Weekly Vulnerabilities Reports > July 18 to 24, 2022
Overview
174 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 101 high severity vulnerabilities. This weekly summary report vulnerabilities in 157 products from 73 vendors including Cisco, Google, Fedoraproject, Oracle, and Debian. Vulnerabilities are notably categorized as "OS Command Injection", "Classic Buffer Overflow", "Use After Free", "Integer Overflow or Wraparound", and "Out-of-bounds Write".
- 146 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 37 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 93 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 45 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
15 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-07-22 | CVE-2022-34113 | Dataease | Unspecified vulnerability in Dataease 1.11.1 An issue in the component /api/plugin/upload of Dataease v1.11.1 allows attackers to execute arbitrary code via a crafted plugin. | 9.8 |
2022-07-22 | CVE-2022-34115 | Dataease Project | Unrestricted Upload of File with Dangerous Type vulnerability in Dataease Project Dataease 1.11.1 DataEase v1.11.1 was discovered to contain a arbitrary file write vulnerability via the parameter dataSourceId. | 9.8 |
2022-07-22 | CVE-2022-34839 | Codexshaper | Unspecified vulnerability in Codexshaper WP Oauth2 Server 1.0.0/1.0.1 Authentication Bypass vulnerability in CodexShaper's WP OAuth2 Server plugin <= 1.0.1 at WordPress. | 9.8 |
2022-07-22 | CVE-2022-2143 | Advantech | Unspecified vulnerability in Advantech Iview The affected product is vulnerable to two instances of command injection, which may allow an attacker to remotely execute arbitrary code. | 9.8 |
2022-07-21 | CVE-2022-0902 | ABB | Path Traversal vulnerability in ABB products Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in flow computer and remote controller products of ABB ( RMC-100 (Standard), RMC-100-LITE, XIO, XFCG5 , XRCG5 , uFLOG5 , UDC) allows an attacker who successfully exploited this vulnerability could insert and run arbitrary code in an affected system node. | 9.8 |
2022-07-21 | CVE-2022-34767 | Allnet | Missing Authentication for Critical Function vulnerability in Allnet All-Wr0500Ac Firmware Web page which "wizardpwd.asp" ALLNET Router model WR0500AC is prone to Authorization bypass vulnerability – the password, located at "admin" allows changing the http[s]://wizardpwd.asp/cgi-bin. | 9.8 |
2022-07-21 | CVE-2022-20857 | Cisco | Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. | 9.8 |
2022-07-21 | CVE-2022-20858 | Cisco | Missing Authentication for Critical Function vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. | 9.8 |
2022-07-20 | CVE-2022-26136 | Atlassian | Improper Authentication vulnerability in Atlassian products A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and third party apps. | 9.8 |
2022-07-20 | CVE-2022-2141 | Micodus | Missing Authentication for Critical Function vulnerability in Micodus Mv720 Firmware SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. | 9.8 |
2022-07-19 | CVE-2022-24082 | Pega | Deserialization of Untrusted Data vulnerability in Pega Infinity If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. | 9.8 |
2022-07-19 | CVE-2022-35405 | Zohocorp | Deserialization of Untrusted Data vulnerability in Zohocorp products Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. | 9.8 |
2022-07-18 | CVE-2022-2437 | Slickremix | Deserialization of Untrusted Data vulnerability in Slickremix Feed Them Social The Feed Them Social – for Twitter feed, Youtube and more plugin for WordPress is vulnerable to deserialization of untrusted input via the 'fts_url' parameter in versions up to, and including 2.9.8.5. | 9.8 |
2022-07-21 | CVE-2022-0973 | Use After Free vulnerability in Google Chrome Use after free in Safe Browsing in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 9.6 | |
2022-07-21 | CVE-2022-0977 | Use After Free vulnerability in Google Chrome Use after free in Browser UI in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 9.6 |
101 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-07-23 | CVE-2022-1096 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 99.0.4844.84 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-23 | CVE-2022-1125 | Use After Free vulnerability in Google Chrome Use after free in Portals in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | 8.8 | |
