Weekly Vulnerabilities Reports > August 8 to 14, 2022
Overview
282 new vulnerabilities reported during this period, including 37 critical vulnerabilities and 117 high severity vulnerabilities. This weekly summary report vulnerabilities in 194 products from 40 vendors including Microsoft, Google, Fedoraproject, Wavlink, and Golang. Vulnerabilities are notably categorized as "Missing Authorization", "Use After Free", "Race Condition", "Improper Input Validation", and "Uncontrolled Recursion".
- 168 reported vulnerabilities are remotely exploitables.
- 18 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 134 reported vulnerabilities are exploitable by an anonymous user.
- Microsoft has the most reported vulnerabilities, with 103 reported vulnerabilities.
- Wavlink has the most reported critical vulnerabilities, with 15 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
37 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-10 | CVE-2022-20827 | Cisco | OS Command Injection vulnerability in Cisco products Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. | 10.0 |
2022-08-12 | CVE-2022-35949 | Nodejs | Server-Side Request Forgery (SSRF) vulnerability in Nodejs Undici undici is an HTTP/1.1 client, written from scratch for Node.js.`undici` is vulnerable to SSRF (Server-side Request Forgery) when an application takes in **user input** into the `path/pathname` option of `undici.request`. | 9.8 |
2022-08-12 | CVE-2022-2803 | Phpgurukul | SQL Injection vulnerability in PHPgurukul ZOO Management System A vulnerability was found in SourceCodester Zoo Management System and classified as critical. | 9.8 |
2022-08-12 | CVE-2022-2804 | Phpgurukul | Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul ZOO Management System A vulnerability was found in SourceCodester Zoo Management System. | 9.8 |
2022-08-12 | CVE-2022-35555 | Tenda | OS Command Injection vulnerability in Tenda W6 Firmware 1.0.0.9(4122) A command injection vulnerability exists in /goform/exeCommand in Tenda W6 V1.0.0.9(4122), which allows attackers to construct cmdinput parameters for arbitrary command execution. | 9.8 |
2022-08-12 | CVE-2022-37042 | Zimbra | Path Traversal vulnerability in Zimbra Collaboration 8.8.15/9.0.0 Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. | 9.8 |
2022-08-11 | CVE-2022-20237 | Out-of-bounds Write vulnerability in Google Android In BuildDevIDResponse of miscdatabuilder.cpp, there is a possible out of bounds write due to a missing bounds check. | 9.8 | |
2022-08-11 | CVE-2022-2765 | Company Website CMS Project | Missing Authentication for Critical Function vulnerability in Company Website CMS Project Company Website CMS 1.0 A vulnerability was found in SourceCodester Company Website CMS 1.0. | 9.8 |
2022-08-10 | CVE-2022-36270 | Oretnom23 | Unspecified vulnerability in Oretnom23 Clinic'S Patient Management System 1.0 Clinic's Patient Management System v1.0 has arbitrary code execution via url: ip/pms/users.php. | 9.8 |
2022-08-10 | CVE-2022-36750 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Clinic'S Patient Management System 1.0 Clinic's Patient Management System v1.0 is vulnerable to SQL injection via /pms/update_user.php?id=. | 9.8 |
2022-08-10 | CVE-2022-37002 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The SystemUI module has a privilege escalation vulnerability. | 9.8 |
2022-08-10 | CVE-2022-20239 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Google Android remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091 | 9.8 | |
2022-08-10 | CVE-2022-32429 | Megatech | Improper Authentication vulnerability in Megatech Msnswitch Firmware Mnt.2408 An authentication-bypass issue in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh of Mega System Technologies Inc MSNSwitch MNT.2408 allows unauthenticated attackers to arbitrarily configure settings within the application, leading to remote code execution. | 9.8 |
2022-08-10 | CVE-2022-35518 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 nas.cgi has no filtering on parameters: User1Passwd and User1, which leads to command injection in page /nas_disk.shtml. | 9.8 |
2022-08-10 | CVE-2022-35519 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter add_mac, which leads to command injection in page /cli_black_list.shtml. | 9.8 |
2022-08-10 | CVE-2022-35520 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 api.cgi has no filtering on parameter ufconf, and this is a hidden parameter which doesn't appear in POST body, but exist in cgi binary. | 9.8 |
2022-08-10 | CVE-2022-35521 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameters: remoteManagementEnabled, blockPortScanEnabled, pingFrmWANFilterEnabled and blockSynFloodEnabled, which leads to command injection in page /man_security.shtml. | 9.8 |
2022-08-10 | CVE-2022-35522 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: ppp_username, ppp_passwd, rwan_gateway, rwan_mask and rwan_ip, which leads to command injection in page /wan.shtml. | 9.8 |
2022-08-10 | CVE-2022-35523 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 firewall.cgi has no filtering on parameter del_mac and parameter flag, which leads to command injection in page /cli_black_list.shtml. | 9.8 |
2022-08-10 | CVE-2022-35524 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: wlan_signal, web_pskValue, sel_EncrypTyp, sel_Automode, wlan_bssid, wlan_ssid and wlan_channel, which leads to command injection in page /wizard_rep.shtml. | 9.8 |
2022-08-10 | CVE-2022-35525 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameter led_switch, which leads to command injection in page /ledonoff.shtml. | 9.8 |
2022-08-10 | CVE-2022-35526 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 login.cgi has no filtering on parameter key, which leads to command injection in page /login.shtml. | 9.8 |
