Weekly Vulnerabilities Reports > August 8 to 14, 2022

Overview

441 new vulnerabilities reported during this period, including 94 critical vulnerabilities and 152 high severity vulnerabilities. This weekly summary report vulnerabilities in 540 products from 105 vendors including Google, Fedoraproject, Wavlink, Huawei, and Golang. Vulnerabilities are notably categorized as "Missing Authorization", "Information Exposure Through Discrepancy", "Out-of-bounds Write", "Cross-site Scripting", and "Use After Free".

  • 279 reported vulnerabilities are remotely exploitables.
  • 50 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 262 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 177 reported vulnerabilities.
  • Wavlink has the most reported critical vulnerabilities, with 15 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

94 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-12 CVE-2022-35942 Linuxfoundation Unspecified vulnerability in Linuxfoundation Loopback-Connector-Postgresql

Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection.

10.0
2022-08-10 CVE-2022-20827 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.

10.0
2022-08-12 CVE-2022-35949 Nodejs Unspecified vulnerability in Nodejs Undici

undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`.

9.8
2022-08-12 CVE-2022-35956 Update BY Case Project Unspecified vulnerability in Update BY Case Project Update BY Case 0.1.0/0.1.1/0.1.2

This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it.

9.8
2022-08-12 CVE-2022-2587 Google Out-of-bounds Write vulnerability in Google Chrome

Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata.

9.8
2022-08-12 CVE-2022-2801 Automated Beer Parlour Billing System Project SQL Injection vulnerability in Automated Beer Parlour Billing System Project Automated Beer Parlour Billing System

A vulnerability, which was classified as critical, was found in SourceCodester Automated Beer Parlour Billing System.

9.8
2022-08-12 CVE-2022-2802 GAS Agency Management System Project Unspecified vulnerability in GAS Agency Management System Project GAS Agency Management System

A vulnerability has been found in SourceCodester Gas Agency Management System and classified as critical.

9.8
2022-08-12 CVE-2022-2803 Phpgurukul Unspecified vulnerability in PHPgurukul ZOO Management System

A vulnerability was found in SourceCodester Zoo Management System and classified as critical.

9.8
2022-08-12 CVE-2022-2804 Phpgurukul Unspecified vulnerability in PHPgurukul ZOO Management System

A vulnerability was found in SourceCodester Zoo Management System.

9.8
2022-08-12 CVE-2022-37397 Yugabyte Improper Authentication vulnerability in Yugabyte Yugabytedb 2.6.1

An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory.

9.8
2022-08-12 CVE-2022-2797 Student Information System Project Unspecified vulnerability in Student Information System Project Student Information System

A vulnerability classified as critical was found in SourceCodester Student Information System.

9.8
2022-08-12 CVE-2022-35555 Tenda OS Command Injection vulnerability in Tenda W6 Firmware 1.0.0.9(4122)

A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution.

9.8
2022-08-12 CVE-2022-35559 Tenda Out-of-bounds Write vulnerability in Tenda W6 Firmware 1.0.0.9(4122)

A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.9(4122), which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack.

9.8
2022-08-12 CVE-2022-37042 Zimbra Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it.

9.8
2022-08-12 CVE-2022-2779 GAS Agency Management System Project Unspecified vulnerability in GAS Agency Management System Project GAS Agency Management System

A vulnerability classified as critical was found in SourceCodester Gas Agency Management System.

9.8
2022-08-11 CVE-2021-22289 BR Automation Improper Input Validation vulnerability in Br-Automation Studio

Improper Input Validation vulnerability in the project upload mechanism in B&R Automation Studio version >=4.0 may allow an unauthenticated network attacker to execute code.

9.8
2022-08-11 CVE-2022-20237 Google Out-of-bounds Write vulnerability in Google Android

In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check.

9.8
2022-08-11 CVE-2022-20365 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-229632566References: N/A

9.8
2022-08-11 CVE-2022-20378 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A

9.8
2022-08-11 CVE-2022-20381 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A

9.8
2022-08-11 CVE-2022-20384 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A

9.8
2022-08-11 CVE-2022-20400 Google Out-of-bounds Write vulnerability in Google Android

In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a missing bounds check.

9.8
2022-08-11 CVE-2022-20402 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A

9.8
2022-08-11 CVE-2022-20403 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A

9.8
2022-08-11 CVE-2022-20405 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A

9.8
2022-08-11 CVE-2022-28750 Zoom Out-of-bounds Write vulnerability in Zoom Meeting Connector

Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application.

9.8
2022-08-11 CVE-2022-2770 Simple Online Book Store System Project SQL Injection vulnerability in Simple Online Book Store System Project Simple Online Book Store System

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System.

9.8
2022-08-11 CVE-2022-2771 Simple Online Book Store System Project Unspecified vulnerability in Simple Online Book Store System Project Simple Online Book Store System

A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical.

9.8
2022-08-11 CVE-2022-2772 Apartment Visitors Management System Project Unspecified vulnerability in Apartment Visitors Management System Project Apartment Visitors Management System

A vulnerability was found in SourceCodester Apartment Visitor Management System and classified as critical.

9.8
2022-08-11 CVE-2022-2774 Library Management System Project Unspecified vulnerability in Library Management System Project Library Management System

A vulnerability was found in SourceCodester Library Management System.

9.8
2022-08-11 CVE-2022-2765 Company Website CMS Project Missing Authentication for Critical Function vulnerability in Company Website CMS Project Company Website CMS 1.0

A vulnerability was found in SourceCodester Company Website CMS 1.0.

9.8
2022-08-11 CVE-2022-2766 Razormist Unspecified vulnerability in Razormist Loan Management System

A vulnerability was found in SourceCodester Loan Management System.

9.8
2022-08-11 CVE-2022-2736 Company Website CMS Project Unspecified vulnerability in Company Website CMS Project Company Website CMS

A vulnerability was found in SourceCodester Company Website CMS.

9.8
2022-08-11 CVE-2022-2740 Company Website CMS Project Unspecified vulnerability in Company Website CMS Project Company Website CMS

A vulnerability was found in SourceCodester Company Website CMS.

9.8
2022-08-11 CVE-2022-2744 GYM Management System Project Unspecified vulnerability in GYM Management System Project GYM Management System

A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System.

9.8
2022-08-11 CVE-2022-2745 GYM Management System Project Unspecified vulnerability in GYM Management System Project GYM Management System

A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System.

9.8
2022-08-11 CVE-2022-2746 Simple Online Book Store System Project Unspecified vulnerability in Simple Online Book Store System Project Simple Online Book Store System

A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical.

9.8
2022-08-11 CVE-2022-2747 Simple Online Book Store System Project Unspecified vulnerability in Simple Online Book Store System Project Simple Online Book Store System

A vulnerability was found in SourceCodester Simple Online Book Store and classified as critical.

9.8
2022-08-11 CVE-2022-2750 Company Website CMS Project Unrestricted Upload of File with Dangerous Type vulnerability in Company Website CMS Project Company Website CMS

A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS.

9.8
2022-08-11 CVE-2022-2751 Company Website CMS Project Unspecified vulnerability in Company Website CMS Project Company Website CMS

A vulnerability was found in SourceCodester Company Website CMS and classified as critical.

9.8
2022-08-10 CVE-2022-36270 Oretnom23 Unspecified vulnerability in Oretnom23 Clinic'S Patient Management System 1.0

Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php.

9.8
2022-08-10 CVE-2022-36750 Oretnom23 SQL Injection vulnerability in Oretnom23 Clinic'S Patient Management System 1.0

Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=.

