Weekly Vulnerabilities Reports > August 8 to 14, 2022

Overview

282 new vulnerabilities reported during this period, including 37 critical vulnerabilities and 117 high severity vulnerabilities. This weekly summary report vulnerabilities in 194 products from 40 vendors including Microsoft, Google, Fedoraproject, Wavlink, and Golang. Vulnerabilities are notably categorized as "Missing Authorization", "Use After Free", "Race Condition", "Improper Input Validation", and "Uncontrolled Recursion".

  • 168 reported vulnerabilities are remotely exploitables.
  • 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 134 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 103 reported vulnerabilities.
  • Wavlink has the most reported critical vulnerabilities, with 15 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

37 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-10 CVE-2022-20827 Cisco OS Command Injection vulnerability in Cisco products

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.

10.0
2022-08-12 CVE-2022-35949 Nodejs Server-Side Request Forgery (SSRF) vulnerability in Nodejs Undici

undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`.

9.8
2022-08-12 CVE-2022-2803 Phpgurukul SQL Injection vulnerability in PHPgurukul ZOO Management System

A vulnerability was found in SourceCodester Zoo Management System and classified as critical.

9.8
2022-08-12 CVE-2022-2804 Phpgurukul Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul ZOO Management System

A vulnerability was found in SourceCodester Zoo Management System.

9.8
2022-08-12 CVE-2022-35555 Tenda OS Command Injection vulnerability in Tenda W6 Firmware 1.0.0.9(4122)

A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution.

9.8
2022-08-12 CVE-2022-37042 Zimbra Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0

Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it.

9.8
2022-08-11 CVE-2022-20237 Google Out-of-bounds Write vulnerability in Google Android

In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check.

9.8
2022-08-11 CVE-2022-2765 Company Website CMS Project Missing Authentication for Critical Function vulnerability in Company Website CMS Project Company Website CMS 1.0

A vulnerability was found in SourceCodester Company Website CMS 1.0.

9.8
2022-08-10 CVE-2022-36270 Oretnom23 Unspecified vulnerability in Oretnom23 Clinic'S Patient Management System 1.0

Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php.

9.8
2022-08-10 CVE-2022-36750 Oretnom23 SQL Injection vulnerability in Oretnom23 Clinic'S Patient Management System 1.0

Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=.

9.8
2022-08-10 CVE-2022-37002 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The SystemUI module has a privilege escalation vulnerability.

9.8
2022-08-10 CVE-2022-20239 Google Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android

remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091

9.8
2022-08-10 CVE-2022-32429 Megatech Improper Authentication vulnerability in Megatech Msnswitch Firmware Mnt.2408

An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution.

9.8
2022-08-10 CVE-2022-35518 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml.

9.8
2022-08-10 CVE-2022-35519 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml.

9.8
2022-08-10 CVE-2022-35520 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary.

9.8
2022-08-10 CVE-2022-35521 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml.

9.8
2022-08-10 CVE-2022-35522 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml.

9.8
2022-08-10 CVE-2022-35523 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml.

9.8
2022-08-10 CVE-2022-35524 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml.

9.8
2022-08-10 CVE-2022-35525 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml.

9.8
2022-08-10 CVE-2022-35526 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml.

9.8
2022-08-10 CVE-2022-35533 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml.

9.8
2022-08-10 CVE-2022-35534 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml.

9.8
2022-08-10 CVE-2022-35535 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml.

9.8
2022-08-10 CVE-2022-35536 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml.

9.8
2022-08-10 CVE-2022-35537 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml.

9.8
2022-08-10 CVE-2022-35538 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml.

9.8
2022-08-10 CVE-2022-20842 Cisco Improper Input Validation vulnerability in Cisco products

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.

9.8
2022-08-09 CVE-2022-30133 Microsoft Unspecified vulnerability in Microsoft products

Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

9.8
2022-08-09 CVE-2022-34715 Microsoft Unspecified vulnerability in Microsoft Windows Server 2022

Windows Network File System Remote Code Execution Vulnerability

9.8
2022-08-08 CVE-2022-36267 Airspan Unspecified vulnerability in Airspan Airspot 5410 Firmware 0.3.4.14

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability.

