Weekly Vulnerabilities Reports > August 15 to 21, 2022

Overview

452 new vulnerabilities reported during this period, including 75 critical vulnerabilities and 167 high severity vulnerabilities. This weekly summary report vulnerabilities in 964 products from 170 vendors including Intel, Otfcc Project, Fedoraproject, Cybozu, and Swftools. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Cross-site Scripting", "SQL Injection", "Out-of-bounds Read", and "Improper Input Validation".

  • 300 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 99 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 307 reported vulnerabilities are exploitable by an anonymous user.
  • Intel has the most reported vulnerabilities, with 57 reported vulnerabilities.
  • Inventorymanagementsystem Project has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

75 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-15 CVE-2022-35978 Minetest Unspecified vulnerability in Minetest

Minetest is a free open-source voxel game engine with easy modding and game creation.

10.0
2022-08-21 CVE-2022-34916 Apache Unspecified vulnerability in Apache Flume 1.10.0/1.4.0/1.9.0

Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.

9.8
2022-08-20 CVE-2022-36030 Project Nexus Project Unspecified vulnerability in Project-Nexus Project Project-Nexus 1.0.1

Project-nexus is a general-purpose blog website framework.

9.8
2022-08-19 CVE-2022-37175 Tenda Out-of-bounds Write vulnerability in Tenda Ac15 Firmware 15.03.05.18

Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet.

9.8
2022-08-19 CVE-2022-23459 Json Project Use After Free vulnerability in Json++ Project Json++ 1.0.0/1.0.1

Jsonxx or Json++ is a JSON parser, writer and reader written in C++.

9.8
2022-08-19 CVE-2022-36578 Jizhicms SQL Injection vulnerability in Jizhicms 2.3.1

jizhicms v2.3.1 has SQL injection in the background.

9.8
2022-08-19 CVE-2022-35201 Tenda Unspecified vulnerability in Tenda Ac18 Firmware 15.03.05.05

Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability.

9.8
2022-08-19 CVE-2022-36605 Yimihome SQL Injection vulnerability in Yimihome Ywoa 6.1

Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter.

9.8
2022-08-19 CVE-2022-36606 Yimihome SQL Injection vulnerability in Yimihome Ywoa

Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database.

9.8
2022-08-19 CVE-2022-34615 Mealie Weak Password Requirements vulnerability in Mealie 0.5.5/1.0.0

Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks.

9.8
2022-08-19 CVE-2022-29805 Fishbowlinventory Deserialization of Untrusted Data vulnerability in Fishbowlinventory Fishbowl

A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload.

9.8
2022-08-19 CVE-2022-36220 Ethz Unspecified vulnerability in Ethz Safe Exam Browser

Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog.

9.8
2022-08-18 CVE-2020-36599 Omniauth Improper Encoding or Escaping of Output vulnerability in Omniauth

lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value.

9.8
2022-08-18 CVE-2022-35540 Dotnetcore Use of Hard-coded Credentials vulnerability in Dotnetcore Agileconfig

Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access.

9.8
2022-08-18 CVE-2022-30601 Intel Insufficiently Protected Credentials vulnerability in Intel products

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access.

9.8
2022-08-18 CVE-2022-36947 Faststone Out-of-bounds Write vulnerability in Faststone Image Viewer

Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow.

9.8
2022-08-18 CVE-2022-22730 Intel Improper Authentication vulnerability in Intel Edge Insights for Industrial

Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

9.8
2022-08-18 CVE-2022-25899 Intel Unspecified vulnerability in Intel Open Active Management Technology Cloud Toolkit

Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access.

9.8
2022-08-18 CVE-2022-36722 Library Management System Project SQL Injection vulnerability in Library Management System Project Library Management System 1.0

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the title parameter at /librarian/history.php.

9.8
2022-08-18 CVE-2022-36725 Library Management System Project SQL Injection vulnerability in Library Management System Project Library Management System 1.0

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /student/dele.php.

9.8
2022-08-18 CVE-2022-36727 Library Management System Project SQL Injection vulnerability in Library Management System Project Library Management System 1.0

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /staff/delete.php.

9.8
2022-08-18 CVE-2022-36728 Library Management System Project SQL Injection vulnerability in Library Management System Project Library Management System 1.0

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php.

9.8
2022-08-18 CVE-2022-36729 Library Management System Project SQL Injection vulnerability in Library Management System Project Library Management System 1.0

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php.

9.8
2022-08-18 CVE-2022-35976 Weave Unspecified vulnerability in Weave Gitops Tools

The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters.

9.8
2022-08-18 CVE-2022-35175 Barangay Management System Project SQL Injection vulnerability in Barangay Management System Project Barangay Management System 1.0

Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php.

9.8
2022-08-18 CVE-2022-35975 Weave Unspecified vulnerability in Weave Gitops Tools

The GitOps Tools Extension for VSCode can make it easier to manage Flux objects.

9.8
2022-08-18 CVE-2022-37061 Flir OS Command Injection vulnerability in Flir AX8 Firmware

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection.

