Weekly Vulnerabilities Reports > August 8 to 14, 2022
Overview
441 new vulnerabilities reported during this period, including 94 critical vulnerabilities and 152 high severity vulnerabilities. This weekly summary report vulnerabilities in 540 products from 105 vendors including Google, Fedoraproject, Wavlink, Huawei, and Golang. Vulnerabilities are notably categorized as "Missing Authorization", "Information Exposure Through Discrepancy", "Out-of-bounds Write", "Cross-site Scripting", and "Use After Free".
- 279 reported vulnerabilities are remotely exploitables.
- 50 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 262 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 177 reported vulnerabilities.
- Wavlink has the most reported critical vulnerabilities, with 15 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
94 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-12 | CVE-2022-35942 | Linuxfoundation | Unspecified vulnerability in Linuxfoundation Loopback-Connector-Postgresql Improper input validation on the `contains` LoopBack filter may allow for arbitrary SQL injection. | 10.0 |
2022-08-10 | CVE-2022-20827 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. | 10.0 |
2022-08-12 | CVE-2022-35949 | Nodejs | Unspecified vulnerability in Nodejs Undici undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. | 9.8 |
2022-08-12 | CVE-2022-35956 | Update BY Case Project | Unspecified vulnerability in Update BY Case Project Update BY Case 0.1.0/0.1.1/0.1.2 This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement for it. | 9.8 |
2022-08-12 | CVE-2022-2587 | Out-of-bounds Write vulnerability in Google Chrome Out of bounds write in Chrome OS Audio Server in Google Chrome on Chrome OS prior to 102.0.5005.125 allowed a remote attacker to potentially exploit heap corruption via crafted audio metadata. | 9.8 | |
2022-08-12 | CVE-2022-2801 | Automated Beer Parlour Billing System Project | SQL Injection vulnerability in Automated Beer Parlour Billing System Project Automated Beer Parlour Billing System A vulnerability, which was classified as critical, was found in SourceCodester Automated Beer Parlour Billing System. | 9.8 |
2022-08-12 | CVE-2022-2802 | GAS Agency Management System Project | Unspecified vulnerability in GAS Agency Management System Project GAS Agency Management System A vulnerability has been found in SourceCodester Gas Agency Management System and classified as critical. | 9.8 |
2022-08-12 | CVE-2022-2803 | Phpgurukul | Unspecified vulnerability in PHPgurukul ZOO Management System A vulnerability was found in SourceCodester Zoo Management System and classified as critical. | 9.8 |
2022-08-12 | CVE-2022-2804 | Phpgurukul | Unspecified vulnerability in PHPgurukul ZOO Management System A vulnerability was found in SourceCodester Zoo Management System. | 9.8 |
2022-08-12 | CVE-2022-37397 | Yugabyte | Improper Authentication vulnerability in Yugabyte Yugabytedb 2.6.1 An issue was discovered in the YugabyteDB 2.6.1 when using LDAP-based authentication in YCQL with Microsoft’s Active Directory. | 9.8 |
2022-08-12 | CVE-2022-2797 | Student Information System Project | Unspecified vulnerability in Student Information System Project Student Information System A vulnerability classified as critical was found in SourceCodester Student Information System. | 9.8 |
2022-08-12 | CVE-2022-35555 | Tenda | OS Command Injection vulnerability in Tenda W6 Firmware 1.0.0.9(4122) A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution. | 9.8 |
2022-08-12 | CVE-2022-35559 | Tenda | Out-of-bounds Write vulnerability in Tenda W6 Firmware 1.0.0.9(4122) A stack overflow vulnerability exists in /goform/setAutoPing in Tenda W6 V1.0.0.9(4122), which allows an attacker to construct ping1 parameters and ping2 parameters for a stack overflow attack. | 9.8 |
2022-08-12 | CVE-2022-37042 | Zimbra | Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0 Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. | 9.8 |
2022-08-12 | CVE-2022-2779 | GAS Agency Management System Project | Unspecified vulnerability in GAS Agency Management System Project GAS Agency Management System A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. | 9.8 |
2022-08-11 | CVE-2021-22289 | BR Automation | Improper Input Validation vulnerability in Br-Automation Studio Improper Input Validation vulnerability in the project upload mechanism in B&R Automation Studio version >=4.0 may allow an unauthenticated network attacker to execute code. | 9.8 |
2022-08-11 | CVE-2022-20237 | Out-of-bounds Write vulnerability in Google Android In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check. | 9.8 | |
2022-08-11 | CVE-2022-20365 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-229632566References: N/A | 9.8 | |
2022-08-11 | CVE-2022-20378 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-234657153References: N/A | 9.8 | |
2022-08-11 | CVE-2022-20381 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-188935887References: N/A | 9.8 | |
2022-08-11 | CVE-2022-20384 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-211727306References: N/A | 9.8 | |
2022-08-11 | CVE-2022-20400 | Out-of-bounds Write vulnerability in Google Android In cd_CodeMsg of cd_codec.c, there is a possible out of bounds write due to a missing bounds check. | 9.8 | |
2022-08-11 | CVE-2022-20402 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-218701042References: N/A | 9.8 | |
2022-08-11 | CVE-2022-20403 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-207975764References: N/A | 9.8 | |
2022-08-11 | CVE-2022-20405 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-216363416References: N/A | 9.8 | |
2022-08-11 | CVE-2022-28750 | Zoom | Out-of-bounds Write vulnerability in Zoom Meeting Connector Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can result in memory corruption and could allow a malicious actor to crash the application. | 9.8 |
2022-08-11 | CVE-2022-2770 | Simple Online Book Store System Project | SQL Injection vulnerability in Simple Online Book Store System Project Simple Online Book Store System A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System. | 9.8 |
2022-08-11 | CVE-2022-2771 | Simple Online Book Store System Project | Unspecified vulnerability in Simple Online Book Store System Project Simple Online Book Store System A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. | 9.8 |
2022-08-11 | CVE-2022-2772 | Apartment Visitors Management System Project | Unspecified vulnerability in Apartment Visitors Management System Project Apartment Visitors Management System A vulnerability was found in SourceCodester Apartment Visitor Management System and classified as critical. | 9.8 |
2022-08-11 | CVE-2022-2774 | Library Management System Project | Unspecified vulnerability in Library Management System Project Library Management System A vulnerability was found in SourceCodester Library Management System. | 9.8 |
2022-08-11 | CVE-2022-2765 | Company Website CMS Project | Missing Authentication for Critical Function vulnerability in Company Website CMS Project Company Website CMS 1.0 A vulnerability was found in SourceCodester Company Website CMS 1.0. | 9.8 |
2022-08-11 | CVE-2022-2766 | Razormist | Unspecified vulnerability in Razormist Loan Management System A vulnerability was found in SourceCodester Loan Management System. | 9.8 |
2022-08-11 | CVE-2022-2736 | Company Website CMS Project | Unspecified vulnerability in Company Website CMS Project Company Website CMS A vulnerability was found in SourceCodester Company Website CMS. | 9.8 |
2022-08-11 | CVE-2022-2740 | Company Website CMS Project | Unspecified vulnerability in Company Website CMS Project Company Website CMS A vulnerability was found in SourceCodester Company Website CMS. | 9.8 |
2022-08-11 | CVE-2022-2744 | GYM Management System Project | Unspecified vulnerability in GYM Management System Project GYM Management System A vulnerability, which was classified as critical, has been found in SourceCodester Gym Management System. | 9.8 |
2022-08-11 | CVE-2022-2745 | GYM Management System Project | Unspecified vulnerability in GYM Management System Project GYM Management System A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. | 9.8 |
2022-08-11 | CVE-2022-2746 | Simple Online Book Store System Project | Unspecified vulnerability in Simple Online Book Store System Project Simple Online Book Store System A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. | 9.8 |
2022-08-11 | CVE-2022-2747 | Simple Online Book Store System Project | Unspecified vulnerability in Simple Online Book Store System Project Simple Online Book Store System A vulnerability was found in SourceCodester Simple Online Book Store and classified as critical. | 9.8 |
2022-08-11 | CVE-2022-2750 | Company Website CMS Project | Unrestricted Upload of File with Dangerous Type vulnerability in Company Website CMS Project Company Website CMS A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. | 9.8 |
2022-08-11 | CVE-2022-2751 | Company Website CMS Project | Unspecified vulnerability in Company Website CMS Project Company Website CMS A vulnerability was found in SourceCodester Company Website CMS and classified as critical. | 9.8 |
2022-08-10 | CVE-2022-36270 | Oretnom23 | Unspecified vulnerability in Oretnom23 Clinic'S Patient Management System 1.0 Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php. | 9.8 |
2022-08-10 | CVE-2022-36750 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Clinic'S Patient Management System 1.0 Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=. | 9.8 |
2022-08-10 | CVE-2022-37002 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The SystemUI module has a privilege escalation vulnerability. | 9.8 |
2022-08-10 | CVE-2022-37003 | Huawei | Incorrect Default Permissions vulnerability in Huawei Emui, Harmonyos and Magic UI The AOD module has a vulnerability in permission assignment. | 9.8 |
2022-08-10 | CVE-2022-38129 | Keysight | Path Traversal vulnerability in Keysight Sensor Management Server 2.4.0 A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). | 9.8 |