2022-07-23 | CVE-2022-1127 | Use After Free vulnerability in Google Chrome Use after free in QR Code Generator in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via user interaction. | 8.8 | |
2022-07-23 | CVE-2022-1131 | Use After Free vulnerability in Google Chrome Use after free in Cast UI in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-23 | CVE-2022-1133 | Use After Free vulnerability in Google Chrome Use after free in WebRTC Perf in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-23 | CVE-2022-1134 | Type Confusion vulnerability in Google Chrome Type confusion in V8 in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-23 | CVE-2022-1135 | Use After Free vulnerability in Google Chrome Use after free in Shopping Cart in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to potentially exploit heap corruption via standard feature user interaction. | 8.8 | |
2022-07-23 | CVE-2022-1136 | Use After Free vulnerability in Google Chrome Use after free in Tab Strip in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific set of user gestures. | 8.8 | |
2022-07-22 | CVE-2022-0978 | Use After Free vulnerability in Google Chrome Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-22 | CVE-2022-0979 | Use After Free vulnerability in Google Chrome Use after free in Safe Browsing in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-22 | CVE-2022-0980 | Use After Free vulnerability in Google Chrome Use after free in New Tab Page in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific user interactions. | 8.8 | |
2022-07-22 | CVE-2022-27235 | Supsystic | Unspecified vulnerability in Supsystic Social Share Buttons Multiple Broken Access Control vulnerabilities in Social Share Buttons by Supsystic plugin <= 2.2.3 at WordPress. | 8.8 |
2022-07-22 | CVE-2022-31168 | Zulip | Incorrect Authorization vulnerability in Zulip Zulip is an open source team chat tool. | 8.8 |
2022-07-21 | CVE-2022-0971 | Use After Free vulnerability in Google Chrome Use after free in Blink Layout in Google Chrome on Android prior to 99.0.4844.74 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-21 | CVE-2022-0972 | Use After Free vulnerability in Google Chrome Use after free in Extensions in Google Chrome prior to 99.0.4844.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-21 | CVE-2022-0974 | Use After Free vulnerability in Google Chrome Use after free in Splitscreen in Google Chrome on Chrome OS prior to 99.0.4844.74 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-21 | CVE-2022-0975 | Use After Free vulnerability in Google Chrome Use after free in ANGLE in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-21 | CVE-2022-0976 | Out-of-bounds Write vulnerability in Google Chrome Heap buffer overflow in GPU in Google Chrome prior to 99.0.4844.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 | |
2022-07-21 | CVE-2022-20861 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to execute arbitrary commands, read or upload container image files, or perform a cross-site request forgery attack. | 8.8 |
2022-07-20 | CVE-2022-26137 | Atlassian | Origin Validation Error vulnerability in Atlassian products A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invoked when the application processes requests or responses. | 8.8 |
2022-07-19 | CVE-2022-31144 | Redis | Heap-based Buffer Overflow vulnerability in Redis Redis is an in-memory database that persists on disk. | 8.8 |
2022-07-19 | CVE-2022-34538 | DW | OS Command Injection vulnerability in DW Megapix Firmware 4.2.0.32842 Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/bia/addacph.cgi. | 8.8 |
2022-07-19 | CVE-2022-34539 | DW | OS Command Injection vulnerability in DW Megapix Firmware 4.2.0.32842 Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/curltest.cgi. | 8.8 |
2022-07-19 | CVE-2022-34540 | DW | OS Command Injection vulnerability in DW Megapix Firmware 4.2.0.32842 Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 was discovered to contain a command injection vulnerability in the component /admin/vca/license/license_tok.cgi. | 8.8 |
2022-07-19 | CVE-2022-27373 | Phicomm | OS Command Injection vulnerability in Phicomm Fir303B Firmware Shanghai Feixun Data Communication Technology Co., Ltd router fir302b A2 was discovered to contain a remote command execution (RCE) vulnerability via the Ping function. | 8.8 |