9.8
2022-08-08 CVE-2022-2460 Digital Product Labs Unspecified vulnerability in Digital Product Labs Wpdating 7.1.9

The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by unauthenticated users

9.8
2022-08-09 CVE-2022-33649 Microsoft Unspecified vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

9.6
2022-08-10 CVE-2021-33643 Feep
Huawei
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read.

9.1
2022-08-10 CVE-2022-36323 Siemens Unspecified vulnerability in Siemens products

Affected devices do not properly sanitize an input field.

9.1
2022-08-10 CVE-2022-20841 Cisco Improper Input Validation vulnerability in Cisco products

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.

9.0

117 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-12 CVE-2022-2603 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-08-12 CVE-2022-2604 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-08-12 CVE-2022-2606 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-08-12 CVE-2022-2607 Google
Fedoraproject
Race Condition vulnerability in multiple products

Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2608 Google
Fedoraproject
Race Condition vulnerability in multiple products

Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2609 Google
Fedoraproject
Race Condition vulnerability in multiple products

Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2613 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2614 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

8.8
2022-08-12 CVE-2022-2617 Google
Fedoraproject
Race Condition vulnerability in multiple products

Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2620 Google
Fedoraproject
Improper Initialization vulnerability in multiple products

Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2621 Google
Fedoraproject
Use After Free vulnerability in multiple products

Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2623 Google
Fedoraproject
Race Condition vulnerability in multiple products

Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.

8.8
2022-08-12 CVE-2022-2624 Google
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.

8.8
2022-08-12 CVE-2022-20254 Google Unspecified vulnerability in Google Android 13.0

In Wi-Fi, there is a permissions bypass.

8.8
2022-08-10 CVE-2022-31673 Vmware Unspecified vulnerability in VMWare Vrealize Operations

VMware vRealize Operations contains an information disclosure vulnerability.

8.8
2022-08-10 CVE-2022-35517 Wavlink Unspecified vulnerability in Wavlink products

WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml.

8.8
2022-08-09 CVE-2022-34691 Microsoft Unspecified vulnerability in Microsoft products

Active Directory Domain Services Elevation of Privilege Vulnerability

8.8
2022-08-09 CVE-2022-34717 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Remote Code Execution Vulnerability

8.8
2022-08-09 CVE-2022-35777 Microsoft Unspecified vulnerability in Microsoft products

Visual Studio Remote Code Execution Vulnerability

8.8
2022-08-09 CVE-2022-35804 Microsoft Unspecified vulnerability in Microsoft Windows 11

SMB Client and Server Remote Code Execution Vulnerability

8.8
2022-08-09 CVE-2022-35825 Microsoft Unspecified vulnerability in Microsoft products

Visual Studio Remote Code Execution Vulnerability

8.8
2022-08-09 CVE-2022-35826 Microsoft Unspecified vulnerability in Microsoft products

Visual Studio Remote Code Execution Vulnerability

8.8
2022-08-09 CVE-2022-35827 Microsoft Unspecified vulnerability in Microsoft products

Visual Studio Remote Code Execution Vulnerability

8.8
2022-08-09 CVE-2022-33636 Microsoft Race Condition vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

8.3
2022-08-09 CVE-2022-2732 Open EMR Missing Authorization vulnerability in Open-Emr Openemr

Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.

8.3
2022-08-10 CVE-2022-2458 Redhat XXE vulnerability in Redhat Process Automation Manager 7.5.1

XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data.

8.2
2022-08-10 CVE-2022-32245 SAP Cleartext Transmission of Sensitive Information vulnerability in SAP Businessobjects Business Intelligence 420/430

SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network.

8.2
2022-08-10 CVE-2021-33644 Feep
Huawei
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read.

8.1
2022-08-10 CVE-2022-20816 Cisco Path Traversal vulnerability in Cisco Unified Communications Manager

A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system.