2022-08-10 | CVE-2022-38130 | Keysight | SQL Injection vulnerability in Keysight Sensor Management Server 2.4.0 The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. | 9.8 |
2022-08-10 | CVE-2022-20239 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091 | 9.8 | |
2022-08-10 | CVE-2022-20361 | Unspecified vulnerability in Google Android In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. | 9.8 | |
2022-08-10 | CVE-2022-2457 | Redhat | Improper Restriction of Excessive Authentication Attempts vulnerability in Redhat Process Automation Manager 7.0/7.5.1 A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts. | 9.8 |
2022-08-10 | CVE-2022-2634 | Digi | Unspecified vulnerability in Digi Connectport X2D Firmware An attacker may be able to execute malicious actions due to the lack of device access protections and device permissions when using the web application. | 9.8 |
2022-08-10 | CVE-2022-32429 | Megatech | Improper Authentication vulnerability in Megatech Msnswitch Firmware Mnt.2408 An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution. | 9.8 |
2022-08-10 | CVE-2022-35426 | Ucms Project | Unrestricted Upload of File with Dangerous Type vulnerability in Ucms Project Ucms 1.6 UCMS 1.6 is vulnerable to arbitrary file upload via ucms/sadmin/file PHP file. | 9.8 |
2022-08-10 | CVE-2022-35491 | Totolink | Use of Hard-coded Credentials vulnerability in Totolink A3002Ru Firmware 3.0.0B20220304.1804 TOTOLINK A3002RU V3.0.0-B20220304.1804 has a hardcoded password for root in /etc/shadow.sample. | 9.8 |
2022-08-10 | CVE-2022-35518 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml. | 9.8 |
2022-08-10 | CVE-2022-35519 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml. | 9.8 |
2022-08-10 | CVE-2022-35520 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. | 9.8 |
2022-08-10 | CVE-2022-35521 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml. | 9.8 |
2022-08-10 | CVE-2022-35522 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml. | 9.8 |
2022-08-10 | CVE-2022-35523 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml. | 9.8 |
2022-08-10 | CVE-2022-35524 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml. | 9.8 |
2022-08-10 | CVE-2022-35525 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml. | 9.8 |
2022-08-10 | CVE-2022-35526 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml. | 9.8 |
2022-08-10 | CVE-2022-35533 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml. | 9.8 |
2022-08-10 | CVE-2022-35534 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml. | 9.8 |
2022-08-10 | CVE-2022-35535 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml. | 9.8 |
2022-08-10 | CVE-2022-35536 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml. | 9.8 |
2022-08-10 | CVE-2022-35537 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml. | 9.8 |
2022-08-10 | CVE-2022-35538 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml. | 9.8 |
2022-08-10 | CVE-2022-35280 | IBM | Weak Password Requirements vulnerability in IBM Robotic Process Automation for Cloud PAK 21.0.0/21.0.1/21.0.2 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | 9.8 |
2022-08-10 | CVE-2022-34660 | Siemens | Unspecified vulnerability in Siemens Teamcenter A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). | 9.8 |
2022-08-10 | CVE-2022-20842 | Cisco | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. | 9.8 |
2022-08-09 | CVE-2022-2727 | GYM Management System Project | Unspecified vulnerability in GYM Management System Project GYM Management System A vulnerability was found in SourceCodester Gym Management System. | 9.8 |
2022-08-09 | CVE-2022-2728 | GYM Management System Project | Unspecified vulnerability in GYM Management System Project GYM Management System A vulnerability was found in SourceCodester Gym Management System. | 9.8 |
2022-08-09 | CVE-2022-2715 | Employee Management System Project | Unspecified vulnerability in Employee Management System Project Employee Management System A vulnerability has been found in SourceCodester Employee Management System and classified as critical. | 9.8 |
2022-08-09 | CVE-2022-2722 | Simple Student Information System Project | Unspecified vulnerability in Simple Student Information System Project Simple Student Information System A vulnerability was found in SourceCodester Simple Student Information System and classified as critical. | 9.8 |
2022-08-09 | CVE-2022-2723 | Employee Management System Project | Unspecified vulnerability in Employee Management System Project Employee Management System A vulnerability was found in SourceCodester Employee Management System. | 9.8 |
2022-08-09 | CVE-2022-2724 | Employee Management System Project | Unspecified vulnerability in Employee Management System Project Employee Management System A vulnerability was found in SourceCodester Employee Management System. | 9.8 |
2022-08-09 | CVE-2022-2726 | SEM CMS | Unspecified vulnerability in Sem-Cms Semcms A vulnerability classified as critical has been found in SEMCMS. | 9.8 |
2022-08-09 | CVE-2022-25907 | Typescript Deep Merge Project | Unspecified vulnerability in Typescript Deep Merge Project Typescript Deep Merge The package ts-deepmerge before 2.0.2 are vulnerable to Prototype Pollution due to missing sanitization of the merge function. | 9.8 |
2022-08-08 | CVE-2021-41615 | Embedthis | Insufficient Entropy vulnerability in Embedthis Goahead 2.1.8 websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 section 3.2.1). | 9.8 |
2022-08-08 | CVE-2022-2713 | Agentejo | Unspecified vulnerability in Agentejo Cockpit Insufficient Session Expiration in GitHub repository cockpit-hq/cockpit prior to 2.2.0. | 9.8 |
2022-08-08 | CVE-2022-36267 | Airspan | Unspecified vulnerability in Airspan Airspot 5410 Firmware 0.3.4.14 In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. | 9.8 |
2022-08-08 | CVE-2022-2269 | Wpwhitesecurity | Unspecified vulnerability in Wpwhitesecurity Website File Changes Monitor The Website File Changes Monitor WordPress plugin before 1.8.3 does not sanitise and escape user input before using it in a SQL statement via an action available to users with the manage_options capability (by default admins), leading to an SQL injection | 9.8 |
2022-08-08 | CVE-2022-2460 | Digital Product Labs | Unspecified vulnerability in Digital Product Labs Wpdating 7.1.9 The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by unauthenticated users | 9.8 |
2022-08-08 | CVE-2022-35490 | Zammad | Improper Restriction of Excessive Authentication Attempts vulnerability in Zammad 5.2.0 Zammad 5.2.0 is vulnerable to privilege escalation. | 9.8 |
2022-08-08 | CVE-2022-2698 | Simple E Learning System Project | SQL Injection vulnerability in Simple E-Learning System Project Simple E-Learning System A vulnerability was found in SourceCodester Simple E-Learning System. | 9.8 |
2022-08-08 | CVE-2022-2705 | Simple Student Information System Project | Unspecified vulnerability in Simple Student Information System Project Simple Student Information System A vulnerability was found in SourceCodester Simple Student Information System. | 9.8 |
2022-08-08 | CVE-2022-2706 | Fabian | SQL Injection vulnerability in Fabian Online Class and Exam Scheduling System 1.0 A vulnerability classified as critical has been found in SourceCodester Online Class and Exam Scheduling System 1.0. | 9.8 |
2022-08-08 | CVE-2022-2707 | Fabian | SQL Injection vulnerability in Fabian Online Class and Exam Scheduling System 1.0 A vulnerability classified as critical was found in SourceCodester Online Class and Exam Scheduling System 1.0. | 9.8 |
2022-08-08 | CVE-2022-2708 | GYM Management System Project | Unspecified vulnerability in GYM Management System Project GYM Management System A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. | 9.8 |
2022-08-10 | CVE-2021-33643 | Feep Huawei Fedoraproject | Out-of-bounds Read vulnerability in multiple products An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. | 9.1 |
2022-08-10 | CVE-2022-35293 | SAP | Unspecified vulnerability in SAP Enable NOW Manager 1.0 Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. | 9.1 |
2022-08-08 | CVE-2022-36264 | Airspan | Unrestricted Upload of File with Dangerous Type vulnerability in Airspan Airspot 5410 Firmware 0.3.4.14 In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists an Unauthenticated remote Arbitrary File Upload vulnerability which allows overwriting arbitrary files. | 9.1 |
2022-08-10 | CVE-2022-20841 | Cisco | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. | 9.0 |
152 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-12 | CVE-2022-35943 | Codeigniter | Unspecified vulnerability in Codeigniter Shield is an authentication and authorization framework for CodeIgniter 4. | 8.8 |
2022-08-12 | CVE-2022-2603 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-08-12 | CVE-2022-2604 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-08-12 | CVE-2022-2606 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-08-12 | CVE-2022-2607 | Google Fedoraproject | Race Condition vulnerability in multiple products Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2608 | Google Fedoraproject | Race Condition vulnerability in multiple products Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2609 | Google Fedoraproject | Race Condition vulnerability in multiple products Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2613 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2614 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-08-12 | CVE-2022-2617 | Google Fedoraproject | Race Condition vulnerability in multiple products Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2620 | Google Fedoraproject | Improper Initialization vulnerability in multiple products Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2621 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2623 | Google Fedoraproject | Race Condition vulnerability in multiple products Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2624 | Google Fedoraproject | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