2022-07-19 | CVE-2022-22360 | IBM | Injection vulnerability in IBM products IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 could allow a remote authenticated attacker to conduct an LDAP injection. | 8.8 |
2022-07-18 | CVE-2022-26117 | Fortinet | Weak Password Requirements vulnerability in Fortinet Fortinac An empty password in configuration file vulnerability [CWE-258] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.3 and below may allow an authenticated attacker to access the MySQL databases via the CLI. | 8.8 |
2022-07-18 | CVE-2022-1912 | Smartsoft | Cross-Site Request Forgery (CSRF) vulnerability in Smartsoft Button Widget Smartsoft 1.0.1 The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. | 8.8 |
2022-07-18 | CVE-2022-2001 | Devrix | Cross-Site Request Forgery (CSRF) vulnerability in Devrix DX Share Selection 1.2/1.3/1.4 The DX Share Selection plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. | 8.8 |
2022-07-18 | CVE-2022-2039 | Livesupporti | Unspecified vulnerability in Livesupporti Free Live Chat Support The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. | 8.8 |
2022-07-18 | CVE-2022-2435 | Anymind | Cross-Site Request Forgery (CSRF) vulnerability in Anymind Widget The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. | 8.8 |
2022-07-18 | CVE-2022-2443 | Freemind WP Browser Project | Unspecified vulnerability in Freemind WP Browser Project Freemind WP Browser 1.2 The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. | 8.8 |
2022-07-18 | CVE-2022-2444 | Themeisle | Deserialization of Untrusted Data vulnerability in Themeisle Visualizer The Visualizer: Tables and Charts Manager for WordPress plugin for WordPress is vulnerable to deserialization of untrusted input via the 'remote_data' parameter in versions up to, and including 3.7.9. | 8.8 |
2022-07-18 | CVE-2022-30620 | Cellinx | Reliance on Cookies without Validation and Integrity Checking vulnerability in Cellinx NVT - IP PTZ Camera Firmware 3.2.0/3.2.1 On Cellinx Camera with guest enabled, attacker with web access can elevate privileges to administrative: "1" to "0" privileges by changing the following cookie values from "is_admin", "showConfig". | 8.8 |
2022-07-18 | CVE-2022-33891 | Apache | OS Command Injection vulnerability in Apache Spark The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. | 8.8 |
2022-07-19 | CVE-2022-21571 | Oracle | Unspecified vulnerability in Oracle VM Virtualbox Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 8.2 |
2022-07-18 | CVE-2022-35404 | Zohocorp | Improper Input Validation vulnerability in Zohocorp products ManageEngine Password Manager Pro 12100 and prior and OPManager 126100 and prior are vulnerable to unauthorized file and directory creation on a server machine. | 8.2 |
2022-07-23 | CVE-2022-1130 | NULL Pointer Dereference vulnerability in Google Chrome Insufficient validation of trust input in WebOTP in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to send arbitrary intents from any app via a malicious app. | 8.1 | |
2022-07-22 | CVE-2022-31163 | Tzinfo Project Debian | Relative Path Traversal vulnerability in multiple products TZInfo is a Ruby library that provides access to time zone data and allows times to be converted using time zone rules. | 8.1 |
2022-07-19 | CVE-2022-2469 | GNU Debian | Out-of-bounds Read vulnerability in multiple products GNU SASL libgsasl server-side read-out-of-bounds with malicious authenticated GSS-API client | 8.1 |
2022-07-24 | CVE-2017-20144 | Anvsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Anvsoft PDF Converter 1.7.5.0 A vulnerability has been found in Anvsoft PDFMate PDF Converter Pro 1.7.5.0 and classified as critical. | 7.8 |
2022-07-24 | CVE-2021-46829 | Gnome Fedoraproject Debian | Integer Overflow or Wraparound vulnerability in multiple products GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. | 7.8 |
2022-07-22 | CVE-2022-2327 | Linux | Double Free vulnerability in Linux Kernel io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. | 7.8 |
2022-07-21 | CVE-2022-35899 | Asus | Unquoted Search Path or Element vulnerability in Asus Aura Ready Game Software Development KIT 1.0.0.4 There is an unquoted service path in ASUSTeK Aura Ready Game SDK service (GameSDK.exe) 1.0.0.4. | 7.8 |
2022-07-20 | CVE-2022-31250 | Opensuse | Link Following vulnerability in Opensuse Tumbleweed 2.6.24.2 A UNIX Symbolic Link (Symlink) Following vulnerability in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. | 7.8 |