8.1
2022-08-09 CVE-2022-34702 Microsoft Race Condition vulnerability in Microsoft products

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

8.1
2022-08-09 CVE-2022-34714 Microsoft Unspecified vulnerability in Microsoft products

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

8.1
2022-08-09 CVE-2022-35766 Microsoft Unspecified vulnerability in Microsoft products

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

8.1
2022-08-09 CVE-2022-35767 Microsoft Unspecified vulnerability in Microsoft products

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

8.1
2022-08-09 CVE-2022-35794 Microsoft Unspecified vulnerability in Microsoft products

Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability

8.1
2022-08-09 CVE-2022-35802 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

8.1
2022-08-09 CVE-2022-21980 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Elevation of Privilege Vulnerability

8.0
2022-08-09 CVE-2022-24477 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Elevation of Privilege Vulnerability

8.0
2022-08-09 CVE-2022-24516 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Elevation of Privilege Vulnerability

8.0
2022-08-12 CVE-2021-29117 Esri Use After Free vulnerability in Esri Arcreader

A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user.

7.8
2022-08-12 CVE-2022-20268 Google Unspecified vulnerability in Google Android 13.0

In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass.

7.8
2022-08-12 CVE-2022-20274 Google Missing Authorization vulnerability in Google Android 13.0

In Keyguard, there is a missing permission check.

7.8
2022-08-12 CVE-2022-20281 Google Missing Authorization vulnerability in Google Android 13.0

In Core, there is a possible way to start an activity from the background due to a missing permission check.

7.8
2022-08-12 CVE-2022-20282 Google Missing Authorization vulnerability in Google Android 13.0

In AppWidget, there is a possible way to start an activity from the background due to a missing permission check.

7.8
2022-08-12 CVE-2022-20329 Google Missing Authorization vulnerability in Google Android 13.0

In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check.

7.8
2022-08-11 CVE-2022-20250 Google Unspecified vulnerability in Google Android 13.0.0

In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation.

7.8
2022-08-11 CVE-2022-34260 Adobe Out-of-bounds Write vulnerability in Adobe Illustrator

Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-08-11 CVE-2022-34263 Adobe Use After Free vulnerability in Adobe Illustrator

Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-08-10 CVE-2022-20348 Google Missing Authorization vulnerability in Google Android

In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check.

7.8
2022-08-10 CVE-2022-20349 Google Missing Authorization vulnerability in Google Android

In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check.

7.8
2022-08-10 CVE-2022-20360 Google Missing Authorization vulnerability in Google Android

In setChecked of SecureNfcPreferenceController.java, there is a missing permission check.

7.8
2022-08-10 CVE-2022-25793 Autodesk Improper Validation of Specified Quantity in Input vulnerability in Autodesk 3DS MAX 2021/2021.3.8/2022

A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files.

7.8
2022-08-10 CVE-2022-30580 Golang Code Injection vulnerability in Golang GO

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.

7.8
2022-08-10 CVE-2022-20792 Clamav Out-of-bounds Write vulnerability in Clamav

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution.

7.8
2022-08-09 CVE-2022-30175 Microsoft Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

7.8
2022-08-09 CVE-2022-30176 Microsoft Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

7.8
2022-08-09 CVE-2022-33640 Microsoft Unspecified vulnerability in Microsoft products

System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-33648 Microsoft Unspecified vulnerability in Microsoft Office Online Server

Microsoft Excel Remote Code Execution Vulnerability

7.8
2022-08-09 CVE-2022-33670 Microsoft Unspecified vulnerability in Microsoft products

Windows Partition Management Driver Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-34687 Microsoft Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

7.8
2022-08-09 CVE-2022-34696 Microsoft Race Condition vulnerability in Microsoft products

Windows Hyper-V Remote Code Execution Vulnerability

7.8
2022-08-09 CVE-2022-34699 Microsoft Unspecified vulnerability in Microsoft products

Windows Win32k Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-34703 Microsoft Unspecified vulnerability in Microsoft products

Windows Partition Management Driver Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-34705 Microsoft Use After Free vulnerability in Microsoft products

Windows Defender Credential Guard Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-34706 Microsoft Unspecified vulnerability in Microsoft products