9.8
2022-08-10 CVE-2022-37002 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The SystemUI module has a privilege escalation vulnerability.

9.8
2022-08-10 CVE-2022-37003 Huawei Incorrect Default Permissions vulnerability in Huawei Emui, Harmonyos and Magic UI

The AOD module has a vulnerability in permission assignment.

9.8
2022-08-10 CVE-2022-38129 Keysight Path Traversal vulnerability in Keysight Sensor Management Server 2.4.0

A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS).

9.8
2022-08-10 CVE-2022-38130 Keysight SQL Injection vulnerability in Keysight Sensor Management Server 2.4.0

The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS.

9.8
2022-08-10 CVE-2022-20239 Google Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android

remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091

9.8
2022-08-10 CVE-2022-20361 Google Unspecified vulnerability in Google Android

In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard.

9.8
2022-08-10 CVE-2022-2457 Redhat Improper Restriction of Excessive Authentication Attempts vulnerability in Redhat Process Automation Manager 7.0/7.5.1

A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts.

9.8
2022-08-10 CVE-2022-2634 Digi Unspecified vulnerability in Digi Connectport X2D Firmware

An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application.

9.8
2022-08-10 CVE-2022-32429 Megatech Improper Authentication vulnerability in Megatech Msnswitch Firmware Mnt.2408

An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution.

9.8
2022-08-10 CVE-2022-35426 Ucms Project Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.6

UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file.

9.8
2022-08-10 CVE-2022-35491 Totolink Use of Hard-coded Credentials vulnerability in Totolink A3002Ru Firmware 3.0.0B20220304.1804

TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample.

9.8
2022-08-10 CVE-2022-35518 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.

9.8
2022-08-10 CVE-2022-35519 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.

9.8
2022-08-10 CVE-2022-35520 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary.

9.8
2022-08-10 CVE-2022-35521 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml.

9.8
2022-08-10 CVE-2022-35522 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml.

9.8
2022-08-10 CVE-2022-35523 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml.

9.8
2022-08-10 CVE-2022-35524 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml.

9.8
2022-08-10 CVE-2022-35525 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml.

9.8
2022-08-10 CVE-2022-35526 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml.

9.8
2022-08-10 CVE-2022-35533 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml.

9.8
2022-08-10 CVE-2022-35534 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml.

9.8
2022-08-10 CVE-2022-35535 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml.

9.8
2022-08-10 CVE-2022-35536 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml.

9.8
2022-08-10 CVE-2022-35537 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.

9.8
2022-08-10 CVE-2022-35538 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml.

9.8
2022-08-10 CVE-2022-35280 IBM Weak Password Requirements vulnerability in IBM Robotic Process Automation for Cloud PAK 21.0.0/21.0.1/21.0.2

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

9.8
2022-08-10 CVE-2022-34660 Siemens Unspecified vulnerability in Siemens Teamcenter

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2).

9.8
2022-08-10 CVE-2022-20842 Cisco Improper Input Validation vulnerability in Cisco products

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.

9.8
2022-08-09 CVE-2022-2727 GYM Management System Project Unspecified vulnerability in GYM Management System Project GYM Management System

A vulnerability was found in SourceCodester Gym Management System.

9.8
2022-08-09 CVE-2022-2728 GYM Management System Project Unspecified vulnerability in GYM Management System Project GYM Management System

A vulnerability was found in SourceCodester Gym Management System.

9.8
2022-08-09 CVE-2022-2715 Employee Management System Project Unspecified vulnerability in Employee Management System Project Employee Management System

A vulnerability has been found in SourceCodester Employee Management System and classified as critical.

9.8
2022-08-09 CVE-2022-2722 Simple Student Information System Project Unspecified vulnerability in Simple Student Information System Project Simple Student Information System

A vulnerability was found in SourceCodester Simple Student Information System and classified as critical.

9.8
2022-08-09 CVE-2022-2723 Employee Management System Project Unspecified vulnerability in Employee Management System Project Employee Management System

A vulnerability was found in SourceCodester Employee Management System.

9.8
2022-08-09 CVE-2022-2724 Employee Management System Project Unspecified vulnerability in Employee Management System Project Employee Management System

A vulnerability was found in SourceCodester Employee Management System.

9.8
2022-08-09 CVE-2022-2726 SEM CMS Unspecified vulnerability in Sem-Cms Semcms

A vulnerability classified as critical has been found in SEMCMS.

9.8
2022-08-09 CVE-2022-25907 Typescript Deep Merge Project Unspecified vulnerability in Typescript Deep Merge Project Typescript Deep Merge

The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function.

9.8
2022-08-08 CVE-2021-41615 Embedthis Insufficient Entropy vulnerability in Embedthis Goahead 2.1.8

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 section 3.2.1).

9.8
2022-08-08 CVE-2022-2713 Agentejo Unspecified vulnerability in Agentejo Cockpit

Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0.

9.8
2022-08-08 CVE-2022-36267 Airspan Unspecified vulnerability in Airspan Airspot 5410 Firmware 0.3.4.14

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability.

9.8
2022-08-08 CVE-2022-2269 Wpwhitesecurity Unspecified vulnerability in Wpwhitesecurity Website File Changes Monitor

The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capability (by default admins), leading to an SQL injection

9.8
2022-08-08 CVE-2022-2460 Digital Product Labs Unspecified vulnerability in Digital Product Labs Wpdating 7.1.9

The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by unauthenticated users

9.8
2022-08-08 CVE-2022-35490 Zammad Improper Restriction of Excessive Authentication Attempts vulnerability in Zammad 5.2.0

Zammad 5.2.0 is vulnerable to privilege escalation.

9.8
2022-08-08 CVE-2022-2698 Simple E Learning System Project SQL Injection vulnerability in Simple E-Learning System Project Simple E-Learning System

A vulnerability was found in SourceCodester Simple E-Learning System.

9.8
2022-08-08 CVE-2022-2705 Simple Student Information System Project Unspecified vulnerability in Simple Student Information System Project Simple Student Information System

A vulnerability was found in SourceCodester Simple Student Information System.

9.8
2022-08-08 CVE-2022-2706 Fabian SQL Injection vulnerability in Fabian Online Class and Exam Scheduling System 1.0

A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0.

9.8
2022-08-08 CVE-2022-2707 Fabian SQL Injection vulnerability in Fabian Online Class and Exam Scheduling System 1.0

A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0.

9.8
2022-08-08 CVE-2022-2708 GYM Management System Project Unspecified vulnerability in GYM Management System Project GYM Management System

A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System.

9.8
2022-08-10 CVE-2021-33643 Feep
Huawei
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

9.1
2022-08-10 CVE-2022-35293 SAP Unspecified vulnerability in SAP Enable NOW Manager 1.0

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account.

9.1
2022-08-08 CVE-2022-36264 Airspan Unrestricted Upload of File with Dangerous Type vulnerability in Airspan Airspot 5410 Firmware 0.3.4.14

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files.

9.1
2022-08-10 CVE-2022-20841 Cisco Improper Input Validation vulnerability in Cisco products

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.

9.0

152 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-12 CVE-2022-35943 Codeigniter Unspecified vulnerability in Codeigniter

Shield is an authentication and authorization framework for CodeIgniter 4.