2022-07-19 | CVE-2022-1920 | Gstreamer Project Debian | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. | 7.8 |
2022-07-19 | CVE-2022-1921 | Gstreamer Project Debian | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. | 7.8 |
2022-07-19 | CVE-2022-1922 | Gstreamer Project Debian | Integer Overflow or Wraparound vulnerability in multiple products DOS / potential heap overwrite in mkv demuxing using zlib decompression. | 7.8 |
2022-07-19 | CVE-2022-1923 | Gstreamer Project Debian | Integer Overflow or Wraparound vulnerability in multiple products DOS / potential heap overwrite in mkv demuxing using bzip decompression. | 7.8 |
2022-07-19 | CVE-2022-1924 | Gstreamer Project Debian | Integer Overflow or Wraparound vulnerability in multiple products DOS / potential heap overwrite in mkv demuxing using lzo decompression. | 7.8 |
2022-07-19 | CVE-2022-1925 | Gstreamer Project Debian | Integer Overflow or Wraparound vulnerability in multiple products DOS / potential heap overwrite in mkv demuxing using HEADERSTRIP decompression. | 7.8 |
2022-07-19 | CVE-2022-2122 | Gstreamer Project Debian | Integer Overflow or Wraparound vulnerability in multiple products DOS / potential heap overwrite in qtdemux using zlib decompression. | 7.8 |
2022-07-19 | CVE-2022-2454 | Gpac | Integer Overflow or Wraparound vulnerability in Gpac Integer Overflow or Wraparound in GitHub repository gpac/gpac prior to 2.1-DEV. | 7.8 |
2022-07-19 | CVE-2022-30526 | Zyxel | Improper Privilege Management vulnerability in Zyxel products A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device. | 7.8 |
2022-07-22 | CVE-2022-34037 | Caddyserver | Out-of-bounds Read vulnerability in Caddyserver Caddy 2.5.1 An out-of-bounds read in the rewrite function at /modules/caddyhttp/rewrite/rewrite.go in Caddy v2.5.1 allows attackers to cause a Denial of Service (DoS) via a crafted URI. | 7.5 |
2022-07-22 | CVE-2022-31162 | Slack Morphism Project | Improper Cross-boundary Removal of Sensitive Data vulnerability in Slack Morphism Project Slack Morphism Slack Morphism is an async client library for Rust. | 7.5 |
2022-07-21 | CVE-2022-32430 | Talelin | Unspecified vulnerability in Talelin Lin-Cms-Spring-Boot 0.2.1 An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the application. | 7.5 |
2022-07-20 | CVE-2022-34046 | Wavlink | Incorrect Authorization vulnerability in Wavlink Wn533A8 Firmware M33A8.V5030.190716 An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);]. | 7.5 |
2022-07-20 | CVE-2022-34047 | Wavlink | Exposure of Resource to Wrong Sphere vulnerability in Wavlink Wl-Wn530Hg4 Firmware M30Hg4.V5030.191116 An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/set_safety.shtml?r=52300 and searching for [var syspasswd]. | 7.5 |
2022-07-20 | CVE-2021-46828 | Libtirpc Project Debian | Infinite Loop vulnerability in multiple products In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. | 7.5 |
2022-07-19 | CVE-2022-34534 | DW | Unspecified vulnerability in DW Spectrum Server Firmware 4.2.0.32842 Digital Watchdog DW Spectrum Server 4.2.0.32842 allows attackers to access sensitive infromation via a crafted API call. | 7.5 |
2022-07-19 | CVE-2022-34169 | Apache Debian Oracle Fedoraproject Netapp Azul | Incorrect Conversion between Numeric Types vulnerability in multiple products The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. | 7.5 |
2022-07-18 | CVE-2022-34027 | F5 | Unspecified vulnerability in F5 NJS 0.7.4 Nginx NJS v0.7.4 was discovered to contain a segmentation violation via njs_value_property at njs_value.c. | 7.5 |
2022-07-18 | CVE-2020-16093 | Lemonldap NG Debian | Improper Certificate Validation vulnerability in multiple products In LemonLDAP::NG (aka lemonldap-ng) through 2.0.8, validity of the X.509 certificate is not checked by default when connecting to remote LDAP backends, because the default configuration of the Net::LDAPS module for Perl is used. | 7.5 |
2022-07-21 | CVE-2022-20860 | Cisco | Improper Certificate Validation vulnerability in Cisco Nexus Dashboard A vulnerability in the SSL/TLS implementation of Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to alter communications with associated controllers or view sensitive information. | 7.4 |