9.8
2022-08-18 CVE-2022-2876 Student Management System Project Unspecified vulnerability in Student Management System Project Student Management System

A vulnerability, which was classified as critical, was found in SourceCodester Student Management System.

9.8
2022-08-18 CVE-2022-35153 Fusionpbx Improper Encoding or Escaping of Output vulnerability in Fusionpbx 5.0.1

FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php.

9.8
2022-08-18 CVE-2022-35154 Shopro SQL Injection vulnerability in Shopro Mall System 1.3.8

Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter.

9.8
2022-08-18 CVE-2022-35164 GNU Use After Free vulnerability in GNU Libredwg

LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain.

9.8
2022-08-18 CVE-2022-35598 Inventorymanagementsystem Project SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0

A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.

9.8
2022-08-18 CVE-2022-35599 Inventorymanagementsystem Project SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode.

9.8
2022-08-18 CVE-2022-35601 Inventorymanagementsystem Project SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.

9.8
2022-08-18 CVE-2022-35602 Inventorymanagementsystem Project SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user.

9.8
2022-08-18 CVE-2022-35603 Inventorymanagementsystem Project SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.

9.8
2022-08-18 CVE-2022-35605 Inventorymanagementsystem Project SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc.

9.8
2022-08-18 CVE-2022-35606 Inventorymanagementsystem Project SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'

9.8
2022-08-17 CVE-2022-23747 Sony Classic Buffer Overflow vulnerability in Sony products

In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback.

9.8
2022-08-17 CVE-2022-23764 Teruten Origin Validation Error vulnerability in Teruten Webcube 1.0.5.5

The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update.

9.8
2022-08-17 CVE-2022-2336 Softing Unspecified vulnerability in Softing products

Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`.

9.8
2022-08-17 CVE-2022-35147 Html JS Information Exposure vulnerability in Html-Js Doracms

DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.

9.8
2022-08-17 CVE-2022-35121 Xxyopen SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.1

Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.

9.8
2022-08-17 CVE-2022-35516 Dedecms Code Injection vulnerability in Dedecms

DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.

9.8
2022-08-17 CVE-2022-2870 Laravel Unspecified vulnerability in Laravel

A vulnerability was found in laravel 5.1 and classified as problematic.

9.8
2022-08-17 CVE-2022-22455 IBM Unspecified vulnerability in IBM Security Verify Governance 10.0

IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

9.8
2022-08-17 CVE-2022-36190 Gpac Use After Free vulnerability in Gpac

GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get.

9.8
2022-08-17 CVE-2022-1400 Device42 Use of Hard-coded Credentials vulnerability in Device42 Cmdb

Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges.

9.8
2022-08-16 CVE-2022-2662 Sequi Unspecified vulnerability in Sequi Portbloque S Firmware

Sequi PortBloque S has a improper authentication issues which may allow an attacker to bypass the authentication process and gain user-level access to the device.

9.8
2022-08-16 CVE-2022-34256 Adobe
Magento
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation.
9.8
2022-08-16 CVE-2022-37437 Splunk Improper Certificate Validation vulnerability in Splunk 9.0.0

When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination.

9.8
2022-08-16 CVE-2021-39085 IBM SQL Injection vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection.

9.8
2022-08-16 CVE-2022-2847 Guest Management System Project Unspecified vulnerability in Guest Management System Project Guest Management System

A vulnerability, which was classified as critical, has been found in SourceCodester Guest Management System.

9.8
2022-08-16 CVE-2022-36242 Oretnom23 SQL Injection vulnerability in Oretnom23 Clinic'S Patient Management System 1.0

Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=.

9.8
2022-08-16 CVE-2022-30264 Emerson Insufficient Verification of Data Authenticity vulnerability in Emerson products

The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations.

9.8
2022-08-16 CVE-2022-36272 Mingsoft SQL Injection vulnerability in Mingsoft Mcms 5.2.8

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter.

9.8
2022-08-16 CVE-2022-36273 Tenda OS Command Injection vulnerability in Tenda AC9 Firmware 15.03.2.21Cn

Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg.

9.8
2022-08-16 CVE-2022-36599 Mingsoft SQL Injection vulnerability in Mingsoft Mcms 5.2.8

Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists.

9.8
2022-08-16 CVE-2022-36344 Justsystems Unquoted Search Path or Element vulnerability in Justsystems products

An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others.

9.8
2022-08-15 CVE-2020-21642 Zohocorp Path Traversal vulnerability in Zohocorp Manageengine Analytics Plus

Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code.

9.8
2022-08-15 CVE-2022-36010 React Editable Json Tree Project Unspecified vulnerability in React Editable Json Tree Project React Editable Json Tree

This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e2fddc6f22bc5d8c/src/components/JsonFunctionValue.js).

9.8
2022-08-15 CVE-2022-36523 Dlink Command Injection vulnerability in Dlink Go-Rt-Ac750 Firmware 101B03/200B02

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php.

9.8
2022-08-15 CVE-2022-36525 Dlink Classic Buffer Overflow vulnerability in Dlink Go-Rt-Ac750 Firmware 101B03/200B02

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overflow via authenticationcgi_main.