8.8
2022-08-12 CVE-2022-2603 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-08-12 CVE-2022-2604 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-08-12 CVE-2022-2606 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-08-12 CVE-2022-2607 Google
Fedoraproject
Race Condition vulnerability in multiple products

Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2608 Google
Fedoraproject
Race Condition vulnerability in multiple products

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2609 Google
Fedoraproject
Race Condition vulnerability in multiple products

Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2613 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2614 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-08-12 CVE-2022-2617 Google
Fedoraproject
Race Condition vulnerability in multiple products

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2620 Google
Fedoraproject
Improper Initialization vulnerability in multiple products

Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2621 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2623 Google
Fedoraproject
Race Condition vulnerability in multiple products

Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2624 Google
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.

8.8
2022-08-12 CVE-2022-20254 Google Unspecified vulnerability in Google Android 13.0

In Wi-Fi, there is a permissions bypass.

8.8
2022-08-12 CVE-2022-20283 Google Integer Overflow or Wraparound vulnerability in Google Android 13.0

In Bluetooth, there is a possible out of bounds write due to an integer overflow.

8.8
2022-08-12 CVE-2022-20362 Google Integer Overflow or Wraparound vulnerability in Google Android 13.0

In Bluetooth, there is a possible out of bounds write due to an integer overflow.

8.8
2022-08-12 CVE-2022-28631 HPE Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63

A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.

8.8
2022-08-12 CVE-2022-28632 HPE Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63

A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.

8.8
2022-08-11 CVE-2022-2749 GYM Management System Project Unspecified vulnerability in GYM Management System Project GYM Management System

A vulnerability was found in SourceCodester Gym Management System.

8.8
2022-08-10 CVE-2022-37024 Zohocorp Unspecified vulnerability in Zohocorp products

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution.

8.8
2022-08-10 CVE-2022-20345 Google Out-of-bounds Write vulnerability in Google Android 12.0/12.1

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check.

8.8
2022-08-10 CVE-2022-20347 Google Unspecified vulnerability in Google Android

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy.

8.8
2022-08-10 CVE-2022-31673 Vmware Unspecified vulnerability in VMWare Vrealize Operations

VMware vRealize Operations contains an information disclosure vulnerability.

8.8
2022-08-10 CVE-2022-35517 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.

8.8
2022-08-10 CVE-2022-33928 Dell Cleartext Storage of Sensitive Information vulnerability in Dell Wyse Management Suite

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI.

8.8
2022-08-09 CVE-2022-30573 Tibco Unspecified vulnerability in Tibco FTL

The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver.

8.8
2022-08-08 CVE-2022-2356 Mediajedi Unspecified vulnerability in Mediajedi User Private Files

The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded.

8.8
2022-08-08 CVE-2022-2700 GYM Management System Project Unspecified vulnerability in GYM Management System Project GYM Management System

A vulnerability classified as critical has been found in SourceCodester Gym Management System.

8.8
2022-08-08 CVE-2022-2703 GYM Management System Project Unspecified vulnerability in GYM Management System Project GYM Management System

A vulnerability was found in SourceCodester Gym Management System.

8.8
2022-08-10 CVE-2022-0028 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Pan-Os

A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.

8.6
2022-08-12 CVE-2022-28627 HPE Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.

8.4
2022-08-12 CVE-2022-28628 HPE Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.

8.4
2022-08-12 CVE-2022-2390 Google Unspecified vulnerability in Google Play Services Software Development KIT

Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service.

8.4
2022-08-09 CVE-2022-2732 Open EMR Unspecified vulnerability in Open-Emr Openemr

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

8.3
2022-08-10 CVE-2022-2458 Redhat XXE vulnerability in Redhat Process Automation Manager 7.0/7.5.1

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data.

8.2
2022-08-10 CVE-2022-32245 SAP Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network.

8.2
2022-08-10 CVE-2021-33644 Feep
Huawei
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

8.1
2022-08-10 CVE-2022-20816 Cisco Path Traversal vulnerability in Cisco Unified Communications Manager

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system.

8.1
2022-08-12 CVE-2021-29117 Esri Use After Free vulnerability in Esri Arcreader

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.

7.8
2022-08-12 CVE-2022-20258 Google Unspecified vulnerability in Google Android 13.0

In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error.

7.8
2022-08-12 CVE-2022-20268 Google Unspecified vulnerability in Google Android 13.0

In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass.

7.8
2022-08-12 CVE-2022-20271 Google Unspecified vulnerability in Google Android 13.0

In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI.

7.8
2022-08-12 CVE-2022-20274 Google Missing Authorization vulnerability in Google Android 13.0

In Keyguard, there is a missing permission check.

7.8
2022-08-12 CVE-2022-20281 Google Missing Authorization vulnerability in Google Android 13.0

In Core, there is a possible way to start an activity from the background due to a missing permission check.

7.8
2022-08-12 CVE-2022-20282 Google Missing Authorization vulnerability in Google Android 13.0

In AppWidget, there is a possible way to start an activity from the background due to a missing permission check.

7.8
2022-08-12 CVE-2022-20286 Google Unspecified vulnerability in Google Android 13.0

In Connectivity, there is a possible bypass the restriction of starting activity from background due to a logic error in the code.

7.8
2022-08-12 CVE-2022-20292 Google Unspecified vulnerability in Google Android 13.0

In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code.

7.8
2022-08-12 CVE-2022-20297 Google Unspecified vulnerability in Google Android 13.0

In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code.

7.8
2022-08-12 CVE-2022-20319 Google Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 13.0

In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy.

7.8
2022-08-12 CVE-2022-20325 Google Use After Free vulnerability in Google Android 13.0

In Media, there is a possible code execution due to a use after free.

7.8
2022-08-12 CVE-2022-20329 Google Missing Authorization vulnerability in Google Android 13.0

In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check.

7.8
2022-08-12 CVE-2022-20331 Google Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 13.0

In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack.

7.8
2022-08-12 CVE-2022-28629 HPE Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.

7.8
2022-08-11 CVE-2022-20180 Google Unspecified vulnerability in Google Android

In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check.

7.8
2022-08-11 CVE-2022-20246 Google Incorrect Default Permissions vulnerability in Google Android 13.0.0

In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check.

7.8
2022-08-11 CVE-2022-20248 Google Unspecified vulnerability in Google Android 13.0.0

In Settings, there is a possible way to connect to an open network bypassing DISALLOW_CONFIG_WIFI restriction due to a logic error in the code.

7.8
2022-08-11 CVE-2022-20250 Google Unspecified vulnerability in Google Android 13.0.0

In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation.

7.8
2022-08-11 CVE-2022-20368 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel

7.8
2022-08-11 CVE-2022-20383 Google Integer Overflow or Wraparound vulnerability in Google Android

In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow.

7.8
2022-08-11 CVE-2022-34260 Adobe Unspecified vulnerability in Adobe Illustrator

Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-08-11 CVE-2022-34263 Adobe Unspecified vulnerability in Adobe Illustrator

Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-08-11 CVE-2022-35675 Adobe Unspecified vulnerability in Adobe Framemaker

Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-08-10 CVE-2021-39696 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

In Task.java, there is a possible escalation of privilege due to a confused deputy.

7.8
2022-08-10 CVE-2022-20348 Google Missing Authorization vulnerability in Google Android

In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check.

7.8
2022-08-10 CVE-2022-20349 Google Missing Authorization vulnerability in Google Android

In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check.

7.8
2022-08-10 CVE-2022-20354 Google Unspecified vulnerability in Google Android 11.0/12.0/12.1

In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code.

7.8
2022-08-10 CVE-2022-20356 Google Improper Input Validation vulnerability in Google Android 11.0/12.0/12.1

In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation.