2022-07-22 | CVE-2022-20892 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20893 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20894 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20895 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20896 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20897 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20898 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20899 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20900 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20901 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20902 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20903 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20904 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20910 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20911 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-22 | CVE-2022-20912 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20891 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20885 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20886 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20887 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20888 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20889 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20890 | Cisco | Classic Buffer Overflow vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20884 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20881 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20882 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20883 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20873 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20874 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20875 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20876 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20877 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20878 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20879 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-21 | CVE-2022-20880 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of service (DoS) condition. | 7.2 |
2022-07-18 | CVE-2022-1565 | Wpallimport | Unrestricted Upload of File with Dangerous Type vulnerability in Wpallimport WP ALL Import 3.4.6 The plugin WP All Import is vulnerable to arbitrary file uploads due to missing file type validation via the wp_all_import_get_gz.php file in versions up to, and including, 3.6.7. | 7.2 |
57 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-07-20 | CVE-2022-32959 | Hinet | Unspecified vulnerability in Hinet Hicos Natural Person Credential Component Client 3.0.3.30306/3.0.3.30404/3.1.0.00002 HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. | 6.8 |
2022-07-18 | CVE-2021-33656 | Huawei Linux Debian | Out-of-bounds Write vulnerability in multiple products When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. | 6.8 |
2022-07-22 | CVE-2022-20906 | Cisco | Improper Privilege Management vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
2022-07-22 | CVE-2022-20907 | Cisco | Improper Privilege Management vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
2022-07-22 | CVE-2022-20908 | Cisco | Improper Input Validation vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
2022-07-22 | CVE-2022-20909 | Cisco | Improper Input Validation vulnerability in Cisco Nexus Dashboard Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. | 6.7 |
2022-07-18 | CVE-2021-33655 | Linux Debian | Out-of-bounds Write vulnerability in multiple products When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. | 6.7 |
2022-07-23 | CVE-2022-1128 | Path Traversal vulnerability in Google Chrome Inappropriate implementation in Web Share API in Google Chrome on Windows prior to 100.0.4896.60 allowed an attacker on the local network segment to leak cross-origin data via a crafted HTML page. | 6.5 | |
2022-07-23 | CVE-2022-1129 | Authentication Bypass by Spoofing vulnerability in Google Chrome Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 100.0.4896.60 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 | |
2022-07-23 | CVE-2022-1137 | Exposure of Resource to Wrong Sphere vulnerability in Google Chrome Inappropriate implementation in Extensions in Google Chrome prior to 100.0.4896.60 allowed an attacker who convinced a user to install a malicious extension to leak potentially sensitive information via a crafted HTML page. | 6.5 | |