2022-08-10 | CVE-2022-35533 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: cli_list and cli_num, which leads to command injection in page /qos.shtml. | 9.8 |
2022-08-10 | CVE-2022-35534 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter hiddenSSID32g and SSID2G2, which leads to command injection in page /wifi_multi_ssid.shtml. | 9.8 |
2022-08-10 | CVE-2022-35535 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameter macAddr, which leads to command injection in page /wifi_mesh.shtml. | 9.8 |
2022-08-10 | CVE-2022-35536 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 qos.cgi has no filtering on parameters: qos_bandwith and qos_dat, which leads to command injection in page /qos.shtml. | 9.8 |
2022-08-10 | CVE-2022-35537 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: mac_5g and Newname, which leads to command injection in page /wifi_mesh.shtml. | 9.8 |
2022-08-10 | CVE-2022-35538 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 wireless.cgi has no filtering on parameters: delete_list, delete_al_mac, b_delete_list and b_delete_al_mac, which leads to command injection in page /wifi_mesh.shtml. | 9.8 |
2022-08-10 | CVE-2022-20842 | Cisco | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. | 9.8 |
2022-08-09 | CVE-2022-30133 | Microsoft | Unspecified vulnerability in Microsoft products Windows Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability | 9.8 |
2022-08-09 | CVE-2022-34715 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2022 Windows Network File System Remote Code Execution Vulnerability | 9.8 |
2022-08-08 | CVE-2022-36267 | Airspan | Unspecified vulnerability in Airspan Airspot 5410 Firmware 0.3.4.14 In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a Unauthenticated remote command injection vulnerability. | 9.8 |
2022-08-08 | CVE-2022-2460 | Digital Product Labs | Unspecified vulnerability in Digital Product Labs Wpdating 7.1.9 The WPDating WordPress plugin before 7.4.0 does not properly escape user input before concatenating it to certain SQL queries, leading to multiple SQL injection vulnerabilities exploitable by unauthenticated users | 9.8 |
2022-08-09 | CVE-2022-33649 | Microsoft | Unspecified vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 9.6 |
2022-08-10 | CVE-2021-33643 | Feep Huawei Fedoraproject | Out-of-bounds Read vulnerability in multiple products An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longlink, causing an out-of-bounds read. | 9.1 |
2022-08-10 | CVE-2022-36323 | Siemens | Unspecified vulnerability in Siemens products Affected devices do not properly sanitize an input field. | 9.1 |
2022-08-10 | CVE-2022-20841 | Cisco | Improper Input Validation vulnerability in Cisco products Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device. | 9.0 |
117 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-12 | CVE-2022-2603 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-08-12 | CVE-2022-2604 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-08-12 | CVE-2022-2606 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-08-12 | CVE-2022-2607 | Google Fedoraproject | Race Condition vulnerability in multiple products Use after free in Tab Strip in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2608 | Google Fedoraproject | Race Condition vulnerability in multiple products Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2609 | Google Fedoraproject | Race Condition vulnerability in multiple products Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2613 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2614 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 8.8 |
2022-08-12 | CVE-2022-2617 | Google Fedoraproject | Race Condition vulnerability in multiple products Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2620 | Google Fedoraproject | Improper Initialization vulnerability in multiple products Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2621 | Google Fedoraproject | Use After Free vulnerability in multiple products Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2623 | Google Fedoraproject | Race Condition vulnerability in multiple products Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions. | 8.8 |
2022-08-12 | CVE-2022-2624 | Google Fedoraproject | Out-of-bounds Write vulnerability in multiple products Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. | 8.8 |
2022-08-12 | CVE-2022-20254 | Unspecified vulnerability in Google Android 13.0 In Wi-Fi, there is a permissions bypass. | 8.8 | |
2022-08-10 | CVE-2022-31673 | Vmware | Unspecified vulnerability in VMWare Vrealize Operations VMware vRealize Operations contains an information disclosure vulnerability. | 8.8 |
2022-08-10 | CVE-2022-35517 | Wavlink | Unspecified vulnerability in Wavlink products WAVLINK WN572HP3, WN533A8, WN530H4, WN535G3, WN531P3 adm.cgi has no filtering on parameters: web_pskValue, wl_Method, wlan_ssid, EncrypType, rwan_ip, rwan_mask, rwan_gateway, ppp_username, ppp_passwd and ppp_setver, which leads to command injection in page /wizard_router_mesh.shtml. | 8.8 |
2022-08-09 | CVE-2022-34691 | Microsoft | Unspecified vulnerability in Microsoft products Active Directory Domain Services Elevation of Privilege Vulnerability | 8.8 |
2022-08-09 | CVE-2022-34717 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Office Remote Code Execution Vulnerability | 8.8 |
2022-08-09 | CVE-2022-35777 | Microsoft | Unspecified vulnerability in Microsoft products Visual Studio Remote Code Execution Vulnerability | 8.8 |
2022-08-09 | CVE-2022-35804 | Microsoft | Unspecified vulnerability in Microsoft Windows 11 SMB Client and Server Remote Code Execution Vulnerability | 8.8 |