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-34707 Microsoft Use After Free vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-34713 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

7.8
2022-08-09 CVE-2022-35760 Microsoft Unspecified vulnerability in Microsoft products

Microsoft ATA Port Driver Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-35761 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-35762 Microsoft Unspecified vulnerability in Microsoft products

Storage Spaces Direct Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-35763 Microsoft Unspecified vulnerability in Microsoft products

Storage Spaces Direct Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-35764 Microsoft Unspecified vulnerability in Microsoft products

Storage Spaces Direct Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-35765 Microsoft Unspecified vulnerability in Microsoft products

Storage Spaces Direct Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-35768 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-35771 Microsoft Unspecified vulnerability in Microsoft products

Windows Defender Credential Guard Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-35773 Microsoft Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

7.8
2022-08-09 CVE-2022-35779 Microsoft Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

7.8
2022-08-09 CVE-2022-35792 Microsoft Unspecified vulnerability in Microsoft products

Storage Spaces Direct Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-35795 Microsoft Unspecified vulnerability in Microsoft products

Windows Error Reporting Service Elevation of Privilege Vulnerability

7.8
2022-08-09 CVE-2022-35806 Microsoft Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

7.8
2022-08-09 CVE-2022-35820 Microsoft Unspecified vulnerability in Microsoft products

Windows Bluetooth Driver Elevation of Privilege Vulnerability

7.8
2022-08-11 CVE-2022-38150 Varnish Cache Project
Fedoraproject
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses.
7.5
2022-08-10 CVE-2022-37006 Huawei Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos

Permission control vulnerability in the network module.

7.5
2022-08-10 CVE-2021-33645 Feep
Huawei
Fedoraproject
Memory Leak vulnerability in multiple products

The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak.

7.5
2022-08-10 CVE-2021-33646 Feep
Huawei
Fedoraproject
Memory Leak vulnerability in multiple products

The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak.

7.5
2022-08-10 CVE-2021-40040 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module.

7.5
2022-08-10 CVE-2022-28131 Golang
Fedoraproject
Netapp
Uncontrolled Recursion vulnerability in multiple products

Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.

7.5
2022-08-10 CVE-2022-29804 Golang Path Traversal vulnerability in Golang GO

Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.

7.5
2022-08-10 CVE-2022-30630 Golang Uncontrolled Recursion vulnerability in Golang GO

Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.

7.5
2022-08-10 CVE-2022-30631 Golang Uncontrolled Recursion vulnerability in Golang GO

Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.

7.5
2022-08-10 CVE-2022-30632 Golang Uncontrolled Recursion vulnerability in Golang GO

Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.

7.5
2022-08-10 CVE-2022-30633 Golang Uncontrolled Recursion vulnerability in Golang GO

Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.

7.5
2022-08-10 CVE-2022-30635 Golang Uncontrolled Recursion vulnerability in Golang GO

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.

7.5
2022-08-10 CVE-2022-31675 Vmware Unspecified vulnerability in VMWare Vrealize Operations

VMware vRealize Operations contains an authentication bypass vulnerability.

7.5
2022-08-10 CVE-2022-32189 Golang Unspecified vulnerability in Golang GO

A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.

7.5
2022-08-10 CVE-2022-20866 Cisco Information Exposure Through Discrepancy vulnerability in Cisco products

A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key.

7.5
2022-08-10 CVE-2021-46304 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions).

7.5
2022-08-10 CVE-2022-36324 Siemens Allocation of Resources Without Limits or Throttling vulnerability in Siemens products

Affected devices do not properly handle the renegotiation of SSL/TLS parameters.

7.5
2022-08-10 CVE-2021-37150 Apache
Debian
Fedoraproject
Improper Input Validation vulnerability in multiple products

Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources.

7.5
2022-08-10 CVE-2022-25763 Apache
Debian
Fedoraproject
HTTP Request Smuggling vulnerability in multiple products

Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks.

7.5
2022-08-10 CVE-2022-28129 Apache
Debian
Fedoraproject
Improper Input Validation vulnerability in multiple products

Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers.