7.8
2022-08-10 CVE-2022-20360 Google Missing Authorization vulnerability in Google Android

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check.

7.8
2022-08-10 CVE-2022-25793 Autodesk Improper Validation of Specified Quantity in Input vulnerability in Autodesk 3DS MAX 2021/2021.3.8/2022

A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files.

7.8
2022-08-10 CVE-2022-30580 Golang Code Injection vulnerability in Golang GO

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.

7.8
2022-08-10 CVE-2022-20792 Clamav Out-of-bounds Write vulnerability in Clamav

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution.

7.8
2022-08-10 CVE-2022-25973 MC Kill Port Project Argument Injection or Modification vulnerability in Mc-Kill-Port Project Mc-Kill-Port

All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument.

7.8
2022-08-09 CVE-2022-30574 Tibco Unspecified vulnerability in Tibco Eftl and FTL

The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, TIBCO eFTL - Enterprise Edition, and TIBCO eFTL - Enterprise Edition contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to obtain user credentials to the affected system.

7.8
2022-08-12 CVE-2022-20302 Google Unspecified vulnerability in Google Android 13.0

In Settings, there is a possible way to bypass factory reset protections due to a sandbox escape.

7.6
2022-08-12 CVE-2022-35980 Amazon Unspecified vulnerability in Amazon Opensearch 2.0.0/2.1.0

OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization.

7.5
2022-08-12 CVE-2022-20308 Google Unspecified vulnerability in Google Android 13.0

In hostapd, there is a possible insecure configuration due to an insecure default value.

7.5
2022-08-12 CVE-2022-35557 Tenda Out-of-bounds Write vulnerability in Tenda W6 Firmware 1.0.0.9(4122)

A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

7.5
2022-08-12 CVE-2022-35558 Tenda Out-of-bounds Write vulnerability in Tenda W6 Firmware 1.0.0.9(4122)

A stack overflow vulnerability exists in /goform/WifiMacFilterGet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

7.5
2022-08-12 CVE-2022-35560 Tenda Out-of-bounds Write vulnerability in Tenda W6 Firmware 1.0.0.9(4122)

A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

7.5
2022-08-12 CVE-2022-35561 Tenda Out-of-bounds Write vulnerability in Tenda W6 Firmware 1.0.0.9(4122)

A stack overflow vulnerability exists in /goform/WifiMacFilterSet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter.

7.5
2022-08-12 CVE-2022-37041 Zimbra Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration 8.8.15/9.0.0

An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0.

7.5
2022-08-12 CVE-2022-37423 Neo4J Path Traversal vulnerability in Neo4J Awesome Procedures on Cypher

Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream.

7.5
2022-08-11 CVE-2022-20244 Google Out-of-bounds Write vulnerability in Google Android 13.0.0

In Bluetooth, there is a possible out of bounds write due to a missing bounds check.

7.5
2022-08-11 CVE-2022-20247 Google Out-of-bounds Write vulnerability in Google Android 13.0.0

In Media, there is a possible out of bounds read due to a heap buffer overflow.

7.5
2022-08-11 CVE-2022-20370 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-215730643References: N/A

7.5
2022-08-11 CVE-2022-20375 Google Out-of-bounds Read vulnerability in Google Android

In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out of bounds read due to a missing bounds check.

7.5
2022-08-11 CVE-2022-20380 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-212625740References: N/A

7.5
2022-08-11 CVE-2022-20401 Google Out-of-bounds Read vulnerability in Google Android

In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check.

7.5
2022-08-11 CVE-2022-20404 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/A

7.5
2022-08-11 CVE-2022-20406 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A

7.5
2022-08-11 CVE-2022-20407 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A

7.5
2022-08-11 CVE-2022-20408 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-204782372References: N/A

7.5
2022-08-11 CVE-2022-38161 Gumstix Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gumstix Overo SBC

The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA.

7.5
2022-08-11 CVE-2022-38150 Varnish Cache Project
Fedoraproject
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses.
7.5
2022-08-11 CVE-2022-38155 Samsung Allocation of Resources Without Limits or Throttling vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0

TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.

7.5
2022-08-10 CVE-2022-36923 Zohocorp Improper Handling of Exceptional Conditions vulnerability in Zohocorp products

Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.

7.5
2022-08-10 CVE-2022-37001 Huawei Unspecified vulnerability in Huawei Harmonyos 2.0

The diag-router module has a vulnerability in intercepting excessive long and short instructions.

7.5
2022-08-10 CVE-2022-37004 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE).

7.5
2022-08-10 CVE-2022-37005 Huawei Argument Injection or Modification vulnerability in Huawei Emui, Harmonyos and Magic UI

The Settings application has an argument injection vulnerability.

7.5
2022-08-10 CVE-2022-37006 Huawei Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos

Permission control vulnerability in the network module.

7.5
2022-08-10 CVE-2022-37007 Huawei Out-of-bounds Read vulnerability in Huawei Emui, Harmonyos and Magic UI

The chinadrm module has an out-of-bounds read vulnerability.

7.5
2022-08-10 CVE-2022-37008 Huawei Insufficient Verification of Data Authenticity vulnerability in Huawei Emui, Harmonyos and Magic UI

The recovery module has a vulnerability of bypassing the verification of an update package before use.

7.5
2022-08-10 CVE-2021-33645 Feep
Huawei
Fedoraproject
Memory Leak vulnerability in multiple products

The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.

7.5
2022-08-10 CVE-2021-33646 Feep
Huawei
Fedoraproject
Memory Leak vulnerability in multiple products

The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.

7.5
2022-08-10 CVE-2021-40030 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The My HUAWEI app has a defect in the design.

7.5
2022-08-10 CVE-2021-40034 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The video framework has the memory overwriting vulnerability caused by addition overflow.

7.5
2022-08-10 CVE-2021-40040 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module.

7.5
2022-08-10 CVE-2022-28131 Golang
Fedoraproject
Netapp
Uncontrolled Recursion vulnerability in multiple products

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

7.5
2022-08-10 CVE-2022-28881 F Secure Unspecified vulnerability in F-Secure products

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash.

7.5
2022-08-10 CVE-2022-29804 Golang Path Traversal vulnerability in Golang GO

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

7.5
2022-08-10 CVE-2022-30630 Golang Uncontrolled Recursion vulnerability in Golang GO

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

7.5
2022-08-10 CVE-2022-30631 Golang Uncontrolled Recursion vulnerability in Golang GO

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

7.5
2022-08-10 CVE-2022-30632 Golang Uncontrolled Recursion vulnerability in Golang GO

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

7.5
2022-08-10 CVE-2022-30633 Golang Uncontrolled Recursion vulnerability in Golang GO

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.

7.5
2022-08-10 CVE-2022-30635 Golang Uncontrolled Recursion vulnerability in Golang GO

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

7.5
2022-08-10 CVE-2022-31675 Vmware Unspecified vulnerability in VMWare Vrealize Operations

VMware vRealize Operations contains an authentication bypass vulnerability.

7.5
2022-08-10 CVE-2022-32189 Golang Unspecified vulnerability in Golang GO

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

7.5
2022-08-10 CVE-2022-35290 SAP Unspecified vulnerability in SAP Authenticator

Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted.

7.5
2022-08-10 CVE-2022-20866 Cisco Information Exposure Through Discrepancy vulnerability in Cisco products

A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.

7.5
2022-08-10 CVE-2022-33930 Dell Information Exposure Through an Error Message vulnerability in Dell Wyse Management Suite

Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages.

7.5
2022-08-10 CVE-2022-35715 IBM Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7

IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace.