2022-07-23 | CVE-2022-1138 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Chrome Inappropriate implementation in Web Cursor in Google Chrome prior to 100.0.4896.60 allowed a remote attacker who had compromised the renderer process to obscure the contents of the Omnibox (URL bar) via a crafted HTML page. | 6.5 | |
2022-07-23 | CVE-2022-1139 | Information Exposure Through Discrepancy vulnerability in Google Chrome Inappropriate implementation in Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 | |
2022-07-23 | CVE-2022-1146 | Information Exposure Through Discrepancy vulnerability in Google Chrome Inappropriate implementation in Resource Timing in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 | |
2022-07-22 | CVE-2022-34503 | Qpdf Project | Out-of-bounds Write vulnerability in Qpdf Project Qpdf 8.4.2 QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. | 6.5 |
2022-07-22 | CVE-2022-20913 | Cisco | Improper Input Validation vulnerability in Cisco Nexus Dashboard A vulnerability in Cisco Nexus Dashboard could allow an authenticated, remote attacker to write arbitrary files on an affected device. | 6.5 |
2022-07-21 | CVE-2022-31151 | Nodejs | Open Redirect vulnerability in Nodejs Undici Authorization headers are cleared on cross-origin redirect. | 6.5 |
2022-07-19 | CVE-2022-31150 | Nodejs | CRLF Injection vulnerability in Nodejs Undici undici is an HTTP/1.1 client, written from scratch for Node.js. | 6.5 |
2022-07-19 | CVE-2022-21586 | Oracle | Unspecified vulnerability in Oracle Banking Trade Finance 14.5 Vulnerability in the Oracle Banking Trade Finance product of Oracle Financial Services Applications (component: Infrastructure). | 6.4 |
2022-07-23 | CVE-2022-1132 | Incorrect Authorization vulnerability in Google Chrome Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device. | 6.1 | |
2022-07-22 | CVE-2022-20916 | Cisco | Cross-site Scripting vulnerability in Cisco IOT Control Center A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 6.1 |
2022-07-20 | CVE-2022-31160 | Jqueryui Netapp Drupal Fedoraproject Debian | Cross-site Scripting vulnerability in multiple products jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. | 6.1 |
2022-07-21 | CVE-2022-28860 | Citilog | Unspecified vulnerability in Citilog 8.0 An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera. | 5.9 |
2022-07-21 | CVE-2022-28861 | Citilog | Cleartext Transmission of Sensitive Information vulnerability in Citilog 8.0 The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. | 5.9 |
2022-07-19 | CVE-2022-21541 | Oracle Fedoraproject Debian Netapp Azul | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). | 5.9 |
2022-07-22 | CVE-2022-34502 | Radare | Out-of-bounds Write vulnerability in Radare Radare2 5.7.0 Radare2 v5.7.0 was discovered to contain a heap buffer overflow via the function consume_encoded_name_new at format/wasm/wasm.c. | 5.5 |
2022-07-21 | CVE-2022-36313 | File Type Project | Infinite Loop vulnerability in File-Type Project File-Type An issue was discovered in the file-type package before 16.5.4 and 17.x before 17.1.3 for Node.js. | 5.5 |
2022-07-19 | CVE-2022-21509 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 5.5 |
2022-07-19 | CVE-2022-21527 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 5.5 |
2022-07-19 | CVE-2022-21528 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 5.5 |
2022-07-19 | CVE-2022-2476 | Wavpack Fedoraproject | NULL Pointer Dereference vulnerability in multiple products A null pointer dereference bug was found in wavpack-5.4.0 The results from the ASAN log: AddressSanitizer:DEADLYSIGNAL ===================================================================84257==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x561b47a970c6 bp 0x7fff13952fb0 sp 0x7fff1394fca0 T0) ==84257==The signal is caused by a WRITE memory access. | 5.5 |
2022-07-18 | CVE-2022-34641 | Openhwgroup Boom Core | Improper Handling of Exceptional Conditions vulnerability in multiple products CVA6 commit d315ddd0f1be27c1b3f27eb0b8daf471a952299a and RISCV-Boom commit ad64c5419151e5e886daee7084d8399713b46b4b implements the incorrect exception type when a PMP violation occurs during address translation. | 5.5 |
2022-07-18 | CVE-2022-2101 | Wpdownloadmanager | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `file[files][]` parameter in versions up to, and including, 3.2.46 due to insufficient input sanitization and output escaping. | 5.4 |
2022-07-21 | CVE-2022-33198 | Oxilab | Unspecified vulnerability in Oxilab Accordions Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin <= 2.0.2 at WordPress. | 5.3 |