2022-08-12 | CVE-2022-20254 | Unspecified vulnerability in Google Android 13.0 In Wi-Fi, there is a permissions bypass. | 8.8 | |
2022-08-12 | CVE-2022-20283 | Integer Overflow or Wraparound vulnerability in Google Android 13.0 In Bluetooth, there is a possible out of bounds write due to an integer overflow. | 8.8 | |
2022-08-12 | CVE-2022-20362 | Integer Overflow or Wraparound vulnerability in Google Android 13.0 In Bluetooth, there is a possible out of bounds write due to an integer overflow. | 8.8 | |
2022-08-12 | CVE-2022-28631 | HPE | Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63 A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. | 8.8 |
2022-08-12 | CVE-2022-28632 | HPE | Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63 A potential arbitrary code execution and a denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. | 8.8 |
2022-08-11 | CVE-2022-2749 | GYM Management System Project | Unspecified vulnerability in GYM Management System Project GYM Management System A vulnerability was found in SourceCodester Gym Management System. | 8.8 |
2022-08-10 | CVE-2022-37024 | Zohocorp | Unspecified vulnerability in Zohocorp products Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 2022-07-29 through 2022-07-30 ( 125658, 126003, 126105, and 126120) allow authenticated users to make database changes that lead to remote code execution. | 8.8 |
2022-08-10 | CVE-2022-20345 | Out-of-bounds Write vulnerability in Google Android 12.0/12.1 In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. | 8.8 | |
2022-08-10 | CVE-2022-20347 | Unspecified vulnerability in Google Android In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. | 8.8 | |
2022-08-10 | CVE-2022-31673 | Vmware | Unspecified vulnerability in VMWare Vrealize Operations VMware vRealize Operations contains an information disclosure vulnerability. | 8.8 |
2022-08-10 | CVE-2022-35517 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml. | 8.8 |
2022-08-10 | CVE-2022-33928 | Dell | Cleartext Storage of Sensitive Information vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. | 8.8 |
2022-08-09 | CVE-2022-30573 | Tibco | Unspecified vulnerability in Tibco FTL The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. | 8.8 |
2022-08-08 | CVE-2022-2356 | Mediajedi | Unspecified vulnerability in Mediajedi User Private Files The Frontend File Manager & Sharing WordPress plugin before 1.1.3 does not filter file extensions when letting users upload files on the server, which may lead to malicious code being uploaded. | 8.8 |
2022-08-08 | CVE-2022-2700 | GYM Management System Project | Unspecified vulnerability in GYM Management System Project GYM Management System A vulnerability classified as critical has been found in SourceCodester Gym Management System. | 8.8 |
2022-08-08 | CVE-2022-2703 | GYM Management System Project | Unspecified vulnerability in GYM Management System Project GYM Management System A vulnerability was found in SourceCodester Gym Management System. | 8.8 |
2022-08-10 | CVE-2022-0028 | Paloaltonetworks | Unspecified vulnerability in Paloaltonetworks Pan-Os A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. | 8.6 |
2022-08-12 | CVE-2022-28627 | HPE | Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63 A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. | 8.4 |
2022-08-12 | CVE-2022-28628 | HPE | Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63 A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. | 8.4 |
2022-08-12 | CVE-2022-2390 | Unspecified vulnerability in Google Play Services Software Development KIT Apps developed with Google Play Services SDK incorrectly had the mutability flag set to PendingIntents that were passed to the Notification service. | 8.4 | |
2022-08-09 | CVE-2022-2732 | Open EMR | Unspecified vulnerability in Open-Emr Openemr Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1. | 8.3 |
2022-08-10 | CVE-2022-2458 | Redhat | XXE vulnerability in Redhat Process Automation Manager 7.0/7.5.1 XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. | 8.2 |
2022-08-10 | CVE-2022-32245 | SAP | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. | 8.2 |
2022-08-10 | CVE-2021-33644 | Feep Huawei Fedoraproject | Out-of-bounds Read vulnerability in multiple products An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. | 8.1 |
2022-08-10 | CVE-2022-20816 | Cisco | Path Traversal vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system. | 8.1 |
2022-08-12 | CVE-2021-29117 | Esri | Use After Free vulnerability in Esri Arcreader A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. | 7.8 |
2022-08-12 | CVE-2022-20258 | Unspecified vulnerability in Google Android 13.0 In Bluetooth, there is a possible way to bypass compiler exploit mitigations due to a configuration error. | 7.8 | |
2022-08-12 | CVE-2022-20268 | Unspecified vulnerability in Google Android 13.0 In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass. | 7.8 | |
2022-08-12 | CVE-2022-20271 | Unspecified vulnerability in Google Android 13.0 In PermissionController, there is a possible way to grant some permissions without user consent due to misleading or insufficient UI. | 7.8 | |
2022-08-12 | CVE-2022-20274 | Missing Authorization vulnerability in Google Android 13.0 In Keyguard, there is a missing permission check. | 7.8 | |
2022-08-12 | CVE-2022-20281 | Missing Authorization vulnerability in Google Android 13.0 In Core, there is a possible way to start an activity from the background due to a missing permission check. | 7.8 | |
2022-08-12 | CVE-2022-20282 | Missing Authorization vulnerability in Google Android 13.0 In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. | 7.8 | |
2022-08-12 | CVE-2022-20286 | Unspecified vulnerability in Google Android 13.0 In Connectivity, there is a possible bypass the restriction of starting activity from background due to a logic error in the code. | 7.8 | |
2022-08-12 | CVE-2022-20292 | Unspecified vulnerability in Google Android 13.0 In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. | 7.8 | |
2022-08-12 | CVE-2022-20297 | Unspecified vulnerability in Google Android 13.0 In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. | 7.8 | |
2022-08-12 | CVE-2022-20319 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android 13.0 In DreamServices, there is a possible way to launch arbitrary protected activities due to a confused deputy. | 7.8 | |
2022-08-12 | CVE-2022-20325 | Use After Free vulnerability in Google Android 13.0 In Media, there is a possible code execution due to a use after free. | 7.8 | |
2022-08-12 | CVE-2022-20329 | Missing Authorization vulnerability in Google Android 13.0 In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check. | 7.8 | |
2022-08-12 | CVE-2022-20331 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 13.0 In the Framework, there is a possible way to enable a work profile without user consent due to a tapjacking/overlay attack. | 7.8 | |
2022-08-12 | CVE-2022-28629 | HPE | Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63 A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. | 7.8 |
2022-08-11 | CVE-2022-20180 | Unspecified vulnerability in Google Android In several functions of mali_gralloc_reference.cpp, there is a possible arbitrary code execution due to a missing bounds check. | 7.8 | |
2022-08-11 | CVE-2022-20246 | Incorrect Default Permissions vulnerability in Google Android 13.0.0 In WindowManager, there is a possible bypass of the restrictions for starting activities from the background due to an incorrect UID/permission check. | 7.8 | |
2022-08-11 | CVE-2022-20248 | Unspecified vulnerability in Google Android 13.0.0 In Settings, there is a possible way to connect to an open network bypassing DISALLOW_CONFIG_WIFI restriction due to a logic error in the code. | 7.8 | |
2022-08-11 | CVE-2022-20250 | Unspecified vulnerability in Google Android 13.0.0 In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation. | 7.8 | |
2022-08-11 | CVE-2022-20368 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel | 7.8 | |
2022-08-11 | CVE-2022-20383 | Integer Overflow or Wraparound vulnerability in Google Android In AllocateInternalBuffers of g3aa_buffer_allocator.cc, there is a possible out of bounds write due to an integer overflow. | 7.8 | |
2022-08-11 | CVE-2022-34260 | Adobe | Unspecified vulnerability in Adobe Illustrator Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-08-11 | CVE-2022-34263 | Adobe | Unspecified vulnerability in Adobe Illustrator Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-08-11 | CVE-2022-35675 | Adobe | Unspecified vulnerability in Adobe Framemaker Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-08-10 | CVE-2021-39696 | Unspecified vulnerability in Google Android 10.0/11.0/12.0 In Task.java, there is a possible escalation of privilege due to a confused deputy. | 7.8 | |
2022-08-10 | CVE-2022-20348 | Missing Authorization vulnerability in Google Android In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. | 7.8 | |
2022-08-10 | CVE-2022-20349 | Missing Authorization vulnerability in Google Android In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. | 7.8 | |
2022-08-10 | CVE-2022-20354 | Unspecified vulnerability in Google Android 11.0/12.0/12.1 In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. | 7.8 | |
2022-08-10 | CVE-2022-20356 | Improper Input Validation vulnerability in Google Android 11.0/12.0/12.1 In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. | 7.8 | |
2022-08-10 | CVE-2022-20360 | Missing Authorization vulnerability in Google Android In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. | 7.8 | |
2022-08-10 | CVE-2022-25793 | Autodesk | Improper Validation of Specified Quantity in Input vulnerability in Autodesk 3DS MAX 2021/2021.3.8/2022 A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. | 7.8 |
2022-08-10 | CVE-2022-30580 | Golang | Code Injection vulnerability in Golang GO Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. | 7.8 |