7.5
2022-08-10 CVE-2021-46304 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions).

7.5
2022-08-10 CVE-2022-34659 Siemens Unspecified vulnerability in Siemens Simcenter Star-Ccm+ Viewer

A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used).

7.5
2022-08-10 CVE-2022-34661 Siemens Unspecified vulnerability in Siemens Teamcenter

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2).

7.5
2022-08-10 CVE-2022-36324 Siemens Allocation of Resources Without Limits or Throttling vulnerability in Siemens products

Affected devices do not properly handle the renegotiation of SSL/TLS parameters.

7.5
2022-08-10 CVE-2021-37150 Apache
Debian
Fedoraproject
Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources.
7.5
2022-08-10 CVE-2022-25763 Apache
Debian
Fedoraproject
Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks.
7.5
2022-08-10 CVE-2022-28129 Apache
Debian
Fedoraproject
Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.
7.5
2022-08-10 CVE-2022-31778 Apache
Debian
Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache.
7.5
2022-08-10 CVE-2022-31779 Apache
Debian
Fedoraproject
Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.
7.5
2022-08-10 CVE-2022-31780 Apache
Debian
Fedoraproject
Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.
7.5
2022-08-09 CVE-2022-35724 Apache Infinite Loop vulnerability in Apache Avro

It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU.

7.5
2022-08-09 CVE-2022-36124 Apache Allocation of Resources Without Limits or Throttling vulnerability in Apache Avro

It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.

7.5
2022-08-09 CVE-2022-36125 Apache Integer Overflow or Wraparound vulnerability in Apache Avro

It is possible to crash (panic) an application by providing a corrupted data to be read.

7.5
2022-08-08 CVE-2022-34293 Wolfssl Unspecified vulnerability in Wolfssl

wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped.

7.5
2022-08-08 CVE-2022-2357 WSM Downloader Project Unspecified vulnerability in WSM Downloader Project WSM Downloader 1.4.0

The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php.

7.5
2022-08-08 CVE-2022-2367 WSM Downloader Project Unspecified vulnerability in WSM Downloader Project WSM Downloader 1.4.0

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation

7.5
2022-08-08 CVE-2022-35487 Zammad Incorrect Authorization vulnerability in Zammad 5.2.0

Zammad 5.2.0 suffers from Incorrect Access Control.

7.5
2022-08-08 CVE-2022-35488 Zammad Unspecified vulnerability in Zammad 5.2.0

In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim.

7.5
2022-08-08 CVE-2022-2697 Simple E Learning System Project Unspecified vulnerability in Simple E-Learning System Project Simple E-Learning System

A vulnerability was found in SourceCodester Simple E-Learning System.

7.5
2022-08-08 CVE-2022-2699 Simple E Learning System Project Unspecified vulnerability in Simple E-Learning System Project Simple E-Learning System

A vulnerability was found in SourceCodester Simple E-Learning System.

7.5
2022-08-08 CVE-2022-2704 Simple E Learning System Project Unspecified vulnerability in Simple E-Learning System Project Simple E-Learning System

A vulnerability was found in SourceCodester Simple E-Learning System.

7.5
2022-08-12 CVE-2022-28635 HPE Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63

A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.

7.4
2022-08-12 CVE-2022-28636 HPE Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63

A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.

7.4
2022-08-12 CVE-2022-28630 HPE Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.

7.3
2022-08-12 CVE-2022-28633 HPE Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63

A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.

7.3
2022-08-12 CVE-2021-44720 Pulsesecure
Ivanti
Use of Hard-coded Credentials vulnerability in multiple products

In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen.

7.2
2022-08-10 CVE-2022-31672 Vmware Unspecified vulnerability in VMWare Vrealize Operations

VMware vRealize Operations contains a privilege escalation vulnerability.

7.2
2022-08-08 CVE-2022-36265 Airspan Unspecified vulnerability in Airspan Airspot 5410 Firmware 0.3.4.14

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page.

7.2
2022-08-10 CVE-2022-22369 IBM Unspecified vulnerability in IBM Workload Scheduler 9.4/9.5

IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash.

7.1
2022-08-10 CVE-2022-20344 Google Race Condition vulnerability in Google Android

In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition.

7.0

164 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-12 CVE-2022-20269 Google Out-of-bounds Write vulnerability in Google Android 13.0

In Bluetooth, there is a possible out of bounds write due to an incorrect bounds check.

6.8
2022-08-12 CVE-2022-20313 Google Out-of-bounds Write vulnerability in Google Android 13.0

In Bluetooth, there is a possible out of bounds write due to a missing bounds check.

6.8
2022-08-09 CVE-2022-29083 Dell Improper Authentication vulnerability in Dell products

Prior Dell BIOS versions contain an Improper Authentication vulnerability.

6.8
2022-08-12 CVE-2022-20306 Google Use After Free vulnerability in Google Android 13.0

In Camera Provider HAL, there is a possible memory corruption due to a use after free.

6.7
2022-08-12 CVE-2022-20314 Google Improper Input Validation vulnerability in Google Android 13.0

In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation.

6.7
2022-08-12 CVE-2022-28626 HPE Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.

6.7
2022-08-12 CVE-2022-28634 HPE Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71.

6.7
2022-08-12 CVE-2022-2503 Linux Improper Authentication vulnerability in Linux Kernel

Dm-verity is used for extending root-of-trust to root filesystems.

6.7
2022-08-11 CVE-2022-20158 Google Use After Free vulnerability in Google Android

In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free.

6.7
2022-08-11 CVE-2022-20366 Google Integer Overflow or Wraparound vulnerability in Google Android

In ioctl_dpm_clk_update of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow.

6.7
2022-08-11 CVE-2022-20367 Google Integer Overflow or Wraparound vulnerability in Google Android

In construct_transaction of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow.

6.7
2022-08-11 CVE-2022-20369 Google
Debian
Out-of-bounds Write vulnerability in multiple products

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation.

6.7
2022-08-11 CVE-2022-20372 Google Use After Free vulnerability in Google Android

In exynos5_i2c_irq of (TBD), there is a possible out of bounds write due to a use after free.

6.7
2022-08-11 CVE-2022-20376 Google Improper Locking vulnerability in Google Android

In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking.

6.7
2022-08-11 CVE-2022-20377 Google Unspecified vulnerability in Google Android

In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key.

6.7
2022-08-11 CVE-2022-20379 Google Use After Free vulnerability in Google Android

In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free.

6.7
2022-08-11 CVE-2022-20382 Google Uncontrolled Recursion vulnerability in Google Android

In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow.

6.7
2022-08-12 CVE-2022-2605 Google
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5
2022-08-12 CVE-2022-2610 Google
Fedoraproject
Exposure of Resource to Wrong Sphere vulnerability in multiple products

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5
2022-08-12 CVE-2022-2612 Google
Fedoraproject
Information Exposure Through Discrepancy vulnerability in multiple products

Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5
2022-08-12 CVE-2022-2615 Google
Fedoraproject
Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5
2022-08-12 CVE-2022-2616 Google
Fedoraproject
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.
6.5
2022-08-12 CVE-2022-2618 Google
Fedoraproject
Improper Input Validation vulnerability in multiple products

Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .

6.5
2022-08-12 CVE-2022-2622 Google
Fedoraproject
Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.
6.5
2022-08-12 CVE-2022-38183 Gitea Missing Authorization vulnerability in Gitea

In Gitea before 1.16.9, it was possible for users to add existing issues to projects.