7.5
2022-08-10 CVE-2022-31778 Apache
Debian
Improper Input Validation vulnerability in multiple products

Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache.

7.5
2022-08-10 CVE-2022-31779 Apache
Debian
Fedoraproject
Improper Input Validation vulnerability in multiple products

Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests.

7.5
2022-08-10 CVE-2022-31780 Apache
Debian
Fedoraproject
Improper Input Validation vulnerability in multiple products

Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests.

7.5
2022-08-09 CVE-2022-30144 Microsoft Unspecified vulnerability in Microsoft products

Windows Bluetooth Service Remote Code Execution Vulnerability

7.5
2022-08-09 CVE-2022-30194 Microsoft Unspecified vulnerability in Microsoft products

Windows WebBrowser Control Remote Code Execution Vulnerability

7.5
2022-08-09 CVE-2022-34701 Microsoft Unspecified vulnerability in Microsoft products

Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability

7.5
2022-08-09 CVE-2022-35769 Microsoft Unspecified vulnerability in Microsoft products

Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability

7.5
2022-08-09 CVE-2022-35796 Microsoft Race Condition vulnerability in Microsoft Edge Chromium

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

7.5
2022-08-08 CVE-2022-35488 Zammad Unspecified vulnerability in Zammad 5.2.0

In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim.

7.5
2022-08-09 CVE-2022-33631 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Excel Security Feature Bypass Vulnerability

7.3
2022-08-09 CVE-2022-35793 Microsoft Unspecified vulnerability in Microsoft products

Windows Print Spooler Elevation of Privilege Vulnerability

7.3
2022-08-12 CVE-2021-44720 Pulsesecure
Ivanti
Use of Hard-coded Credentials vulnerability in multiple products

In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen.

7.2
2022-08-10 CVE-2022-31672 Vmware Unspecified vulnerability in VMWare Vrealize Operations

VMware vRealize Operations contains a privilege escalation vulnerability.

7.2
2022-08-09 CVE-2022-35772 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Remote Code Execution Vulnerability

7.2
2022-08-09 CVE-2022-35824 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Remote Code Execution Vulnerability

7.2
2022-08-09 CVE-2022-34690 Microsoft Unspecified vulnerability in Microsoft products

Windows Fax Service Elevation of Privilege Vulnerability

7.1
2022-08-09 CVE-2022-33646 Microsoft Unspecified vulnerability in Microsoft Azure Batch

Azure Batch Node Agent Elevation of Privilege Vulnerability

7.0

114 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-12 CVE-2022-2503 Linux Improper Authentication vulnerability in Linux Kernel

Dm-verity is used for extending root-of-trust to root filesystems.

6.7
2022-08-11 CVE-2022-20369 Google
Debian
Out-of-bounds Write vulnerability in multiple products

In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation.

6.7
2022-08-11 CVE-2022-20376 Google Improper Locking vulnerability in Google Android

In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking.

6.7
2022-08-11 CVE-2022-20382 Google Uncontrolled Recursion vulnerability in Google Android

In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow.

6.7
2022-08-12 CVE-2022-2605 Google
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

6.5
2022-08-12 CVE-2022-2610 Google
Fedoraproject
Exposure of Resource to Wrong Sphere vulnerability in multiple products

Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5
2022-08-12 CVE-2022-2612 Google
Fedoraproject
Information Exposure Through Discrepancy vulnerability in multiple products

Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.

6.5
2022-08-12 CVE-2022-2615 Google
Fedoraproject
Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products

Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

6.5
2022-08-12 CVE-2022-2616 Google
Fedoraproject
Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.
6.5
2022-08-12 CVE-2022-2618 Google
Fedoraproject
Improper Input Validation vulnerability in multiple products

Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .

6.5
2022-08-12 CVE-2022-2622 Google
Fedoraproject
Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.
6.5
2022-08-12 CVE-2022-38183 Gitea Missing Authorization vulnerability in Gitea

In Gitea before 1.16.9, it was possible for users to add existing issues to projects.