2022-08-09 | CVE-2022-35825 | Microsoft | Unspecified vulnerability in Microsoft products Visual Studio Remote Code Execution Vulnerability | 8.8 |
2022-08-09 | CVE-2022-35826 | Microsoft | Unspecified vulnerability in Microsoft products Visual Studio Remote Code Execution Vulnerability | 8.8 |
2022-08-09 | CVE-2022-35827 | Microsoft | Unspecified vulnerability in Microsoft products Visual Studio Remote Code Execution Vulnerability | 8.8 |
2022-08-09 | CVE-2022-33636 | Microsoft | Race Condition vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 8.3 |
2022-08-09 | CVE-2022-2732 | Open EMR | Missing Authorization vulnerability in Open-Emr Openemr Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1. | 8.3 |
2022-08-10 | CVE-2022-2458 | Redhat | XXE vulnerability in Redhat Process Automation Manager 7.5.1 XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. | 8.2 |
2022-08-10 | CVE-2022-32245 | SAP | Cleartext Transmission of Sensitive Information vulnerability in SAP Businessobjects Business Intelligence 420/430 SAP BusinessObjects Business Intelligence Platform (Open Document) - versions 420, 430, allows an unauthenticated attacker to retrieve sensitive information plain text over the network. | 8.2 |
2022-08-10 | CVE-2021-33644 | Feep Huawei Fedoraproject | Out-of-bounds Read vulnerability in multiple products An attacker who submits a crafted tar file with size in header struct being 0 may be able to trigger an calling of malloc(0) for a variable gnu_longname, causing an out-of-bounds read. | 8.1 |
2022-08-10 | CVE-2022-20816 | Cisco | Path Traversal vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to delete arbitrary files from an affected system. | 8.1 |
2022-08-09 | CVE-2022-34702 | Microsoft | Race Condition vulnerability in Microsoft products Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
2022-08-09 | CVE-2022-34714 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
2022-08-09 | CVE-2022-35766 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
2022-08-09 | CVE-2022-35767 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
2022-08-09 | CVE-2022-35794 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 |
2022-08-09 | CVE-2022-35802 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 8.1 |
2022-08-09 | CVE-2022-21980 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 8.0 |
2022-08-09 | CVE-2022-24477 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 8.0 |
2022-08-09 | CVE-2022-24516 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 8.0 |
2022-08-12 | CVE-2021-29117 | Esri | Use After Free vulnerability in Esri Arcreader A use-after-free vulnerability when parsing a specially crafted file in Esri ArcReader 10.8.1 (and earlier) allows an unauthenticated attacker to achieve arbitrary code execution in the context of the current user. | 7.8 |
2022-08-12 | CVE-2022-20268 | Unspecified vulnerability in Google Android 13.0 In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass. | 7.8 | |
2022-08-12 | CVE-2022-20274 | Missing Authorization vulnerability in Google Android 13.0 In Keyguard, there is a missing permission check. | 7.8 | |
2022-08-12 | CVE-2022-20281 | Missing Authorization vulnerability in Google Android 13.0 In Core, there is a possible way to start an activity from the background due to a missing permission check. | 7.8 | |
2022-08-12 | CVE-2022-20282 | Missing Authorization vulnerability in Google Android 13.0 In AppWidget, there is a possible way to start an activity from the background due to a missing permission check. | 7.8 | |
2022-08-12 | CVE-2022-20329 | Missing Authorization vulnerability in Google Android 13.0 In Wifi, there is a possible way to enable Wifi without permissions due to a missing permission check. | 7.8 | |
2022-08-11 | CVE-2022-20250 | Unspecified vulnerability in Google Android 13.0.0 In Messaging, there is a possible way to attach files to a message without proper access checks due to improper input validation. | 7.8 | |
2022-08-11 | CVE-2022-34260 | Adobe | Out-of-bounds Write vulnerability in Adobe Illustrator Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-08-11 | CVE-2022-34263 | Adobe | Use After Free vulnerability in Adobe Illustrator Adobe Illustrator versions 26.3.1 (and earlier) and 25.4.6 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-08-10 | CVE-2022-20348 | Missing Authorization vulnerability in Google Android In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. | 7.8 | |
2022-08-10 | CVE-2022-20349 | Missing Authorization vulnerability in Google Android In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. | 7.8 | |
2022-08-10 | CVE-2022-20360 | Missing Authorization vulnerability in Google Android In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. | 7.8 | |
2022-08-10 | CVE-2022-25793 | Autodesk | Improper Validation of Specified Quantity in Input vulnerability in Autodesk 3DS MAX 2021/2021.3.8/2022 A Stack-based Buffer Overflow Vulnerability in Autodesk 3ds Max 2022, 2021, and 2020 may lead to code execution through the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer when parsing ActionScript Byte Code files. | 7.8 |
2022-08-10 | CVE-2022-30580 | Golang | Code Injection vulnerability in Golang GO Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. | 7.8 |
2022-08-10 | CVE-2022-20792 | Clamav | Out-of-bounds Write vulnerability in Clamav A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. | 7.8 |
2022-08-09 | CVE-2022-30175 | Microsoft | Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 |
2022-08-09 | CVE-2022-30176 | Microsoft | Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 |