6.5
2022-08-12 CVE-2022-20253 Google Improper Handling of Exceptional Conditions vulnerability in Google Android 13.0

In Bluetooth, there is a possible cleanup failure due to an uncaught exception.

6.5
2022-08-12 CVE-2022-20273 Google Out-of-bounds Write vulnerability in Google Android 13.0

In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow.

6.5
2022-08-12 CVE-2022-20333 Google NULL Pointer Dereference vulnerability in Google Android 13.0

In Bluetooth, there is a possible crash due to a missing null check.

6.5
2022-08-12 CVE-2022-20334 Google NULL Pointer Dereference vulnerability in Google Android 13.0

In Bluetooth, there are possible process crashes due to dereferencing a null pointer.

6.5
2022-08-12 CVE-2022-38180 Jetbrains Improper Authentication vulnerability in Jetbrains Ktor

In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases

6.5
2022-08-10 CVE-2022-1705 Golang HTTP Request Smuggling vulnerability in Golang GO

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

6.5
2022-08-10 CVE-2022-20346 Google Out-of-bounds Read vulnerability in Google Android

In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check.

6.5
2022-08-10 CVE-2022-23238 Netapp Unspecified vulnerability in Netapp Storagegrid 11.6.0

Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content.

6.5
2022-08-10 CVE-2022-32148 Golang Unspecified vulnerability in Golang GO

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.

6.5
2022-08-10 CVE-2022-22411 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum Scale Data Access Services 5.1.3.1

IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions.

6.5
2022-08-10 CVE-2022-29090 Dell Cleartext Storage of Sensitive Information vulnerability in Dell Wyse Management Suite

Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability.

6.5
2022-08-10 CVE-2022-33925 Dell Unspecified vulnerability in Dell Wyse Management Suite

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI.

6.5
2022-08-10 CVE-2022-33926 Dell Unspecified vulnerability in Dell Wyse Management Suite

Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability.

6.5
2022-08-10 CVE-2022-33927 Dell Session Fixation vulnerability in Dell Wyse Management Suite

Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability.

6.5
2022-08-10 CVE-2022-34365 Dell Path Traversal vulnerability in Dell Wyse Management Suite

WMS 3.7 contains a Path Traversal Vulnerability in Device API.

6.5
2022-08-10 CVE-2022-2756 Kavitareader Unspecified vulnerability in Kavitareader Kavita

Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.

6.5
2022-08-10 CVE-2022-20852 Cisco Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Webex Meetings

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface.

6.5
2022-08-09 CVE-2022-2730 Open EMR Unspecified vulnerability in Open-Emr Openemr

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

6.5
2022-08-08 CVE-2022-1323 2Code Missing Authorization vulnerability in 2Code Discy

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.

6.5
2022-08-08 CVE-2022-2355 Easy Username Updater Project Unspecified vulnerability in Easy Username Updater Project Easy Username Updater

The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin

6.5
2022-08-08 CVE-2022-35489 Zammad Unspecified vulnerability in Zammad 5.2.0

In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned.

6.5
2022-08-08 CVE-2022-2702 Company Website CMS Project Unspecified vulnerability in Company Website/Cms Project Company Website/Cms

A vulnerability was found in SourceCodester Company Website CMS and classified as critical.

6.5
2022-08-12 CVE-2022-20256 Google Race Condition vulnerability in Google Android 13.0

In the Audio HAL, there is a possible out of bounds write due to a race condition.

6.4
2022-08-11 CVE-2022-20371 Google Improper Locking vulnerability in Google Android

In dm_bow_dtr and related functions of dm-bow.c, there is a possible use after free due to a race condition.

6.4
2022-08-11 CVE-2022-20373 Google Race Condition vulnerability in Google Android

In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible use after free due to a race condition.

6.4
2022-08-12 CVE-2022-35953 Joinbookwyrm Unspecified vulnerability in Joinbookwyrm Bookwyrm

BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next.

6.1
2022-08-12 CVE-2022-2800 GYM Management System Project Improper Restriction of Rendered UI Layers or Frames vulnerability in GYM Management System Project GYM Management System

A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System.

6.1
2022-08-12 CVE-2022-37044 Zimbra Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15

In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine.

6.1
2022-08-12 CVE-2022-38179 Jetbrains Incorrect Comparison vulnerability in Jetbrains Ktor

JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack

6.1
2022-08-11 CVE-2022-28755 Zoom Open Redirect vulnerability in Zoom

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability.

6.1
2022-08-11 CVE-2022-2768 Library Management System Project Unspecified vulnerability in Library Management System Project Library Management System

A vulnerability classified as problematic was found in SourceCodester Library Management System.

6.1
2022-08-11 CVE-2022-2773 Apartment Visitors Management System Project Unspecified vulnerability in Apartment Visitors Management System Project Apartment Visitors Management System

A vulnerability was found in SourceCodester Apartment Visitor Management System.

6.1
2022-08-11 CVE-2022-2767 Online Admission System Project Unspecified vulnerability in Online Admission System Project Online Admission System

A vulnerability classified as problematic has been found in SourceCodester Online Admission System.

6.1
2022-08-11 CVE-2022-2748 Simple Online Book Store System Project Unspecified vulnerability in Simple Online Book Store System Project Simple Online Book Store System

A vulnerability was found in SourceCodester Simple Online Book Store System.

6.1
2022-08-10 CVE-2022-20713 Cisco Cross-site Scripting vulnerability in Cisco products

A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device.

6.1
2022-08-10 CVE-2022-33929 Dell Cross-site Scripting vulnerability in Dell Wyse Management Suite

Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page.

6.1
2022-08-10 CVE-2022-20869 Cisco Cross-site Scripting vulnerability in Cisco Broadworks

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface.

6.1
2022-08-10 CVE-2022-36801 Atlassian Cross-site Scripting vulnerability in Atlassian Jira Data Center

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint.

6.1
2022-08-09 CVE-2022-2731 Open EMR Cross-site Scripting vulnerability in Open-Emr Openemr

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

6.1
2022-08-09 CVE-2022-2733 Open EMR Unspecified vulnerability in Open-Emr Openemr

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1.

6.1
2022-08-09 CVE-2022-2725 Company Website CMS Project Unspecified vulnerability in Company Website CMS Project Company Website CMS

A vulnerability was found in SourceCodester Company Website CMS.

6.1
2022-08-08 CVE-2022-35493 Wrteam Cross-site Scripting vulnerability in Wrteam Eshop - Ecommerce / Store Website

A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter.

6.1
2022-08-08 CVE-2022-36266 Airspan Cross-site Scripting vulnerability in Airspan Airspot 5410 Firmware 0.3.4.14

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability.

6.1
2022-08-08 CVE-2022-2386 Automattic Unspecified vulnerability in Automattic Crowdsignal Dashboard

The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

6.1
2022-08-08 CVE-2022-2701 Simple E Learning System Project Unspecified vulnerability in Simple E-Learning System Project Simple E-Learning System

A vulnerability classified as problematic was found in SourceCodester Simple E-Learning System.

6.1
2022-08-10 CVE-2022-22983 Vmware Insufficiently Protected Credentials vulnerability in VMWare Workstation

VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability.

5.9
2022-08-12 CVE-2022-37043 Zimbra Cross-Site Request Forgery (CSRF) vulnerability in Zimbra Collaboration 8.8.15/9.0.0

An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0.

5.7
2022-08-10 CVE-2021-46778 AMD Information Exposure Through Discrepancy vulnerability in AMD products

Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT).

5.6
2022-08-12 CVE-2021-29112 Esri Out-of-bounds Read vulnerability in Esri Arcreader

An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user.