2022-07-21 | CVE-2022-34487 | Oxilab | Unspecified vulnerability in Oxilab Shortcode Addons Unauthenticated Arbitrary Option Update vulnerability in biplob018's Shortcode Addons plugin <= 3.0.2 at WordPress. | 5.3 |
2022-07-21 | CVE-2022-28666 | Yikesinc | Improper Authentication vulnerability in Yikesinc Custom Product Tabs for Woocommerce Broken Access Control vulnerability in YIKES Inc. | 5.3 |
2022-07-19 | CVE-2022-21540 | Oracle Fedoraproject Debian Netapp Azul | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). | 5.3 |
2022-07-19 | CVE-2022-21549 | Oracle Azul Fedoraproject Debian Netapp | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). | 5.3 |
2022-07-18 | CVE-2022-2108 | Wbcomdesigns | Missing Authorization vulnerability in Wbcomdesigns Buddypress Group Reviews The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. | 5.3 |
2022-07-18 | CVE-2022-2117 | Givewp | Unspecified vulnerability in Givewp The GiveWP plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 2.20.2 via the /donor-wall REST-API endpoint which provides unauthenticated users with donor information even when the donor wall is not enabled. | 5.3 |
2022-07-18 | CVE-2022-23142 | ZTE | Unspecified vulnerability in ZTE Zxen Cg200 Firmware 1.0.0P1N5M ZXEN CG200 has a DoS vulnerability. | 5.3 |
2022-07-18 | CVE-2022-2400 | Dompdf Project | External Control of File Name or Path vulnerability in Dompdf Project Dompdf External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0. | 5.3 |
2022-07-21 | CVE-2022-31475 | Givewp | Path Traversal vulnerability in Givewp Authenticated (custom plugin role) Arbitrary File Read via Export function vulnerability in GiveWP's GiveWP plugin <= 2.20.2 at WordPress. | 4.9 |
2022-07-20 | CVE-2021-38936 | IBM | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive information to a privileged user. | 4.9 |
2022-07-19 | CVE-2022-21515 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). | 4.9 |
2022-07-19 | CVE-2022-21517 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2022-07-19 | CVE-2022-21525 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2022-07-19 | CVE-2022-21526 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2022-07-19 | CVE-2022-21529 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2022-07-19 | CVE-2022-21530 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2022-07-19 | CVE-2022-21531 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2022-07-19 | CVE-2022-21534 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). | 4.9 |
2022-07-19 | CVE-2022-21537 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2022-07-20 | CVE-2022-29923 | Thingsforrestaurants | Cross-site Scripting vulnerability in Thingsforrestaurants Quick Restaurant Reservations Cross-site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant Reservations (WordPress plugin) allows Reflected XSS.This issue affects Quick Restaurant Reservations (WordPress plugin): from n/a through 1.4.1. | 4.8 |
2022-07-19 | CVE-2022-21522 | Oracle Fedoraproject Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). | 4.4 |
2022-07-18 | CVE-2021-42755 | Fortinet | Integer Overflow or Wraparound vulnerability in Fortinet products An integer overflow / wraparound vulnerability [CWE-190] in FortiSwitch 7.0.2 and below, 6.4.9 and below, 6.2.x, 6.0.x; FortiRecorder 6.4.2 and below, 6.0.10 and below; FortiOS 7.0.2 and below, 6.4.8 and below, 6.2.10 and below, 6.0.x; FortiProxy 7.0.0, 2.0.6 and below, 1.2.x, 1.1.x, 1.0.x; FortiVoiceEnterprise 6.4.3 and below, 6.0.10 and below dhcpd daemon may allow an unauthenticated and network adjacent attacker to crash the dhcpd deamon, resulting in potential denial of service. | 4.3 |
2022-07-18 | CVE-2022-2223 | Ghozylab | Cross-Site Request Forgery (CSRF) vulnerability in Ghozylab Image Slider The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. | 4.3 |
2022-07-18 | CVE-2022-2224 | Ghozylab | Unspecified vulnerability in Ghozylab Gallery for Social Photo The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. | 4.3 |
1 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-07-19 | CVE-2022-2394 | Perforce | Information Exposure Through Log Files vulnerability in Perforce Puppet Bolt Puppet Bolt prior to version 3.24.0 will print sensitive parameters when planning a run resulting in them potentially being logged when run programmatically, such as via Puppet Enterprise. | 3.5 |