2022-08-09 | CVE-2022-33640 | Microsoft | Unspecified vulnerability in Microsoft products System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-33648 | Microsoft | Unspecified vulnerability in Microsoft Office Online Server Microsoft Excel Remote Code Execution Vulnerability | 7.8 |
2022-08-09 | CVE-2022-33670 | Microsoft | Unspecified vulnerability in Microsoft products Windows Partition Management Driver Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-34687 | Microsoft | Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 |
2022-08-09 | CVE-2022-34696 | Microsoft | Race Condition vulnerability in Microsoft products Windows Hyper-V Remote Code Execution Vulnerability | 7.8 |
2022-08-09 | CVE-2022-34699 | Microsoft | Unspecified vulnerability in Microsoft products Windows Win32k Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-34703 | Microsoft | Unspecified vulnerability in Microsoft products Windows Partition Management Driver Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-34705 | Microsoft | Use After Free vulnerability in Microsoft products Windows Defender Credential Guard Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-34706 | Microsoft | Unspecified vulnerability in Microsoft products Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-34707 | Microsoft | Use After Free vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-34713 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35760 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft ATA Port Driver Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35761 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35762 | Microsoft | Unspecified vulnerability in Microsoft products Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35763 | Microsoft | Unspecified vulnerability in Microsoft products Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35764 | Microsoft | Unspecified vulnerability in Microsoft products Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35765 | Microsoft | Unspecified vulnerability in Microsoft products Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35768 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35771 | Microsoft | Unspecified vulnerability in Microsoft products Windows Defender Credential Guard Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35773 | Microsoft | Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35779 | Microsoft | Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35792 | Microsoft | Unspecified vulnerability in Microsoft products Storage Spaces Direct Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35795 | Microsoft | Unspecified vulnerability in Microsoft products Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35806 | Microsoft | Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 |
2022-08-09 | CVE-2022-35820 | Microsoft | Unspecified vulnerability in Microsoft products Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7.8 |
2022-08-11 | CVE-2022-38150 | Varnish Cache Project Fedoraproject | In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. | 7.5 |
2022-08-10 | CVE-2022-37006 | Huawei | Incorrect Default Permissions vulnerability in Huawei Emui and Harmonyos Permission control vulnerability in the network module. | 7.5 |
2022-08-10 | CVE-2021-33645 | Feep Huawei Fedoraproject | Memory Leak vulnerability in multiple products The th_read() function doesn’t free a variable t->th_buf.gnu_longlink after allocating memory, which may cause a memory leak. | 7.5 |
2022-08-10 | CVE-2021-33646 | Feep Huawei Fedoraproject | Memory Leak vulnerability in multiple products The th_read() function doesn’t free a variable t->th_buf.gnu_longname after allocating memory, which may cause a memory leak. | 7.5 |
2022-08-10 | CVE-2021-40040 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI Vulnerability of writing data to an arbitrary address in the HW_KEYMASTER module. | 7.5 |
2022-08-10 | CVE-2022-28131 | Golang Fedoraproject Netapp | Uncontrolled Recursion vulnerability in multiple products Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. | 7.5 |
2022-08-10 | CVE-2022-29804 | Golang | Path Traversal vulnerability in Golang GO Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack. | 7.5 |
2022-08-10 | CVE-2022-30630 | Golang | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators. | 7.5 |
2022-08-10 | CVE-2022-30631 | Golang | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. | 7.5 |
2022-08-10 | CVE-2022-30632 | Golang | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators. | 7.5 |
2022-08-10 | CVE-2022-30633 | Golang | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. | 7.5 |
2022-08-10 | CVE-2022-30635 | Golang | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures. | 7.5 |
2022-08-10 | CVE-2022-31675 | Vmware | Unspecified vulnerability in VMWare Vrealize Operations VMware vRealize Operations contains an authentication bypass vulnerability. | 7.5 |
2022-08-10 | CVE-2022-32189 | Golang | Unspecified vulnerability in Golang GO A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. | 7.5 |
2022-08-10 | CVE-2022-20866 | Cisco | Information Exposure Through Discrepancy vulnerability in Cisco products A vulnerability in the handling of RSA keys on devices running Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve an RSA private key. | 7.5 |
2022-08-10 | CVE-2021-46304 | Siemens | Unspecified vulnerability in Siemens products A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions), CP-8021 MASTER MODULE (All versions), CP-8022 MASTER MODULE WITH GPRS (All versions). | 7.5 |
2022-08-10 | CVE-2022-36324 | Siemens | Allocation of Resources Without Limits or Throttling vulnerability in Siemens products Affected devices do not properly handle the renegotiation of SSL/TLS parameters. | 7.5 |