5.5
2022-08-12 CVE-2021-29118 Esri Out-of-bounds Read vulnerability in Esri Arcreader

An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user.

5.5
2022-08-12 CVE-2022-20259 Google Missing Authorization vulnerability in Google Android 13.0

In Telephony, there is a possible leak of ICCID and EID due to a missing permission check.

5.5
2022-08-12 CVE-2022-20260 Google Unspecified vulnerability in Google Android 13.0

In the Phone app, there is a possible crash loop due to resource exhaustion.

5.5
2022-08-12 CVE-2022-20263 Google Missing Authorization vulnerability in Google Android 13.0

In ActivityManager, there is a way to read process state for other users due to a missing permission check.

5.5
2022-08-12 CVE-2022-20270 Google Unspecified vulnerability in Google Android 13.0

In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass.

5.5
2022-08-12 CVE-2022-20272 Google Incorrect Default Permissions vulnerability in Google Android 13.0

In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text.

5.5
2022-08-12 CVE-2022-20275 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20276 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20277 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20278 Google Information Exposure Through Log Files vulnerability in Google Android 13.0

In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering.

5.5
2022-08-12 CVE-2022-20279 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20284 Google Missing Authorization vulnerability in Google Android 13.0

In Telephony, there is a possible information disclosure due to a missing permission check.

5.5
2022-08-12 CVE-2022-20285 Google Unspecified vulnerability in Google Android 13.0

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20287 Google Unspecified vulnerability in Google Android 13.0

In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20288 Google Unspecified vulnerability in Google Android 13.0

In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20289 Google Unspecified vulnerability in Google Android 13.0

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20290 Google Unspecified vulnerability in Google Android 13.0

In Midi, there is a possible way to learn about private midi devices due to a permissions bypass.

5.5
2022-08-12 CVE-2022-20291 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In AppOpsService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20293 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In LauncherApps, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20294 Google Missing Authorization vulnerability in Google Android 13.0

In Content, there is a possible way to learn about an account present on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20295 Google Missing Authorization vulnerability in Google Android 13.0

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20296 Google Missing Authorization vulnerability in Google Android 13.0

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20298 Google Missing Authorization vulnerability in Google Android 13.0

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20299 Google Missing Authorization vulnerability in Google Android 13.0

In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20300 Google Missing Authorization vulnerability in Google Android 13.0

In Content, there is a possible way to check if the given account exists on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20301 Google Missing Authorization vulnerability in Google Android 13.0

In Content, there is a possible way to check if an account exists on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20303 Google Missing Authorization vulnerability in Google Android 13.0

In ContentService, there is a possible way to determine if an account is on the device without GET_ACCOUNTS permission due to a missing permission check.

5.5
2022-08-12 CVE-2022-20304 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In Content, there is a possible way to determinate the user's account due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20312 Google Missing Authorization vulnerability in Google Android 13.0

In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check.

5.5
2022-08-12 CVE-2022-20317 Google Unspecified vulnerability in Google Android 13.0

In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code.

5.5
2022-08-12 CVE-2022-20322 Google Missing Authorization vulnerability in Google Android 13.0

In PackageManager, there is a possible installed package disclosure due to a missing permission check.

5.5
2022-08-12 CVE-2022-20323 Google Missing Authorization vulnerability in Google Android 13.0

In PackageManager, there is a possible package installation disclosure due to a missing permission check.

5.5
2022-08-12 CVE-2022-20324 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20326 Google Missing Authorization vulnerability in Google Android 13.0

In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check.

5.5
2022-08-12 CVE-2022-20332 Google Unspecified vulnerability in Google Android 13.0

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20341 Google Missing Authorization vulnerability in Google Android 13.0

In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check.

5.5
2022-08-11 CVE-2021-0734 Google Exposure of Resource to Wrong Sphere vulnerability in Google Android 13.0.0

In Settings, there is a possible way to determine whether an app is installed without query permissions, due to side channel information disclosure.

5.5
2022-08-11 CVE-2021-0735 Google Missing Authorization vulnerability in Google Android 13.0.0

In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check.

5.5
2022-08-11 CVE-2021-0975 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0

In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-11 CVE-2022-20242 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0

In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-10 CVE-2022-1962 Golang Uncontrolled Recursion vulnerability in Golang GO

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

5.5
2022-08-10 CVE-2022-20350 Google Improper Input Validation vulnerability in Google Android

In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation.

5.5
2022-08-10 CVE-2022-20352 Google Missing Authorization vulnerability in Google Android 12.0/12.1

In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check.

5.5
2022-08-10 CVE-2022-20353 Google Improper Input Validation vulnerability in Google Android

In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation.

5.5
2022-08-10 CVE-2022-20355 Google Improper Input Validation vulnerability in Google Android

In get of PacProxyService.java, there is a possible system service crash due to improper input validation.

5.5
2022-08-10 CVE-2022-20357 Google Use of Uninitialized Resource vulnerability in Google Android 12.0/12.1

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data.

5.5
2022-08-10 CVE-2022-2719 Fedoraproject
Imagemagick
Reachable Assertion vulnerability in multiple products

In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list.

5.5
2022-08-11 CVE-2022-28753 Zoom Unspecified vulnerability in Zoom Meeting Connector

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability.

5.4
2022-08-11 CVE-2022-28754 Zoom Unspecified vulnerability in Zoom Meeting Connector

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability.

5.4
2022-08-11 CVE-2022-2769 Company Website CMS Project Unspecified vulnerability in Company Website CMS Project Company Website CMS 1.0

A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS.

5.4
2022-08-11 CVE-2022-2777 Microweber Unspecified vulnerability in Microweber

Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1.

5.4
2022-08-10 CVE-2022-35509 Eyoucms Cross-site Scripting vulnerability in Eyoucms 1.5.8

An issue was discovered in EyouCMS 1.5.8.

5.4
2022-08-10 CVE-2022-20820 Cisco Cross-site Scripting vulnerability in Cisco Webex Meetings

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface.

5.4
2022-08-09 CVE-2022-2734 Open EMR Unspecified vulnerability in Open-Emr Openemr

Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1.

5.4
2022-08-09 CVE-2022-2729 Open EMR Unspecified vulnerability in Open-Emr Openemr

Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1.

5.4
2022-08-08 CVE-2022-2371 Yaycommerce Unspecified vulnerability in Yaycommerce Yaysmtp

The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well.

5.4
2022-08-08 CVE-2022-2391 Wpzoom Unspecified vulnerability in Wpzoom Inspiro PRO

The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description.

5.4
2022-08-12 CVE-2022-35932 Nextcloud Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Talk

Nextcloud Talk is a video and audio conferencing app for Nextcloud.

5.3
2022-08-11 CVE-2022-2776 GYM Management System Project Unspecified vulnerability in GYM Management System Project GYM Management System

A vulnerability classified as problematic has been found in SourceCodester Gym Management System.

5.3
2022-08-10 CVE-2022-33924 Dell Unspecified vulnerability in Dell Wyse Management Suite

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability with which an attacker with no access to create rules could potentially exploit this vulnerability and create rules.

5.3
2022-08-10 CVE-2022-33931 Dell Unspecified vulnerability in Dell Wyse Management Suite

Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI.

5.3
2022-08-10 CVE-2022-38133 Jetbrains Information Exposure Through Log Files vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases

5.3
2022-08-12 CVE-2022-20266 Google Improper Input Validation vulnerability in Google Android 13.0

In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation.