2022-08-10 | CVE-2022-20792 | Clamav | Out-of-bounds Write vulnerability in Clamav A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. | 7.8 |
2022-08-10 | CVE-2022-25973 | MC Kill Port Project | Argument Injection or Modification vulnerability in Mc-Kill-Port Project Mc-Kill-Port All versions of package mc-kill-port are vulnerable to Arbitrary Command Execution via the kill function, due to missing sanitization of the port argument. | 7.8 |
2022-08-09 | CVE-2022-30574 | Tibco | Unspecified vulnerability in Tibco Eftl and FTL The ftlserver component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, TIBCO FTL - Enterprise Edition, TIBCO FTL - Enterprise Edition, TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, TIBCO eFTL - Enterprise Edition, and TIBCO eFTL - Enterprise Edition contains a difficult to exploit vulnerability that allows a low privileged attacker with local access to obtain user credentials to the affected system. | 7.8 |
2022-08-12 | CVE-2022-20302 | Unspecified vulnerability in Google Android 13.0 In Settings, there is a possible way to bypass factory reset protections due to a sandbox escape. | 7.6 | |
2022-08-12 | CVE-2022-35980 | Amazon | Unspecified vulnerability in Amazon Opensearch 2.0.0/2.1.0 OpenSearch Security is a plugin for OpenSearch that offers encryption, authentication and authorization. | 7.5 |
2022-08-12 | CVE-2022-20308 | Unspecified vulnerability in Google Android 13.0 In hostapd, there is a possible insecure configuration due to an insecure default value. | 7.5 | |
2022-08-12 | CVE-2022-35557 | Tenda | Out-of-bounds Write vulnerability in Tenda W6 Firmware 1.0.0.9(4122) A stack overflow vulnerability exists in /goform/wifiSSIDget in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. | 7.5 |
2022-08-12 | CVE-2022-35558 | Tenda | Out-of-bounds Write vulnerability in Tenda W6 Firmware 1.0.0.9(4122) A stack overflow vulnerability exists in /goform/WifiMacFilterGet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. | 7.5 |
2022-08-12 | CVE-2022-35560 | Tenda | Out-of-bounds Write vulnerability in Tenda W6 Firmware 1.0.0.9(4122) A stack overflow vulnerability exists in /goform/wifiSSIDset in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. | 7.5 |
2022-08-12 | CVE-2022-35561 | Tenda | Out-of-bounds Write vulnerability in Tenda W6 Firmware 1.0.0.9(4122) A stack overflow vulnerability exists in /goform/WifiMacFilterSet in Tenda W6 V1.0.0.9(4122) version, which can be exploited by attackers to cause a denial of service (DoS) via the index parameter. | 7.5 |
2022-08-12 | CVE-2022-37041 | Zimbra | Server-Side Request Forgery (SSRF) vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in ProxyServlet.java in the /proxy servlet in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. | 7.5 |
2022-08-12 | CVE-2022-37423 | Neo4J | Path Traversal vulnerability in Neo4J Awesome Procedures on Cypher Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and 4.x before 4.4.0.8 allows Directory Traversal to sibling directories via apoc.log.stream. | 7.5 |
2022-08-11 | CVE-2022-20244 | Out-of-bounds Write vulnerability in Google Android 13.0.0 In Bluetooth, there is a possible out of bounds write due to a missing bounds check. | 7.5 | |
2022-08-11 | CVE-2022-20247 | Out-of-bounds Write vulnerability in Google Android 13.0.0 In Media, there is a possible out of bounds read due to a heap buffer overflow. | 7.5 | |
2022-08-11 | CVE-2022-20370 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-215730643References: N/A | 7.5 | |
2022-08-11 | CVE-2022-20375 | Out-of-bounds Read vulnerability in Google Android In LteRrcNrProAsnDecode of LteRrcNr_Codec.c, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2022-08-11 | CVE-2022-20380 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-212625740References: N/A | 7.5 | |
2022-08-11 | CVE-2022-20401 | Out-of-bounds Read vulnerability in Google Android In SAEMM_RetrievEPLMNList of SAEMM_ContextManagement.c, there is a possible out of bounds read due to a missing bounds check. | 7.5 | |
2022-08-11 | CVE-2022-20404 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-205714161References: N/A | 7.5 | |
2022-08-11 | CVE-2022-20406 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-184676385References: N/A | 7.5 | |
2022-08-11 | CVE-2022-20407 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-210916981References: N/A | 7.5 | |
2022-08-11 | CVE-2022-20408 | Unspecified vulnerability in Google Android Product: AndroidVersions: Android kernelAndroid ID: A-204782372References: N/A | 7.5 | |
2022-08-11 | CVE-2022-38161 | Gumstix | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Gumstix Overo SBC The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA. | 7.5 |
2022-08-11 | CVE-2022-38150 | Varnish Cache Project Fedoraproject | In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. | 7.5 |
2022-08-11 | CVE-2022-38155 | Samsung | Allocation of Resources Without Limits or Throttling vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash. | 7.5 |
2022-08-10 | CVE-2022-36923 | Zohocorp | Improper Handling of Exceptional Conditions vulnerability in Zohocorp products Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs. | 7.5 |
2022-08-10 | CVE-2022-37001 | Huawei | Unspecified vulnerability in Huawei Harmonyos 2.0 The diag-router module has a vulnerability in intercepting excessive long and short instructions. | 7.5 |
2022-08-10 | CVE-2022-37004 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The Settings application has a vulnerability of bypassing the out-of-box experience (OOBE). | 7.5 |
2022-08-10 | CVE-2022-37005 | Huawei | Argument Injection or Modification vulnerability in Huawei Emui, Harmonyos and Magic UI The Settings application has an argument injection vulnerability. | 7.5 |
2022-08-10 | CVE-2022-37006 | Huawei | Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos Permission control vulnerability in the network module. | 7.5 |
2022-08-10 | CVE-2022-37007 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui, Harmonyos and Magic UI The chinadrm module has an out-of-bounds read vulnerability. | 7.5 |
2022-08-10 | CVE-2022-37008 | Huawei | Insufficient Verification of Data Authenticity vulnerability in Huawei Emui, Harmonyos and Magic UI The recovery module has a vulnerability of bypassing the verification of an update package before use. | 7.5 |
2022-08-10 | CVE-2021-33645 | Feep Huawei Fedoraproject | Memory Leak vulnerability in multiple products The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. | 7.5 |
2022-08-10 | CVE-2021-33646 | Feep Huawei Fedoraproject | Memory Leak vulnerability in multiple products The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. | 7.5 |
2022-08-10 | CVE-2021-40030 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The My HUAWEI app has a defect in the design. | 7.5 |
2022-08-10 | CVE-2021-40034 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The video framework has the memory overwriting vulnerability caused by addition overflow. | 7.5 |
2022-08-10 | CVE-2021-40040 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. | 7.5 |
2022-08-10 | CVE-2022-28131 | Golang Fedoraproject Netapp | Uncontrolled Recursion vulnerability in multiple products Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | 7.5 |
2022-08-10 | CVE-2022-28881 | F Secure | Unspecified vulnerability in F-Secure products A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the aerdl.dll component used in certain WithSecure products unpacker function crashes which leads to scanning engine crash. | 7.5 |
2022-08-10 | CVE-2022-29804 | Golang | Path Traversal vulnerability in Golang GO Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. | 7.5 |
2022-08-10 | CVE-2022-30630 | Golang | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. | 7.5 |
2022-08-10 | CVE-2022-30631 | Golang | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. | 7.5 |
2022-08-10 | CVE-2022-30632 | Golang | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | 7.5 |
2022-08-10 | CVE-2022-30633 | Golang | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. | 7.5 |
2022-08-10 | CVE-2022-30635 | Golang | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. | 7.5 |
2022-08-10 | CVE-2022-31675 | Vmware | Unspecified vulnerability in VMWare Vrealize Operations VMware vRealize Operations contains an authentication bypass vulnerability. | 7.5 |
2022-08-10 | CVE-2022-32189 | Golang | Unspecified vulnerability in Golang GO A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. | 7.5 |
2022-08-10 | CVE-2022-35290 | SAP | Unspecified vulnerability in SAP Authenticator Under certain conditions SAP Authenticator for Android allows an attacker to access information which would otherwise be restricted. | 7.5 |
2022-08-10 | CVE-2022-20866 | Cisco | Information Exposure Through Discrepancy vulnerability in Cisco products A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. | 7.5 |
2022-08-10 | CVE-2022-33930 | Dell | Information Exposure Through an Error Message vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite 3.6.1 and below contains Information Disclosure in Devices error pages. | 7.5 |
2022-08-10 | CVE-2022-35715 | IBM | Information Exposure Through an Error Message vulnerability in IBM Infosphere Information Server 11.7 IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in a stack trace. | 7.5 |
2022-08-10 | CVE-2021-46304 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). | 7.5 |
2022-08-10 | CVE-2022-34659 | Siemens | Unspecified vulnerability in Siemens Simcenter Star-Ccm+ Viewer A vulnerability has been identified in Simcenter STAR-CCM+ (All versions only if the Power-on-Demand public license server is used). | 7.5 |
2022-08-10 | CVE-2022-34661 | Siemens | Unspecified vulnerability in Siemens Teamcenter A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.15), Teamcenter V13.0 (All versions < V13.0.0.10), Teamcenter V13.1 (All versions < V13.1.0.10), Teamcenter V13.2 (All versions < V13.2.0.9), Teamcenter V13.3 (All versions < V13.3.0.5), Teamcenter V14.0 (All versions < V14.0.0.2). | 7.5 |