6.5
2022-08-12 CVE-2022-20253 Google Improper Handling of Exceptional Conditions vulnerability in Google Android 13.0

In Bluetooth, there is a possible cleanup failure due to an uncaught exception.

6.5
2022-08-10 CVE-2022-1705 Golang HTTP Request Smuggling vulnerability in Golang GO

Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.

6.5
2022-08-10 CVE-2022-32148 Golang Unspecified vulnerability in Golang GO

Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.

6.5
2022-08-10 CVE-2022-22411 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum Scale Data Access Services 5.1.3.1

IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions.

6.5
2022-08-10 CVE-2022-2756 Kavitareader Server-Side Request Forgery (SSRF) vulnerability in Kavitareader Kavita

Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.

6.5
2022-08-10 CVE-2022-20852 Cisco Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Webex Meetings

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface.

6.5
2022-08-09 CVE-2022-30134 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Information Disclosure Vulnerability

6.5
2022-08-09 CVE-2022-35775 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35780 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35781 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35782 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35784 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35785 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35786 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35788 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35789 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35790 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35791 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35799 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35801 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35807 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35808 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35809 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35810 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35811 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35813 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35814 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35815 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35816 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35817 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35818 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-09 CVE-2022-35819 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

6.5
2022-08-08 CVE-2022-1323 2Code Missing Authorization vulnerability in 2Code Discy

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.

6.5
2022-08-08 CVE-2022-35489 Zammad Unspecified vulnerability in Zammad 5.2.0

In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned.

6.5
2022-08-12 CVE-2022-20256 Google Race Condition vulnerability in Google Android 13.0

In the Audio HAL, there is a possible out of bounds write due to a race condition.

6.4
2022-08-11 CVE-2022-20371 Google Improper Locking vulnerability in Google Android

In dm_bow_dtr and related functions of dm-bow.c, there is a possible use after free due to a race condition.

6.4
2022-08-09 CVE-2022-35776 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Denial of Service Vulnerability

6.2
2022-08-10 CVE-2022-20713 Cisco Cross-site Scripting vulnerability in Cisco products

A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device.

6.1
2022-08-10 CVE-2022-20869 Cisco Cross-site Scripting vulnerability in Cisco Broadworks

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface.

6.1
2022-08-10 CVE-2022-36801 Atlassian Cross-site Scripting vulnerability in Atlassian Jira Data Center

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint.

6.1
2022-08-09 CVE-2022-35797 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows 11

Windows Hello Security Feature Bypass Vulnerability

6.1
2022-08-08 CVE-2022-36266 Airspan Cross-site Scripting vulnerability in Airspan Airspot 5410 Firmware 0.3.4.14

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability.

6.1
2022-08-09 CVE-2022-34709 Microsoft Type Confusion vulnerability in Microsoft products

Windows Defender Credential Guard Security Feature Bypass Vulnerability

6.0
2022-08-09 CVE-2022-34716 Microsoft Unspecified vulnerability in Microsoft .Net, .Net Core and Powershell

.NET Spoofing Vulnerability

5.9
2022-08-12 CVE-2022-20259 Google Missing Authorization vulnerability in Google Android 13.0

In Telephony, there is a possible leak of ICCID and EID due to a missing permission check.

5.5
2022-08-12 CVE-2022-20260 Google Unspecified vulnerability in Google Android 13.0

In the Phone app, there is a possible crash loop due to resource exhaustion.

5.5
2022-08-12 CVE-2022-20263 Google Missing Authorization vulnerability in Google Android 13.0

In ActivityManager, there is a way to read process state for other users due to a missing permission check.

5.5
2022-08-12 CVE-2022-20270 Google Unspecified vulnerability in Google Android 13.0

In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass.

5.5
2022-08-12 CVE-2022-20275 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20276 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20277 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20279 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0

In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20284 Google Missing Authorization vulnerability in Google Android 13.0

In Telephony, there is a possible information disclosure due to a missing permission check.

