVE-2022-21534 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
4.9
2022-07-19 CVE-2022-21537 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2022-07-20 CVE-2022-29923 Thingsforrestaurants Cross-site Scripting vulnerability in Thingsforrestaurants Quick Restaurant Reservations

Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1.

4.8
2022-07-19 CVE-2022-21522 Oracle
Fedoraproject
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure).
4.4
2022-07-18 CVE-2021-42755 Fortinet Integer Overflow or Wraparound vulnerability in Fortinet products

An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service.

4.3
2022-07-18 CVE-2022-2223 Ghozylab Cross-Site Request Forgery (CSRF) vulnerability in Ghozylab Image Slider

The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider.

4.3
2022-07-18 CVE-2022-2224 Ghozylab Unspecified vulnerability in Ghozylab Gallery for Social Photo

The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed.

4.3

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-07-19 CVE-2022-2394 Perforce Information Exposure Through Log Files vulnerability in Perforce Puppet Bolt

Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise.

3.5