2022-08-10 | CVE-2022-36324 | Siemens | Allocation of Resources Without Limits or Throttling vulnerability in Siemens products Affected devices do not properly handle the renegotiation of SSL/TLS parameters. | 7.5 |
2022-08-10 | CVE-2021-37150 | Apache Debian Fedoraproject | Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. | 7.5 |
2022-08-10 | CVE-2022-25763 | Apache Debian Fedoraproject | Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. | 7.5 |
2022-08-10 | CVE-2022-28129 | Apache Debian Fedoraproject | Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. | 7.5 |
2022-08-10 | CVE-2022-31778 | Apache Debian | Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. | 7.5 |
2022-08-10 | CVE-2022-31779 | Apache Debian Fedoraproject | Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
2022-08-10 | CVE-2022-31780 | Apache Debian Fedoraproject | Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
2022-08-09 | CVE-2022-35724 | Apache | Infinite Loop vulnerability in Apache Avro It is possible to provide data to be read that leads the reader to loop in cycles endlessly, consuming CPU. | 7.5 |
2022-08-09 | CVE-2022-36124 | Apache | Allocation of Resources Without Limits or Throttling vulnerability in Apache Avro It is possible for a Reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. | 7.5 |
2022-08-09 | CVE-2022-36125 | Apache | Integer Overflow or Wraparound vulnerability in Apache Avro It is possible to crash (panic) an application by providing a corrupted data to be read. | 7.5 |
2022-08-08 | CVE-2022-34293 | Wolfssl | Unspecified vulnerability in Wolfssl wolfSSL before 5.4.0 allows remote attackers to cause a denial of service via DTLS because a check for return-routability can be skipped. | 7.5 |
2022-08-08 | CVE-2022-2357 | WSM Downloader Project | Unspecified vulnerability in WSM Downloader Project WSM Downloader 1.4.0 The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file download feature to download any local files, including sensitive ones like wp-config.php. | 7.5 |
2022-08-08 | CVE-2022-2367 | WSM Downloader Project | Unspecified vulnerability in WSM Downloader Project WSM Downloader 1.4.0 The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation | 7.5 |
2022-08-08 | CVE-2022-35487 | Zammad | Incorrect Authorization vulnerability in Zammad 5.2.0 Zammad 5.2.0 suffers from Incorrect Access Control. | 7.5 |
2022-08-08 | CVE-2022-35488 | Zammad | Unspecified vulnerability in Zammad 5.2.0 In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim. | 7.5 |
2022-08-08 | CVE-2022-2697 | Simple E Learning System Project | Unspecified vulnerability in Simple E-Learning System Project Simple E-Learning System A vulnerability was found in SourceCodester Simple E-Learning System. | 7.5 |
2022-08-08 | CVE-2022-2699 | Simple E Learning System Project | Unspecified vulnerability in Simple E-Learning System Project Simple E-Learning System A vulnerability was found in SourceCodester Simple E-Learning System. | 7.5 |
2022-08-08 | CVE-2022-2704 | Simple E Learning System Project | Unspecified vulnerability in Simple E-Learning System Project Simple E-Learning System A vulnerability was found in SourceCodester Simple E-Learning System. | 7.5 |
2022-08-12 | CVE-2022-28635 | HPE | Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63 A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. | 7.4 |
2022-08-12 | CVE-2022-28636 | HPE | Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63 A potential local arbitrary code execution and a local denial of service (DoS) vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. | 7.4 |
2022-08-12 | CVE-2022-28630 | HPE | Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63 A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. | 7.3 |
2022-08-12 | CVE-2022-28633 | HPE | Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63 A local disclosure of sensitive information and a local unauthorized data modification vulnerability were discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. | 7.3 |
2022-08-12 | CVE-2021-44720 | Pulsesecure Ivanti | Use of Hard-coded Credentials vulnerability in multiple products In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. | 7.2 |
2022-08-10 | CVE-2022-31672 | Vmware | Unspecified vulnerability in VMWare Vrealize Operations VMware vRealize Operations contains a privilege escalation vulnerability. | 7.2 |
2022-08-08 | CVE-2022-36265 | Airspan | Unspecified vulnerability in Airspan Airspot 5410 Firmware 0.3.4.14 In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Hidden system command web page. | 7.2 |
2022-08-10 | CVE-2022-22369 | IBM | Unspecified vulnerability in IBM Workload Scheduler 9.4/9.5 IBM Workload Scheduler 9.4 and 9.5 could allow a local user to overwrite key system files which would cause the system to crash. | 7.1 |
2022-08-10 | CVE-2022-20344 | Race Condition vulnerability in Google Android In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. | 7.0 |
164 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-12 | CVE-2022-20269 | Out-of-bounds Write vulnerability in Google Android 13.0 In Bluetooth, there is a possible out of bounds write due to an incorrect bounds check. | 6.8 | |
2022-08-12 | CVE-2022-20313 | Out-of-bounds Write vulnerability in Google Android 13.0 In Bluetooth, there is a possible out of bounds write due to a missing bounds check. | 6.8 | |
2022-08-09 | CVE-2022-29083 | Dell | Improper Authentication vulnerability in Dell products Prior Dell BIOS versions contain an Improper Authentication vulnerability. | 6.8 |
2022-08-12 | CVE-2022-20306 | Use After Free vulnerability in Google Android 13.0 In Camera Provider HAL, there is a possible memory corruption due to a use after free. | 6.7 | |
2022-08-12 | CVE-2022-20314 | Improper Input Validation vulnerability in Google Android 13.0 In KeyChain, there is a possible spoof keychain chooser activity request due to improper input validation. | 6.7 | |
2022-08-12 | CVE-2022-28626 | HPE | Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63 A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. | 6.7 |
2022-08-12 | CVE-2022-28634 | HPE | Unspecified vulnerability in HPE Integrated Lights-Out 5 Firmware 2.63 A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 (iLO 5) firmware version(s): Prior to 2.71. | 6.7 |
2022-08-12 | CVE-2022-2503 | Linux | Improper Authentication vulnerability in Linux Kernel Dm-verity is used for extending root-of-trust to root filesystems. | 6.7 |
2022-08-11 | CVE-2022-20158 | Use After Free vulnerability in Google Android In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. | 6.7 | |
2022-08-11 | CVE-2022-20366 | Integer Overflow or Wraparound vulnerability in Google Android In ioctl_dpm_clk_update of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. | 6.7 | |
2022-08-11 | CVE-2022-20367 | Integer Overflow or Wraparound vulnerability in Google Android In construct_transaction of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. | 6.7 | |
2022-08-11 | CVE-2022-20369 | Google Debian | Out-of-bounds Write vulnerability in multiple products In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. | 6.7 |
2022-08-11 | CVE-2022-20372 | Use After Free vulnerability in Google Android In exynos5_i2c_irq of (TBD), there is a possible out of bounds write due to a use after free. | 6.7 | |
2022-08-11 | CVE-2022-20376 | Improper Locking vulnerability in Google Android In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. | 6.7 | |
2022-08-11 | CVE-2022-20377 | Unspecified vulnerability in Google Android In TBD of keymaster_ipc.cpp, there is a possible to force gatekeeper, fingerprint, and faceauth to use a known HMAC key. | 6.7 | |
2022-08-11 | CVE-2022-20379 | Use After Free vulnerability in Google Android In lwis_buffer_alloc of lwis_buffer.c, there is a possible arbitrary code execution due to a use after free. | 6.7 | |
2022-08-11 | CVE-2022-20382 | Uncontrolled Recursion vulnerability in Google Android In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow. | 6.7 | |
2022-08-12 | CVE-2022-2605 | Google Fedoraproject | Out-of-bounds Read vulnerability in multiple products Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
2022-08-12 | CVE-2022-2610 | Google Fedoraproject | Exposure of Resource to Wrong Sphere vulnerability in multiple products Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2022-08-12 | CVE-2022-2612 | Google Fedoraproject | Information Exposure Through Discrepancy vulnerability in multiple products Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
2022-08-12 | CVE-2022-2615 | Google Fedoraproject | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2022-08-12 | CVE-2022-2616 | Google Fedoraproject | Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. | 6.5 |
2022-08-12 | CVE-2022-2618 | Google Fedoraproject | Improper Input Validation vulnerability in multiple products Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . | 6.5 |
2022-08-12 | CVE-2022-2622 | Google Fedoraproject | Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | 6.5 |
2022-08-12 | CVE-2022-38183 | Gitea | Missing Authorization vulnerability in Gitea In Gitea before 1.16.9, it was possible for users to add existing issues to projects. | 6.5 |
2022-08-12 | CVE-2022-20253 | Improper Handling of Exceptional Conditions vulnerability in Google Android 13.0 In Bluetooth, there is a possible cleanup failure due to an uncaught exception. | 6.5 | |
2022-08-12 | CVE-2022-20273 | Out-of-bounds Write vulnerability in Google Android 13.0 In Bluetooth, there is a possible out of bounds read due to a heap buffer overflow. | 6.5 | |
2022-08-12 | CVE-2022-20333 | NULL Pointer Dereference vulnerability in Google Android 13.0 In Bluetooth, there is a possible crash due to a missing null check. | 6.5 | |
2022-08-12 | CVE-2022-20334 | NULL Pointer Dereference vulnerability in Google Android 13.0 In Bluetooth, there are possible process crashes due to dereferencing a null pointer. | 6.5 | |