5.5
2022-08-12 CVE-2022-20285 Google Unspecified vulnerability in Google Android 13.0

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20287 Google Unspecified vulnerability in Google Android 13.0

In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20288 Google Unspecified vulnerability in Google Android 13.0

In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20289 Google Unspecified vulnerability in Google Android 13.0

In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20290 Google Unspecified vulnerability in Google Android 13.0

In Midi, there is a possible way to learn about private midi devices due to a permissions bypass.

5.5
2022-08-12 CVE-2022-20294 Google Missing Authorization vulnerability in Google Android 13.0

In Content, there is a possible way to learn about an account present on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20295 Google Missing Authorization vulnerability in Google Android 13.0

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20296 Google Missing Authorization vulnerability in Google Android 13.0

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20298 Google Missing Authorization vulnerability in Google Android 13.0

In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20299 Google Missing Authorization vulnerability in Google Android 13.0

In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20300 Google Missing Authorization vulnerability in Google Android 13.0

In Content, there is a possible way to check if the given account exists on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20301 Google Missing Authorization vulnerability in Google Android 13.0

In Content, there is a possible way to check if an account exists on the device due to a missing permission check.

5.5
2022-08-12 CVE-2022-20303 Google Missing Authorization vulnerability in Google Android 13.0

In ContentService, there is a possible way to determine if an account is on the device without GET_ACCOUNTS permission due to a missing permission check.

5.5
2022-08-12 CVE-2022-20312 Google Missing Authorization vulnerability in Google Android 13.0

In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check.

5.5
2022-08-12 CVE-2022-20322 Google Missing Authorization vulnerability in Google Android 13.0

In PackageManager, there is a possible installed package disclosure due to a missing permission check.

5.5
2022-08-12 CVE-2022-20323 Google Missing Authorization vulnerability in Google Android 13.0

In PackageManager, there is a possible package installation disclosure due to a missing permission check.

5.5
2022-08-12 CVE-2022-20326 Google Missing Authorization vulnerability in Google Android 13.0

In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check.

5.5
2022-08-12 CVE-2022-20332 Google Unspecified vulnerability in Google Android 13.0

In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-12 CVE-2022-20341 Google Missing Authorization vulnerability in Google Android 13.0

In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check.

5.5
2022-08-11 CVE-2021-0735 Google Missing Authorization vulnerability in Google Android 13.0.0

In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check.

5.5
2022-08-11 CVE-2021-0975 Google Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0

In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure.

5.5
2022-08-10 CVE-2022-1962 Golang Uncontrolled Recursion vulnerability in Golang GO

Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.

5.5
2022-08-10 CVE-2022-20352 Google Missing Authorization vulnerability in Google Android 12.0/12.1

In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check.

5.5
2022-08-10 CVE-2022-20357 Google Use of Uninitialized Resource vulnerability in Google Android 12.0/12.1

In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data.

5.5
2022-08-09 CVE-2022-30197 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Information Disclosure Vulnerability

5.5
2022-08-09 CVE-2022-34685 Microsoft Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio

Azure RTOS GUIX Studio Information Disclosure Vulnerability

5.5
2022-08-09 CVE-2022-34686 Microsoft Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio

Azure RTOS GUIX Studio Information Disclosure Vulnerability

5.5
2022-08-09 CVE-2022-34708 Microsoft Unspecified vulnerability in Microsoft products

Windows Kernel Information Disclosure Vulnerability

5.5
2022-08-09 CVE-2022-34710 Microsoft Unspecified vulnerability in Microsoft products

Windows Defender Credential Guard Information Disclosure Vulnerability

5.5
2022-08-09 CVE-2022-34712 Microsoft Unspecified vulnerability in Microsoft products

Windows Defender Credential Guard Information Disclosure Vulnerability

5.5
2022-08-11 CVE-2022-28753 Zoom Unspecified vulnerability in Zoom Meeting Connector

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability.

5.4
2022-08-11 CVE-2022-28754 Zoom Unspecified vulnerability in Zoom Meeting Connector

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability.

5.4
2022-08-11 CVE-2022-2769 Company Website CMS Project Cross-site Scripting vulnerability in Company Website CMS Project Company Website CMS 1.0

A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS.