2022-08-10 | CVE-2021-37150 | Apache Debian Fedoraproject | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in header parsing of Apache Traffic Server allows an attacker to request secure resources. | 7.5 |
2022-08-10 | CVE-2022-25763 | Apache Debian Fedoraproject | HTTP Request Smuggling vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. | 7.5 |
2022-08-10 | CVE-2022-28129 | Apache Debian Fedoraproject | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/1.1 header parsing of Apache Traffic Server allows an attacker to send invalid headers. | 7.5 |
2022-08-10 | CVE-2022-31778 | Apache Debian | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in handling the Transfer-Encoding header of Apache Traffic Server allows an attacker to poison the cache. | 7.5 |
2022-08-10 | CVE-2022-31779 | Apache Debian Fedoraproject | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 header parsing of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
2022-08-10 | CVE-2022-31780 | Apache Debian Fedoraproject | Improper Input Validation vulnerability in multiple products Improper Input Validation vulnerability in HTTP/2 frame handling of Apache Traffic Server allows an attacker to smuggle requests. | 7.5 |
2022-08-09 | CVE-2022-30144 | Microsoft | Unspecified vulnerability in Microsoft products Windows Bluetooth Service Remote Code Execution Vulnerability | 7.5 |
2022-08-09 | CVE-2022-30194 | Microsoft | Unspecified vulnerability in Microsoft products Windows WebBrowser Control Remote Code Execution Vulnerability | 7.5 |
2022-08-09 | CVE-2022-34701 | Microsoft | Unspecified vulnerability in Microsoft products Windows Secure Socket Tunneling Protocol (SSTP) Denial of Service Vulnerability | 7.5 |
2022-08-09 | CVE-2022-35769 | Microsoft | Unspecified vulnerability in Microsoft products Windows Point-to-Point Protocol (PPP) Denial of Service Vulnerability | 7.5 |
2022-08-09 | CVE-2022-35796 | Microsoft | Race Condition vulnerability in Microsoft Edge Chromium Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 7.5 |
2022-08-08 | CVE-2022-35488 | Zammad | Unspecified vulnerability in Zammad 5.2.0 In Zammad 5.2.0, an attacker could manipulate the rate limiting in the 'forgot password' feature of Zammad, and thereby send many requests for a known account to cause Denial Of Service by many generated emails which would also spam the victim. | 7.5 |
2022-08-09 | CVE-2022-33631 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Excel Security Feature Bypass Vulnerability | 7.3 |
2022-08-09 | CVE-2022-35793 | Microsoft | Unspecified vulnerability in Microsoft products Windows Print Spooler Elevation of Privilege Vulnerability | 7.3 |
2022-08-12 | CVE-2021-44720 | Pulsesecure Ivanti | Use of Hard-coded Credentials vulnerability in multiple products In Ivanti Pulse Secure Pulse Connect Secure (PCS) before 9.1R12, the administrator password is stored in the HTML source code of the "Maintenance > Push Configuration > Targets > Target Name" targets.cgi screen. | 7.2 |
2022-08-10 | CVE-2022-31672 | Vmware | Unspecified vulnerability in VMWare Vrealize Operations VMware vRealize Operations contains a privilege escalation vulnerability. | 7.2 |
2022-08-09 | CVE-2022-35772 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Remote Code Execution Vulnerability | 7.2 |
2022-08-09 | CVE-2022-35824 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Remote Code Execution Vulnerability | 7.2 |
2022-08-09 | CVE-2022-34690 | Microsoft | Unspecified vulnerability in Microsoft products Windows Fax Service Elevation of Privilege Vulnerability | 7.1 |
2022-08-09 | CVE-2022-33646 | Microsoft | Unspecified vulnerability in Microsoft Azure Batch Azure Batch Node Agent Elevation of Privilege Vulnerability | 7.0 |
114 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-12 | CVE-2022-2503 | Linux | Improper Authentication vulnerability in Linux Kernel Dm-verity is used for extending root-of-trust to root filesystems. | 6.7 |
2022-08-11 | CVE-2022-20369 | Google Debian | Out-of-bounds Write vulnerability in multiple products In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. | 6.7 |
2022-08-11 | CVE-2022-20376 | Improper Locking vulnerability in Google Android In trusty_log_seq_start of trusty-log.c, there is a possible use after free due to improper locking. | 6.7 | |
2022-08-11 | CVE-2022-20382 | Uncontrolled Recursion vulnerability in Google Android In (TBD) of (TBD), there is a possible out of bounds write due to kernel stack overflow. | 6.7 | |
2022-08-12 | CVE-2022-2605 | Google Fedoraproject | Out-of-bounds Read vulnerability in multiple products Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 6.5 |
2022-08-12 | CVE-2022-2610 | Google Fedoraproject | Exposure of Resource to Wrong Sphere vulnerability in multiple products Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2022-08-12 | CVE-2022-2612 | Google Fedoraproject | Information Exposure Through Discrepancy vulnerability in multiple products Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
2022-08-12 | CVE-2022-2615 | Google Fedoraproject | Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 |
2022-08-12 | CVE-2022-2616 | Google Fedoraproject | Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension. | 6.5 |
2022-08-12 | CVE-2022-2618 | Google Fedoraproject | Improper Input Validation vulnerability in multiple products Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file . | 6.5 |
2022-08-12 | CVE-2022-2622 | Google Fedoraproject | Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file. | 6.5 |
2022-08-12 | CVE-2022-38183 | Gitea | Missing Authorization vulnerability in Gitea In Gitea before 1.16.9, it was possible for users to add existing issues to projects. | 6.5 |