5.0
2022-08-10 CVE-2022-22490 IBM Files or Directories Accessible to External Parties vulnerability in IBM products

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information.

4.9
2022-08-10 CVE-2022-20914 Cisco Insufficiently Protected Credentials vulnerability in Cisco Identity Services Engine

A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information.

4.9
2022-08-08 CVE-2022-2046 Wpwax Unspecified vulnerability in Wpwax Directorist

The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from.

4.9
2022-08-12 CVE-2021-42750 Thingsboard Cross-site Scripting vulnerability in Thingsboard 3.3.1

A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.

4.8
2022-08-12 CVE-2021-42751 Thingsboard Cross-site Scripting vulnerability in Thingsboard 3.3.1

A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.

4.8
2022-08-12 CVE-2022-35585 Fork CMS Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3

A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter

4.8
2022-08-12 CVE-2022-35587 Fork CMS Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter

4.8
2022-08-12 CVE-2022-35589 Fork CMS Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3

A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter.

4.8
2022-08-12 CVE-2022-35590 Fork CMS Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3

A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter

4.8
2022-08-10 CVE-2022-36325 Siemens Unspecified vulnerability in Siemens products

Affected devices do not properly sanitize data introduced by an user when rendering the web interface.

4.8
2022-08-08 CVE-2022-2372 Yaycommerce Cross-site Scripting vulnerability in Yaycommerce Yaysmtp

The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-08-08 CVE-2022-2395 Weformspro Unspecified vulnerability in Weformspro Weforms

The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-08-08 CVE-2022-2398 Najeebmedia Unspecified vulnerability in Najeebmedia Wordpress Comments Fields

The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8
2022-08-08 CVE-2022-2409 Rough Chart Project Unspecified vulnerability in Rough Chart Project Rough Chart 1.0.0

The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-08-08 CVE-2022-2410 Mtouch Quiz Project Unspecified vulnerability in Mtouch Quiz Project Mtouch Quiz

The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-08-08 CVE-2022-2411 Auto More TAG Project Unspecified vulnerability in Auto More TAG Project Auto More TAG

The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-08-08 CVE-2022-2412 Better TAG Cloud Project Unspecified vulnerability in Better TAG Cloud Project Better TAG Cloud 0.99.5

The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-08-08 CVE-2022-2423 Designwall Cross-site Scripting vulnerability in Designwall DW Promobar 1.0.4

The DW Promobar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-08-08 CVE-2022-2424 Google Maps Anywhere Project Unspecified vulnerability in Google Maps Anywhere Project Google Maps Anywhere 1.2.6.3

The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-08-08 CVE-2022-2425 WP DS Blog MAP Project Unspecified vulnerability in WP DS Blog MAP Project WP DS Blog MAP 3.1.3

The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-08-08 CVE-2022-2426 Thinkific Unspecified vulnerability in Thinkific Uploader 1.0.0

The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators.

4.8
2022-08-12 CVE-2022-20265 Google Unspecified vulnerability in Google Android 13.0

In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass.

4.6
2022-08-12 CVE-2022-20255 Google Missing Authorization vulnerability in Google Android 13.0

In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check.

4.4
2022-08-11 CVE-2022-20243 Google Cleartext Transmission of Sensitive Information vulnerability in Google Android 13.0.0

In Core Utilities, there is a possible log information disclosure.

4.4
2022-08-12 CVE-2022-2611 Google
Fedoraproject
Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
4.3
2022-08-12 CVE-2022-2619 Google
Fedoraproject
Improper Encoding or Escaping of Output vulnerability in multiple products

Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.

4.3
2022-08-10 CVE-2022-31674 Vmware Information Exposure Through Log Files vulnerability in VMWare Vrealize Operations

VMware vRealize Operations contains an information disclosure vulnerability.

4.3

31 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-12 CVE-2022-20330 Google Missing Authorization vulnerability in Google Android 13.0

In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check.

3.5
2022-08-12 CVE-2022-20257 Google Unspecified vulnerability in Google Android 13.0

In Bluetooth, there is a possible way to pair a display only device without PIN confirmation due to a logic error in the code.

3.3
2022-08-12 CVE-2022-20262 Google Missing Authorization vulnerability in Google Android 13.0

In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check.

3.3
2022-08-12 CVE-2022-20267 Google Missing Authorization vulnerability in Google Android 13.0

In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check.

3.3
2022-08-12 CVE-2022-20280 Google SQL Injection vulnerability in Google Android 13.0

In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection.

3.3
2022-08-12 CVE-2022-20305 Google Missing Authorization vulnerability in Google Android 13.0

In ContentService, there is a possible disclosure of available account types due to a missing permission check.

3.3
2022-08-12 CVE-2022-20307 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In AlarmManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

3.3
2022-08-12 CVE-2022-20309 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

3.3
2022-08-12 CVE-2022-20310 Google Missing Authorization vulnerability in Google Android 13.0

In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check.

3.3
2022-08-12 CVE-2022-20311 Google Missing Authorization vulnerability in Google Android 13.0

In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check.

3.3
2022-08-12 CVE-2022-20315 Google Missing Authorization vulnerability in Google Android 13.0

In ActivityManager, there is a possible disclosure of installed packages due to a missing permission check.

3.3
2022-08-12 CVE-2022-20316 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In ContentResolver, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

3.3
2022-08-12 CVE-2022-20318 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

3.3
2022-08-12 CVE-2022-20320 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

3.3
2022-08-12 CVE-2022-20321 Google Missing Authorization vulnerability in Google Android 13.0

In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check.

3.3
2022-08-12 CVE-2022-20328 Google Missing Authorization vulnerability in Google Android 13.0

In PackageManager, there is a possible way to determine whether an app is installed due to a missing permission check.

3.3
2022-08-12 CVE-2022-20335 Google Missing Authorization vulnerability in Google Android 13.0

In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check.

3.3
2022-08-12 CVE-2022-20336 Google Missing Authorization vulnerability in Google Android 13.0

In Settings, there is a possible installed application disclosure due to a missing permission check.

3.3
2022-08-12 CVE-2022-20338 Google Improper Input Validation vulnerability in Google Android 13.0

In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation.

3.3
2022-08-12 CVE-2022-20339 Google Unspecified vulnerability in Google Android 13.0

In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration.

3.3
2022-08-12 CVE-2022-20340 Google Missing Authorization vulnerability in Google Android 13.0

In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check.

3.3
2022-08-12 CVE-2022-20342 Google Insecure Default Initialization of Resource vulnerability in Google Android 13.0

In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value.

3.3
2022-08-11 CVE-2022-20241 Google Improper Input Validation vulnerability in Google Android 13.0.0

In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation.

3.3
2022-08-11 CVE-2022-20249 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0

In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

3.3
2022-08-11 CVE-2022-20251 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0

In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

3.3
2022-08-11 CVE-2022-20252 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

3.3
2022-08-10 CVE-2022-20358 Google Missing Authorization vulnerability in Google Android

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check.

3.3
2022-08-10 CVE-2022-30629 Golang Use of Insufficiently Random Values vulnerability in Golang GO

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

3.1
2022-08-12 CVE-2022-20327 Google Missing Authorization vulnerability in Google Android 13.0

In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check.

2.8
2022-08-11 CVE-2022-20245 Google Unspecified vulnerability in Google Android 13.0.0

In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value.

2.4
2022-08-12 CVE-2022-20261 Google Missing Authorization vulnerability in Google Android 13.0

In LocationManager, there is a possible way to get location information due to a missing permission check.

2.3