5.4
2022-08-10 CVE-2022-20820 Cisco Cross-site Scripting vulnerability in Cisco Webex Meetings

Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface.

5.4
2022-08-09 CVE-2022-34692 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2016/2019

Microsoft Exchange Server Information Disclosure Vulnerability

5.3
2022-08-10 CVE-2022-20914 Cisco Insufficiently Protected Credentials vulnerability in Cisco Identity Services Engine

A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information.

4.9
2022-08-09 CVE-2022-35774 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

4.9
2022-08-09 CVE-2022-35787 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

4.9
2022-08-09 CVE-2022-35800 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

4.9
2022-08-09 CVE-2022-35812 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery

Azure Site Recovery Elevation of Privilege Vulnerability

4.9
2022-08-10 CVE-2022-36325 Siemens Unspecified vulnerability in Siemens products

Affected devices do not properly sanitize data introduced by an user when rendering the web interface.

4.8
2022-08-09 CVE-2022-21979 Microsoft Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019

Microsoft Exchange Server Information Disclosure Vulnerability

4.8
2022-08-09 CVE-2022-34704 Microsoft Information Exposure Through Discrepancy vulnerability in Microsoft products

Windows Defender Credential Guard Information Disclosure Vulnerability

4.7
2022-08-12 CVE-2022-20265 Google Unspecified vulnerability in Google Android 13.0

In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass.

4.6
2022-08-12 CVE-2022-20255 Google Missing Authorization vulnerability in Google Android 13.0

In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check.

4.4
2022-08-09 CVE-2022-35783 Microsoft Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1

Azure Site Recovery Elevation of Privilege Vulnerability

4.4
2022-08-09 CVE-2022-35821 Microsoft Unspecified vulnerability in Microsoft Azure Sphere

Azure Sphere Information Disclosure Vulnerability

4.4
2022-08-12 CVE-2022-2611 Google
Fedoraproject
Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
4.3
2022-08-12 CVE-2022-2619 Google
Fedoraproject
Improper Encoding or Escaping of Output vulnerability in multiple products

Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.

4.3

14 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-12 CVE-2022-20330 Google Missing Authorization vulnerability in Google Android 13.0

In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check.

3.5
2022-08-12 CVE-2022-20262 Google Missing Authorization vulnerability in Google Android 13.0

In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check.

3.3
2022-08-12 CVE-2022-20267 Google Missing Authorization vulnerability in Google Android 13.0

In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check.

3.3
2022-08-12 CVE-2022-20305 Google Missing Authorization vulnerability in Google Android 13.0

In ContentService, there is a possible disclosure of available account types due to a missing permission check.

3.3
2022-08-12 CVE-2022-20310 Google Missing Authorization vulnerability in Google Android 13.0

In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check.

3.3
2022-08-12 CVE-2022-20311 Google Missing Authorization vulnerability in Google Android 13.0

In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check.

3.3
2022-08-12 CVE-2022-20315 Google Missing Authorization vulnerability in Google Android 13.0

In ActivityManager, there is a possible disclosure of installed packages due to a missing permission check.

3.3
2022-08-12 CVE-2022-20321 Google Missing Authorization vulnerability in Google Android 13.0

In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check.

3.3
2022-08-12 CVE-2022-20328 Google Missing Authorization vulnerability in Google Android 13.0

In PackageManager, there is a possible way to determine whether an app is installed due to a missing permission check.

3.3
2022-08-12 CVE-2022-20338 Google Improper Input Validation vulnerability in Google Android 13.0

In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation.

3.3
2022-08-10 CVE-2022-20358 Google Missing Authorization vulnerability in Google Android

In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check.

3.3
2022-08-10 CVE-2022-30629 Golang Use of Insufficiently Random Values vulnerability in Golang GO

Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption.

3.1
2022-08-12 CVE-2022-20327 Google Missing Authorization vulnerability in Google Android 13.0

In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check.

2.8
2022-08-12 CVE-2022-20261 Google Missing Authorization vulnerability in Google Android 13.0

In LocationManager, there is a possible way to get location information due to a missing permission check.

2.3