2022-08-12 | CVE-2022-38180 | Jetbrains | Improper Authentication vulnerability in Jetbrains Ktor In JetBrains Ktor before 2.1.0 the wrong authentication provider could be selected in some cases | 6.5 |
2022-08-10 | CVE-2022-1705 | Golang | HTTP Request Smuggling vulnerability in Golang GO Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. | 6.5 |
2022-08-10 | CVE-2022-20346 | Out-of-bounds Read vulnerability in Google Android In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. | 6.5 | |
2022-08-10 | CVE-2022-23238 | Netapp | Unspecified vulnerability in Netapp Storagegrid 11.6.0 Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content. | 6.5 |
2022-08-10 | CVE-2022-32148 | Golang | Unspecified vulnerability in Golang GO Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. | 6.5 |
2022-08-10 | CVE-2022-22411 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum Scale Data Access Services 5.1.3.1 IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. | 6.5 |
2022-08-10 | CVE-2022-29090 | Dell | Cleartext Storage of Sensitive Information vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite 3.6.1 and below contains a Sensitive Data Exposure vulnerability. | 6.5 |
2022-08-10 | CVE-2022-33925 | Dell | Unspecified vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. | 6.5 |
2022-08-10 | CVE-2022-33926 | Dell | Unspecified vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite 3.6.1 and below contains an improper access control vulnerability. | 6.5 |
2022-08-10 | CVE-2022-33927 | Dell | Session Fixation vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite 3.6.1 and below contains a Session Fixation vulnerability. | 6.5 |
2022-08-10 | CVE-2022-34365 | Dell | Path Traversal vulnerability in Dell Wyse Management Suite WMS 3.7 contains a Path Traversal Vulnerability in Device API. | 6.5 |
2022-08-10 | CVE-2022-2756 | Kavitareader | Unspecified vulnerability in Kavitareader Kavita Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1. | 6.5 |
2022-08-10 | CVE-2022-20852 | Cisco | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Webex Meetings Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. | 6.5 |
2022-08-09 | CVE-2022-2730 | Open EMR | Unspecified vulnerability in Open-Emr Openemr Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. | 6.5 |
2022-08-08 | CVE-2022-1323 | 2Code | Missing Authorization vulnerability in 2Code Discy The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request. | 6.5 |
2022-08-08 | CVE-2022-2355 | Easy Username Updater Project | Unspecified vulnerability in Easy Username Updater Project Easy Username Updater The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin | 6.5 |
2022-08-08 | CVE-2022-35489 | Zammad | Unspecified vulnerability in Zammad 5.2.0 In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned. | 6.5 |
2022-08-08 | CVE-2022-2702 | Company Website CMS Project | Unspecified vulnerability in Company Website/Cms Project Company Website/Cms A vulnerability was found in SourceCodester Company Website CMS and classified as critical. | 6.5 |
2022-08-12 | CVE-2022-20256 | Race Condition vulnerability in Google Android 13.0 In the Audio HAL, there is a possible out of bounds write due to a race condition. | 6.4 | |
2022-08-11 | CVE-2022-20371 | Improper Locking vulnerability in Google Android In dm_bow_dtr and related functions of dm-bow.c, there is a possible use after free due to a race condition. | 6.4 | |
2022-08-11 | CVE-2022-20373 | Race Condition vulnerability in Google Android In st21nfc_loc_set_polaritymode of fc/st21nfc.c, there is a possible use after free due to a race condition. | 6.4 | |
2022-08-12 | CVE-2022-35953 | Joinbookwyrm | Unspecified vulnerability in Joinbookwyrm Bookwyrm BookWyrm is a social network for tracking your reading, talking about books, writing reviews, and discovering what to read next. | 6.1 |
2022-08-12 | CVE-2022-2800 | GYM Management System Project | Improper Restriction of Rendered UI Layers or Frames vulnerability in GYM Management System Project GYM Management System A vulnerability, which was classified as problematic, has been found in SourceCodester Gym Management System. | 6.1 |
2022-08-12 | CVE-2022-37044 | Zimbra | Cross-site Scripting vulnerability in Zimbra Collaboration 8.8.15 In Zimbra Collaboration Suite (ZCS) 8.8.15, the URL at /h/search?action accepts parameters called extra, title, and onload that are partially sanitised and lead to reflected XSS that allows executing arbitrary JavaScript on the victim's machine. | 6.1 |
2022-08-12 | CVE-2022-38179 | Jetbrains | Incorrect Comparison vulnerability in Jetbrains Ktor JetBrains Ktor before 2.1.0 was vulnerable to the Reflect File Download attack | 6.1 |
2022-08-11 | CVE-2022-28755 | Zoom | Open Redirect vulnerability in Zoom The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. | 6.1 |
2022-08-11 | CVE-2022-2768 | Library Management System Project | Unspecified vulnerability in Library Management System Project Library Management System A vulnerability classified as problematic was found in SourceCodester Library Management System. | 6.1 |
2022-08-11 | CVE-2022-2773 | Apartment Visitors Management System Project | Unspecified vulnerability in Apartment Visitors Management System Project Apartment Visitors Management System A vulnerability was found in SourceCodester Apartment Visitor Management System. | 6.1 |
2022-08-11 | CVE-2022-2767 | Online Admission System Project | Unspecified vulnerability in Online Admission System Project Online Admission System A vulnerability classified as problematic has been found in SourceCodester Online Admission System. | 6.1 |
2022-08-11 | CVE-2022-2748 | Simple Online Book Store System Project | Unspecified vulnerability in Simple Online Book Store System Project Simple Online Book Store System A vulnerability was found in SourceCodester Simple Online Book Store System. | 6.1 |
2022-08-10 | CVE-2022-20713 | Cisco | Cross-site Scripting vulnerability in Cisco products A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. | 6.1 |
2022-08-10 | CVE-2022-33929 | Dell | Cross-site Scripting vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in EndUserSummary page. | 6.1 |
2022-08-10 | CVE-2022-20869 | Cisco | Cross-site Scripting vulnerability in Cisco Broadworks A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. | 6.1 |
2022-08-10 | CVE-2022-36801 | Atlassian | Cross-site Scripting vulnerability in Atlassian Jira Data Center Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. | 6.1 |
2022-08-09 | CVE-2022-2731 | Open EMR | Cross-site Scripting vulnerability in Open-Emr Openemr Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | 6.1 |
2022-08-09 | CVE-2022-2733 | Open EMR | Unspecified vulnerability in Open-Emr Openemr Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.1. | 6.1 |
2022-08-09 | CVE-2022-2725 | Company Website CMS Project | Unspecified vulnerability in Company Website CMS Project Company Website CMS A vulnerability was found in SourceCodester Company Website CMS. | 6.1 |
2022-08-08 | CVE-2022-35493 | Wrteam | Cross-site Scripting vulnerability in Wrteam Eshop - Ecommerce / Store Website A Cross-site scripting (XSS) vulnerability in json search parse and the json response in wrteam.in, eShop - Multipurpose Ecommerce Store Website version 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the get_products?search parameter. | 6.1 |
2022-08-08 | CVE-2022-36266 | Airspan | Cross-site Scripting vulnerability in Airspan Airspot 5410 Firmware 0.3.4.14 In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. | 6.1 |
2022-08-08 | CVE-2022-2386 | Automattic | Unspecified vulnerability in Automattic Crowdsignal Dashboard The Crowdsignal Dashboard WordPress plugin before 3.0.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-08-08 | CVE-2022-2701 | Simple E Learning System Project | Unspecified vulnerability in Simple E-Learning System Project Simple E-Learning System A vulnerability classified as problematic was found in SourceCodester Simple E-Learning System. | 6.1 |
2022-08-10 | CVE-2022-22983 | Vmware | Insufficiently Protected Credentials vulnerability in VMWare Workstation VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. | 5.9 |
2022-08-12 | CVE-2022-37043 | Zimbra | Cross-Site Request Forgery (CSRF) vulnerability in Zimbra Collaboration 8.8.15/9.0.0 An issue was discovered in the webmail component in Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0. | 5.7 |
2022-08-10 | CVE-2021-46778 | AMD | Information Exposure Through Discrepancy vulnerability in AMD products Execution unit scheduler contention may lead to a side channel vulnerability found on AMD CPU microarchitectures codenamed “Zen 1”, “Zen 2” and “Zen 3” that use simultaneous multithreading (SMT). | 5.6 |
2022-08-12 | CVE-2021-29112 | Esri | Out-of-bounds Read vulnerability in Esri Arcreader An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user. | 5.5 |
2022-08-12 | CVE-2021-29118 | Esri | Out-of-bounds Read vulnerability in Esri Arcreader An out-of-bounds read vulnerability exists when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) which allow an unauthenticated attacker to induce an information disclosure issue in the context of the current user. | 5.5 |
2022-08-12 | CVE-2022-20259 | Missing Authorization vulnerability in Google Android 13.0 In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20260 | Unspecified vulnerability in Google Android 13.0 In the Phone app, there is a possible crash loop due to resource exhaustion. | 5.5 | |
2022-08-12 | CVE-2022-20263 | Missing Authorization vulnerability in Google Android 13.0 In ActivityManager, there is a way to read process state for other users due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20270 | Unspecified vulnerability in Google Android 13.0 In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. | 5.5 | |
2022-08-12 | CVE-2022-20272 | Incorrect Default Permissions vulnerability in Google Android 13.0 In PermissionController, there is a possible misunderstanding about the default SMS application's permission set due to misleading text. | 5.5 | |