2022-08-12 | CVE-2022-20253 | Improper Handling of Exceptional Conditions vulnerability in Google Android 13.0 In Bluetooth, there is a possible cleanup failure due to an uncaught exception. | 6.5 | |
2022-08-10 | CVE-2022-1705 | Golang | HTTP Request Smuggling vulnerability in Golang GO Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. | 6.5 |
2022-08-10 | CVE-2022-32148 | Golang | Unspecified vulnerability in Golang GO Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. | 6.5 |
2022-08-10 | CVE-2022-22411 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum Scale Data Access Services 5.1.3.1 IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. | 6.5 |
2022-08-10 | CVE-2022-2756 | Kavitareader | Server-Side Request Forgery (SSRF) vulnerability in Kavitareader Kavita Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1. | 6.5 |
2022-08-10 | CVE-2022-20852 | Cisco | Improper Restriction of Rendered UI Layers or Frames vulnerability in Cisco Webex Meetings Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. | 6.5 |
2022-08-09 | CVE-2022-30134 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35775 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35780 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35781 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35782 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35784 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35785 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35786 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35788 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35789 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35790 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35791 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35799 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35801 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35807 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35808 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35809 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35810 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35811 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35813 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35814 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35815 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35816 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35817 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35818 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-09 | CVE-2022-35819 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 6.5 |
2022-08-08 | CVE-2022-1323 | 2Code | Missing Authorization vulnerability in 2Code Discy The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request. | 6.5 |
2022-08-08 | CVE-2022-35489 | Zammad | Unspecified vulnerability in Zammad 5.2.0 In Zammad 5.2.0, customers who have secondary organizations assigned were able to see all organizations of the system rather than only those to which they are assigned. | 6.5 |
2022-08-12 | CVE-2022-20256 | Race Condition vulnerability in Google Android 13.0 In the Audio HAL, there is a possible out of bounds write due to a race condition. | 6.4 | |
2022-08-11 | CVE-2022-20371 | Improper Locking vulnerability in Google Android In dm_bow_dtr and related functions of dm-bow.c, there is a possible use after free due to a race condition. | 6.4 | |
2022-08-09 | CVE-2022-35776 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Denial of Service Vulnerability | 6.2 |
2022-08-10 | CVE-2022-20713 | Cisco | Cross-site Scripting vulnerability in Cisco products A vulnerability in the VPN web client services component of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct browser-based attacks against users of an affected device. | 6.1 |
2022-08-10 | CVE-2022-20869 | Cisco | Cross-site Scripting vulnerability in Cisco Broadworks A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. | 6.1 |
2022-08-10 | CVE-2022-36801 | Atlassian | Cross-site Scripting vulnerability in Atlassian Jira Data Center Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Reflected Cross-Site Scripting (RXSS) vulnerability in the TeamManagement.jspa endpoint. | 6.1 |
2022-08-09 | CVE-2022-35797 | Microsoft | Unspecified vulnerability in Microsoft Windows 10 and Windows 11 Windows Hello Security Feature Bypass Vulnerability | 6.1 |
2022-08-08 | CVE-2022-36266 | Airspan | Cross-site Scripting vulnerability in Airspan Airspot 5410 Firmware 0.3.4.14 In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. | 6.1 |
2022-08-09 | CVE-2022-34709 | Microsoft | Type Confusion vulnerability in Microsoft products Windows Defender Credential Guard Security Feature Bypass Vulnerability | 6.0 |
2022-08-09 | CVE-2022-34716 | Microsoft | Unspecified vulnerability in Microsoft .Net, .Net Core and Powershell .NET Spoofing Vulnerability | 5.9 |
2022-08-12 | CVE-2022-20259 | Missing Authorization vulnerability in Google Android 13.0 In Telephony, there is a possible leak of ICCID and EID due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20260 | Unspecified vulnerability in Google Android 13.0 In the Phone app, there is a possible crash loop due to resource exhaustion. | 5.5 | |
2022-08-12 | CVE-2022-20263 | Missing Authorization vulnerability in Google Android 13.0 In ActivityManager, there is a way to read process state for other users due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20270 | Unspecified vulnerability in Google Android 13.0 In Content, there is a possible way to learn gmail account name on the device due to a permissions bypass. | 5.5 | |