2022-08-12 | CVE-2022-20275 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20276 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20277 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20278 | Information Exposure Through Log Files vulnerability in Google Android 13.0 In Accounts, there is a possible way to write sensitive information to the system log due to insufficient log filtering. | 5.5 | |
2022-08-12 | CVE-2022-20279 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20284 | Missing Authorization vulnerability in Google Android 13.0 In Telephony, there is a possible information disclosure due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20285 | Unspecified vulnerability in Google Android 13.0 In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20287 | Unspecified vulnerability in Google Android 13.0 In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20288 | Unspecified vulnerability in Google Android 13.0 In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20289 | Unspecified vulnerability in Google Android 13.0 In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20290 | Unspecified vulnerability in Google Android 13.0 In Midi, there is a possible way to learn about private midi devices due to a permissions bypass. | 5.5 | |
2022-08-12 | CVE-2022-20291 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In AppOpsService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20293 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In LauncherApps, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20294 | Missing Authorization vulnerability in Google Android 13.0 In Content, there is a possible way to learn about an account present on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20295 | Missing Authorization vulnerability in Google Android 13.0 In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20296 | Missing Authorization vulnerability in Google Android 13.0 In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20298 | Missing Authorization vulnerability in Google Android 13.0 In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20299 | Missing Authorization vulnerability in Google Android 13.0 In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20300 | Missing Authorization vulnerability in Google Android 13.0 In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20301 | Missing Authorization vulnerability in Google Android 13.0 In Content, there is a possible way to check if an account exists on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20303 | Missing Authorization vulnerability in Google Android 13.0 In ContentService, there is a possible way to determine if an account is on the device without GET_ACCOUNTS permission due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20304 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In Content, there is a possible way to determinate the user's account due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20312 | Missing Authorization vulnerability in Google Android 13.0 In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20317 | Unspecified vulnerability in Google Android 13.0 In SystemUI, there is a possible way to unexpectedly enable the external speaker due to a logic error in the code. | 5.5 | |
2022-08-12 | CVE-2022-20322 | Missing Authorization vulnerability in Google Android 13.0 In PackageManager, there is a possible installed package disclosure due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20323 | Missing Authorization vulnerability in Google Android 13.0 In PackageManager, there is a possible package installation disclosure due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20324 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In Framework, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20326 | Missing Authorization vulnerability in Google Android 13.0 In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20332 | Unspecified vulnerability in Google Android 13.0 In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20341 | Missing Authorization vulnerability in Google Android 13.0 In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. | 5.5 | |
2022-08-11 | CVE-2021-0734 | Exposure of Resource to Wrong Sphere vulnerability in Google Android 13.0.0 In Settings, there is a possible way to determine whether an app is installed without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-11 | CVE-2021-0735 | Missing Authorization vulnerability in Google Android 13.0.0 In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. | 5.5 | |
2022-08-11 | CVE-2021-0975 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0 In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-11 | CVE-2022-20242 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0 In Telephony, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-10 | CVE-2022-1962 | Golang | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. | 5.5 |
2022-08-10 | CVE-2022-20350 | Improper Input Validation vulnerability in Google Android In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. | 5.5 | |
2022-08-10 | CVE-2022-20352 | Missing Authorization vulnerability in Google Android 12.0/12.1 In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. | 5.5 | |
2022-08-10 | CVE-2022-20353 | Improper Input Validation vulnerability in Google Android In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. | 5.5 | |
2022-08-10 | CVE-2022-20355 | Improper Input Validation vulnerability in Google Android In get of PacProxyService.java, there is a possible system service crash due to improper input validation. | 5.5 | |
2022-08-10 | CVE-2022-20357 | Use of Uninitialized Resource vulnerability in Google Android 12.0/12.1 In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. | 5.5 | |
2022-08-10 | CVE-2022-2719 | Fedoraproject Imagemagick | Reachable Assertion vulnerability in multiple products In ImageMagick, a crafted file could trigger an assertion failure when a call to WriteImages was made in MagickWand/operation.c, due to a NULL image list. | 5.5 |
2022-08-11 | CVE-2022-28753 | Zoom | Unspecified vulnerability in Zoom Meeting Connector Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. | 5.4 |
2022-08-11 | CVE-2022-28754 | Zoom | Unspecified vulnerability in Zoom Meeting Connector Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. | 5.4 |
2022-08-11 | CVE-2022-2769 | Company Website CMS Project | Unspecified vulnerability in Company Website CMS Project Company Website CMS 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. | 5.4 |
2022-08-11 | CVE-2022-2777 | Microweber | Unspecified vulnerability in Microweber Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.3.1. | 5.4 |
2022-08-10 | CVE-2022-35509 | Eyoucms | Cross-site Scripting vulnerability in Eyoucms 1.5.8 An issue was discovered in EyouCMS 1.5.8. | 5.4 |
2022-08-10 | CVE-2022-20820 | Cisco | Cross-site Scripting vulnerability in Cisco Webex Meetings Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. | 5.4 |
2022-08-09 | CVE-2022-2734 | Open EMR | Unspecified vulnerability in Open-Emr Openemr Improper Restriction of Rendered UI Layers or Frames in GitHub repository openemr/openemr prior to 7.0.0.1. | 5.4 |
2022-08-09 | CVE-2022-2729 | Open EMR | Unspecified vulnerability in Open-Emr Openemr Cross-site Scripting (XSS) - DOM in GitHub repository openemr/openemr prior to 7.0.0.1. | 5.4 |
2022-08-08 | CVE-2022-2371 | Yaycommerce | Unspecified vulnerability in Yaycommerce Yaysmtp The YaySMTP WordPress plugin before 2.2.1 does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber to change them, and use that to conduct Stored Cross-Site Scripting attack due to the lack of escaping in them as well. | 5.4 |
2022-08-08 | CVE-2022-2391 | Wpzoom | Unspecified vulnerability in Wpzoom Inspiro PRO The Inspiro PRO WordPress plugin does not sanitize the portfolio slider description, allowing users with privileges as low as Contributor to inject JavaScript into the description. | 5.4 |
2022-08-12 | CVE-2022-35932 | Nextcloud | Improper Restriction of Excessive Authentication Attempts vulnerability in Nextcloud Talk Nextcloud Talk is a video and audio conferencing app for Nextcloud. | 5.3 |
2022-08-11 | CVE-2022-2776 | GYM Management System Project | Unspecified vulnerability in GYM Management System Project GYM Management System A vulnerability classified as problematic has been found in SourceCodester Gym Management System. | 5.3 |
2022-08-10 | CVE-2022-33924 | Dell | Unspecified vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability with which an attacker with no access to create rules could potentially exploit this vulnerability and create rules. | 5.3 |
2022-08-10 | CVE-2022-33931 | Dell | Unspecified vulnerability in Dell Wyse Management Suite Dell Wyse Management Suite 3.6.1 and below contains an Improper Access control vulnerability in UI. | 5.3 |
2022-08-10 | CVE-2022-38133 | Jetbrains | Information Exposure Through Log Files vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2022.04.3 the private SSH key could be written to the server log in some cases | 5.3 |
2022-08-12 | CVE-2022-20266 | Improper Input Validation vulnerability in Google Android 13.0 In Companion, there is a possible way to keep a service running with elevated importance without showing foreground service notification due to improper input validation. | 5.0 | |
2022-08-10 | CVE-2022-22490 | IBM | Files or Directories Accessible to External Parties vulnerability in IBM products IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain sensitive Azure bot credential information. | 4.9 |
2022-08-10 | CVE-2022-20914 | Cisco | Insufficiently Protected Credentials vulnerability in Cisco Identity Services Engine A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. | 4.9 |
2022-08-08 | CVE-2022-2046 | Wpwax | Unspecified vulnerability in Wpwax Directorist The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. | 4.9 |
2022-08-12 | CVE-2021-42750 | Thingsboard | Cross-site Scripting vulnerability in Thingsboard 3.3.1 A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node. | 4.8 |
2022-08-12 | CVE-2021-42751 | Thingsboard | Cross-site Scripting vulnerability in Thingsboard 3.3.1 A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node. | 4.8 |
2022-08-12 | CVE-2022-35585 | Fork CMS | Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3 A stored cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "start_date" Parameter | 4.8 |
2022-08-12 | CVE-2022-35587 | Fork CMS | Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3 A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_date" Parameter | 4.8 |
2022-08-12 | CVE-2022-35589 | Fork CMS | Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3 A cross-site scripting (XSS) issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publish_on_time" Parameter. | 4.8 |
2022-08-12 | CVE-2022-35590 | Fork CMS | Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.9.3 A cross-site scripting (XSS) issue in the ForkCMS version 5.9.3 allows remote attackers to inject JavaScript via the "end_date" Parameter | 4.8 |
2022-08-10 | CVE-2022-36325 | Siemens | Unspecified vulnerability in Siemens products Affected devices do not properly sanitize data introduced by an user when rendering the web interface. | 4.8 |
2022-08-08 | CVE-2022-2372 | Yaycommerce | Cross-site Scripting vulnerability in Yaycommerce Yaysmtp The YaySMTP WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-08-08 | CVE-2022-2395 | Weformspro | Unspecified vulnerability in Weformspro Weforms The weForms WordPress plugin before 1.6.14 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-08-08 | CVE-2022-2398 | Najeebmedia | Unspecified vulnerability in Najeebmedia Wordpress Comments Fields The WordPress Comments Fields WordPress plugin before 4.1 does not escape Field Error Message, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
2022-08-08 | CVE-2022-2409 | Rough Chart Project | Unspecified vulnerability in Rough Chart Project Rough Chart 1.0.0 The Rough Chart WordPress plugin through 1.0.0 does not properly escape chart data label, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-08-08 | CVE-2022-2410 | Mtouch Quiz Project | Unspecified vulnerability in Mtouch Quiz Project Mtouch Quiz The mTouch Quiz WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-08-08 | CVE-2022-2411 | Auto More TAG Project | Unspecified vulnerability in Auto More TAG Project Auto More TAG The Auto More Tag WordPress plugin through 4.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-08-08 | CVE-2022-2412 | Better TAG Cloud Project | Unspecified vulnerability in Better TAG Cloud Project Better TAG Cloud 0.99.5 The Better Tag Cloud WordPress plugin through 0.99.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-08-08 | CVE-2022-2423 | Designwall | Cross-site Scripting vulnerability in Designwall DW Promobar 1.0.4 The DW Promobar WordPress plugin through 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-08-08 | CVE-2022-2424 | Google Maps Anywhere Project | Unspecified vulnerability in Google Maps Anywhere Project Google Maps Anywhere 1.2.6.3 The Google Maps Anywhere WordPress plugin through 1.2.6.3 does not sanitise and escape any of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-08-08 | CVE-2022-2425 | WP DS Blog MAP Project | Unspecified vulnerability in WP DS Blog MAP Project WP DS Blog MAP 3.1.3 The WP DS Blog Map WordPress plugin through 3.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-08-08 | CVE-2022-2426 | Thinkific | Unspecified vulnerability in Thinkific Uploader 1.0.0 The Thinkific Uploader WordPress plugin through 1.0.0 does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators. | 4.8 |
2022-08-12 | CVE-2022-20265 | Unspecified vulnerability in Google Android 13.0 In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass. | 4.6 | |
2022-08-12 | CVE-2022-20255 | Missing Authorization vulnerability in Google Android 13.0 In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. | 4.4 | |
2022-08-11 | CVE-2022-20243 | Cleartext Transmission of Sensitive Information vulnerability in Google Android 13.0.0 In Core Utilities, there is a possible log information disclosure. | 4.4 | |
2022-08-12 | CVE-2022-2611 | Google Fedoraproject | Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
2022-08-12 | CVE-2022-2619 | Google Fedoraproject | Improper Encoding or Escaping of Output vulnerability in multiple products Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. | 4.3 |
2022-08-10 | CVE-2022-31674 | Vmware | Information Exposure Through Log Files vulnerability in VMWare Vrealize Operations VMware vRealize Operations contains an information disclosure vulnerability. | 4.3 |
31 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-12 | CVE-2022-20330 | Missing Authorization vulnerability in Google Android 13.0 In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check. | 3.5 | |
2022-08-12 | CVE-2022-20257 | Unspecified vulnerability in Google Android 13.0 In Bluetooth, there is a possible way to pair a display only device without PIN confirmation due to a logic error in the code. | 3.3 | |
2022-08-12 | CVE-2022-20262 | Missing Authorization vulnerability in Google Android 13.0 In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20267 | Missing Authorization vulnerability in Google Android 13.0 In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20280 | SQL Injection vulnerability in Google Android 13.0 In MMSProvider, there is a possible read of protected data due to improper input validationSQL injection. | 3.3 | |
2022-08-12 | CVE-2022-20305 | Missing Authorization vulnerability in Google Android 13.0 In ContentService, there is a possible disclosure of available account types due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20307 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In AlarmManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 | |
2022-08-12 | CVE-2022-20309 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 | |
2022-08-12 | CVE-2022-20310 | Missing Authorization vulnerability in Google Android 13.0 In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20311 | Missing Authorization vulnerability in Google Android 13.0 In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20315 | Missing Authorization vulnerability in Google Android 13.0 In ActivityManager, there is a possible disclosure of installed packages due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20316 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In ContentResolver, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 | |
2022-08-12 | CVE-2022-20318 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 | |
2022-08-12 | CVE-2022-20320 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In ActivityManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 | |
2022-08-12 | CVE-2022-20321 | Missing Authorization vulnerability in Google Android 13.0 In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20328 | Missing Authorization vulnerability in Google Android 13.0 In PackageManager, there is a possible way to determine whether an app is installed due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20335 | Missing Authorization vulnerability in Google Android 13.0 In Wifi Slice, there is a possible way to adjust Wi-Fi settings even when the permission has been disabled due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20336 | Missing Authorization vulnerability in Google Android 13.0 In Settings, there is a possible installed application disclosure due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20338 | Improper Input Validation vulnerability in Google Android 13.0 In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. | 3.3 | |
2022-08-12 | CVE-2022-20339 | Unspecified vulnerability in Google Android 13.0 In Android, there is a possible access of network neighbor table information due to an insecure SEpolicy configuration. | 3.3 | |
2022-08-12 | CVE-2022-20340 | Missing Authorization vulnerability in Google Android 13.0 In SELinux policy, there is a possible way of inferring which websites are being opened in the browser due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20342 | Insecure Default Initialization of Resource vulnerability in Google Android 13.0 In WiFi, there is a possible disclosure of WiFi password to the end user due to an insecure default value. | 3.3 | |
2022-08-11 | CVE-2022-20241 | Improper Input Validation vulnerability in Google Android 13.0.0 In Messaging, there is a possible way to attach a private file to an SMS message due to improper input validation. | 3.3 | |
2022-08-11 | CVE-2022-20249 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0 In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 | |
2022-08-11 | CVE-2022-20251 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0 In LocaleManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 | |
2022-08-11 | CVE-2022-20252 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0 In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 3.3 | |
2022-08-10 | CVE-2022-20358 | Missing Authorization vulnerability in Google Android In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. | 3.3 | |
2022-08-10 | CVE-2022-30629 | Golang | Use of Insufficiently Random Values vulnerability in Golang GO Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. | 3.1 |
2022-08-12 | CVE-2022-20327 | Missing Authorization vulnerability in Google Android 13.0 In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check. | 2.8 | |
2022-08-11 | CVE-2022-20245 | Unspecified vulnerability in Google Android 13.0.0 In WindowManager, there is a possible method to create a recording of the lock screen due to an insecure default value. | 2.4 | |
2022-08-12 | CVE-2022-20261 | Missing Authorization vulnerability in Google Android 13.0 In LocationManager, there is a possible way to get location information due to a missing permission check. | 2.3 |