2022-08-12 | CVE-2022-20275 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20276 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20277 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20279 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0 In DevicePolicyManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20284 | Missing Authorization vulnerability in Google Android 13.0 In Telephony, there is a possible information disclosure due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20285 | Unspecified vulnerability in Google Android 13.0 In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20287 | Unspecified vulnerability in Google Android 13.0 In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20288 | Unspecified vulnerability in Google Android 13.0 In AppSearchManagerService, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20289 | Unspecified vulnerability in Google Android 13.0 In PackageInstaller, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20290 | Unspecified vulnerability in Google Android 13.0 In Midi, there is a possible way to learn about private midi devices due to a permissions bypass. | 5.5 | |
2022-08-12 | CVE-2022-20294 | Missing Authorization vulnerability in Google Android 13.0 In Content, there is a possible way to learn about an account present on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20295 | Missing Authorization vulnerability in Google Android 13.0 In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20296 | Missing Authorization vulnerability in Google Android 13.0 In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20298 | Missing Authorization vulnerability in Google Android 13.0 In ContentService, there is a possible way to check if an account exists on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20299 | Missing Authorization vulnerability in Google Android 13.0 In ContentService, there is a possible way to check if the given account exists on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20300 | Missing Authorization vulnerability in Google Android 13.0 In Content, there is a possible way to check if the given account exists on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20301 | Missing Authorization vulnerability in Google Android 13.0 In Content, there is a possible way to check if an account exists on the device due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20303 | Missing Authorization vulnerability in Google Android 13.0 In ContentService, there is a possible way to determine if an account is on the device without GET_ACCOUNTS permission due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20312 | Missing Authorization vulnerability in Google Android 13.0 In WifiP2pManager, there is a possible toobtain WiFi P2P MAC address without user consent due to missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20322 | Missing Authorization vulnerability in Google Android 13.0 In PackageManager, there is a possible installed package disclosure due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20323 | Missing Authorization vulnerability in Google Android 13.0 In PackageManager, there is a possible package installation disclosure due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20326 | Missing Authorization vulnerability in Google Android 13.0 In Telephony, there is a possible disclosure of SIM identifiers due to a missing permission check. | 5.5 | |
2022-08-12 | CVE-2022-20332 | Unspecified vulnerability in Google Android 13.0 In PackageManager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-12 | CVE-2022-20341 | Missing Authorization vulnerability in Google Android 13.0 In ConnectivityService, there is a possible bypass of network permissions due to a missing permission check. | 5.5 | |
2022-08-11 | CVE-2021-0735 | Missing Authorization vulnerability in Google Android 13.0.0 In PackageManager, there is a possible way to get information about installed packages ignoring limitations introduced in Android 11 due to a missing permission check. | 5.5 | |
2022-08-11 | CVE-2021-0975 | Information Exposure Through Discrepancy vulnerability in Google Android 13.0.0 In USB Manager, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. | 5.5 | |
2022-08-10 | CVE-2022-1962 | Golang | Uncontrolled Recursion vulnerability in Golang GO Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. | 5.5 |
2022-08-10 | CVE-2022-20352 | Missing Authorization vulnerability in Google Android 12.0/12.1 In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. | 5.5 | |
2022-08-10 | CVE-2022-20357 | Use of Uninitialized Resource vulnerability in Google Android 12.0/12.1 In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. | 5.5 | |
2022-08-09 | CVE-2022-30197 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Information Disclosure Vulnerability | 5.5 |
2022-08-09 | CVE-2022-34685 | Microsoft | Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio Azure RTOS GUIX Studio Information Disclosure Vulnerability | 5.5 |
2022-08-09 | CVE-2022-34686 | Microsoft | Unspecified vulnerability in Microsoft Azure Real Time Operating System Guix Studio Azure RTOS GUIX Studio Information Disclosure Vulnerability | 5.5 |
2022-08-09 | CVE-2022-34708 | Microsoft | Unspecified vulnerability in Microsoft products Windows Kernel Information Disclosure Vulnerability | 5.5 |
2022-08-09 | CVE-2022-34710 | Microsoft | Unspecified vulnerability in Microsoft products Windows Defender Credential Guard Information Disclosure Vulnerability | 5.5 |
2022-08-09 | CVE-2022-34712 | Microsoft | Unspecified vulnerability in Microsoft products Windows Defender Credential Guard Information Disclosure Vulnerability | 5.5 |
2022-08-11 | CVE-2022-28753 | Zoom | Unspecified vulnerability in Zoom Meeting Connector Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. | 5.4 |
2022-08-11 | CVE-2022-28754 | Zoom | Unspecified vulnerability in Zoom Meeting Connector Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. | 5.4 |
2022-08-11 | CVE-2022-2769 | Company Website CMS Project | Cross-site Scripting vulnerability in Company Website CMS Project Company Website CMS 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. | 5.4 |
2022-08-10 | CVE-2022-20820 | Cisco | Cross-site Scripting vulnerability in Cisco Webex Meetings Multiple vulnerabilities in the web interface of Cisco Webex Meetings could allow a remote attacker to conduct a cross-site scripting (XSS) attack or a frame hijacking attack against a user of the web interface. | 5.4 |
2022-08-09 | CVE-2022-34692 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 5.3 |
2022-08-10 | CVE-2022-20914 | Cisco | Insufficiently Protected Credentials vulnerability in Cisco Identity Services Engine A vulnerability in the External RESTful Services (ERS) API of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to obtain sensitive information. | 4.9 |
2022-08-09 | CVE-2022-35774 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 |
2022-08-09 | CVE-2022-35787 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 |
2022-08-09 | CVE-2022-35800 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 |
2022-08-09 | CVE-2022-35812 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery Azure Site Recovery Elevation of Privilege Vulnerability | 4.9 |
2022-08-10 | CVE-2022-36325 | Siemens | Unspecified vulnerability in Siemens products Affected devices do not properly sanitize data introduced by an user when rendering the web interface. | 4.8 |
2022-08-09 | CVE-2022-21979 | Microsoft | Unspecified vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Information Disclosure Vulnerability | 4.8 |
2022-08-09 | CVE-2022-34704 | Microsoft | Information Exposure Through Discrepancy vulnerability in Microsoft products Windows Defender Credential Guard Information Disclosure Vulnerability | 4.7 |
2022-08-12 | CVE-2022-20265 | Unspecified vulnerability in Google Android 13.0 In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass. | 4.6 | |
2022-08-12 | CVE-2022-20255 | Missing Authorization vulnerability in Google Android 13.0 In SettingsProvider, there is a possible way to read or change the default ringtone due to a missing permission check. | 4.4 | |
2022-08-09 | CVE-2022-35783 | Microsoft | Unspecified vulnerability in Microsoft Azure Site Recovery VMWare to Azure 9.49.6395.1 Azure Site Recovery Elevation of Privilege Vulnerability | 4.4 |
2022-08-09 | CVE-2022-35821 | Microsoft | Unspecified vulnerability in Microsoft Azure Sphere Azure Sphere Information Disclosure Vulnerability | 4.4 |
2022-08-12 | CVE-2022-2611 | Google Fedoraproject | Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 4.3 |
2022-08-12 | CVE-2022-2619 | Google Fedoraproject | Improper Encoding or Escaping of Output vulnerability in multiple products Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. | 4.3 |
14 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-12 | CVE-2022-20330 | Missing Authorization vulnerability in Google Android 13.0 In Bluetooth, there is a possible way to connect or disconnect bluetooth devices without user awareness due to a missing permission check. | 3.5 | |
2022-08-12 | CVE-2022-20262 | Missing Authorization vulnerability in Google Android 13.0 In ActivityManager, there is a possible way to check another process's capabilities due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20267 | Missing Authorization vulnerability in Google Android 13.0 In bluetooth, there is a possible way to enable or disable bluetooth connection without user consent due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20305 | Missing Authorization vulnerability in Google Android 13.0 In ContentService, there is a possible disclosure of available account types due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20310 | Missing Authorization vulnerability in Google Android 13.0 In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20311 | Missing Authorization vulnerability in Google Android 13.0 In Telecomm, there is a possible disclosure of registered self managed phone accounts due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20315 | Missing Authorization vulnerability in Google Android 13.0 In ActivityManager, there is a possible disclosure of installed packages due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20321 | Missing Authorization vulnerability in Google Android 13.0 In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20328 | Missing Authorization vulnerability in Google Android 13.0 In PackageManager, there is a possible way to determine whether an app is installed due to a missing permission check. | 3.3 | |
2022-08-12 | CVE-2022-20338 | Improper Input Validation vulnerability in Google Android 13.0 In HierarchicalUri.readFrom of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. | 3.3 | |
2022-08-10 | CVE-2022-20358 | Missing Authorization vulnerability in Google Android In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. | 3.3 | |
2022-08-10 | CVE-2022-30629 | Golang | Use of Insufficiently Random Values vulnerability in Golang GO Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. | 3.1 |
2022-08-12 | CVE-2022-20327 | Missing Authorization vulnerability in Google Android 13.0 In Wi-Fi, there is a possible way to retrieve the WiFi SSID without location permissions due to a missing permission check. | 2.8 | |
2022-08-12 | CVE-2022-20261 | Missing Authorization vulnerability in Google Android 13.0 In LocationManager, there is a possible way to get location information due to a missing permission check. | 2.3 |