9.8
2022-08-15 CVE-2022-34294 Totd Project Insufficient Entropy vulnerability in Totd Project Totd 1.5.3

totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers.

9.8
2022-08-15 CVE-2022-36262 Taogogo Code Injection vulnerability in Taogogo Taocms 3.0.2

An issue was discovered in taocms 3.0.2.

9.8
2022-08-15 CVE-2022-2180 Greyd Unspecified vulnerability in Greyd Greyd.Suite

The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE).

9.8
2022-08-15 CVE-2022-2314 VR Calendar Project Unspecified vulnerability in VR Calendar Project VR Calendar

The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site.

9.8
2022-08-15 CVE-2022-2812 Guest Management System Project Unspecified vulnerability in Guest Management System Project Guest Management System

A vulnerability classified as critical was found in SourceCodester Guest Management System.

9.8
2022-08-15 CVE-2022-38221 THE Isle Evrima Project Classic Buffer Overflow vulnerability in the Isle Evrima Project the Isle Evrima

A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 allows a remote attacker to crash any server with an accessible RCON port, or possibly execute arbitrary code.

9.8
2022-08-16 CVE-2022-38193 Esri Code Injection vulnerability in Esri Portal for Arcgis

There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution.

9.6
2022-08-19 CVE-2020-27794 Radare Double Free vulnerability in Radare Radare2

A double free issue was discovered in radare2 in cmd_info.c:cmd_info().

9.1
2022-08-19 CVE-2022-22489 IBM XXE vulnerability in IBM MQ

IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

9.1
2022-08-17 CVE-2022-35122 Ecowitt Missing Authentication for Critical Function vulnerability in Ecowitt Gw1100 Firmware

An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords.

9.1
2022-08-17 CVE-2022-1399 Device42 Argument Injection or Modification vulnerability in Device42 Cmdb

An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges.

9.1
2022-08-16 CVE-2022-36308 Airspan Insufficiently Protected Credentials vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249

Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP.

9.1

167 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-21 CVE-2022-2921 Notrinos Unspecified vulnerability in Notrinos Notrinoserp

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7.

8.8
2022-08-21 CVE-2022-30036 Malighting Use of Hard-coded Credentials vulnerability in Malighting Grandma2 Light Firmware

MA Lighting grandMA2 Light has a password of root for the root account.

8.8
2022-08-20 CVE-2022-2909 Simple AND Nice Shopping Cart Script Project Unspecified vulnerability in Simple and Nice Shopping Cart Script Project Simple and Nice Shopping Cart Script

A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script.

8.8
2022-08-19 CVE-2022-36157 Xuxueli Improper Privilege Management vulnerability in Xuxueli Xxl-Job

XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account.

8.8
2022-08-19 CVE-2022-36009 Matrix Unspecified vulnerability in Matrix Dendrite and Gomatrixserverlib

gomatrixserverlib is a Go library for matrix protocol federation.

8.8
2022-08-19 CVE-2022-36170 Mapgis Use of Hard-coded Credentials vulnerability in Mapgis Igserver 10.5

MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion.

8.8
2022-08-19 CVE-2022-36224 Xunruicms Cross-Site Request Forgery (CSRF) vulnerability in Xunruicms 4.5.6

XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF).

8.8
2022-08-19 CVE-2022-36225 Eyoucms Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.8

EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add.

8.8
2022-08-19 CVE-2022-36577 Jizhicms Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 2.3.1

An issue was discovered in jizhicms v2.3.1.

8.8
2022-08-19 CVE-2022-36579 Wellcms Cross-Site Request Forgery (CSRF) vulnerability in Wellcms 2.2.0

Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF).

8.8
2022-08-19 CVE-2022-35909 Jellyfin Unspecified vulnerability in Jellyfin

In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality.

8.8
2022-08-19 CVE-2022-2886 Laravel Deserialization of Untrusted Data vulnerability in Laravel

A vulnerability, which was classified as critical, was found in Laravel 5.1.

8.8
2022-08-19 CVE-2022-35167 Prinitix Incorrect Permission Assignment for Critical Resource vulnerability in Prinitix Cloud Print Management 1.3.1149.0

Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions.

8.8
2022-08-18 CVE-2022-21139 Intel Inadequate Encryption Strength vulnerability in Intel products

Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

8.8
2022-08-18 CVE-2022-23182 Intel Unspecified vulnerability in Intel Data Center Manager

Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

8.8
2022-08-17 CVE-2022-23765 Iptime Cross-Site Request Forgery (CSRF) vulnerability in Iptime products

This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS.

8.8
2022-08-17 CVE-2022-1410 Device42 OS Command Injection vulnerability in Device42 Cmdb

OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device.

8.8
2022-08-16 CVE-2020-14321 Moodle Incorrect Authorization vulnerability in Moodle

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course.

8.8
2022-08-16 CVE-2022-2661 Sequi Unspecified vulnerability in Sequi Portbloque S Firmware

Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests.

8.8
2022-08-16 CVE-2022-34254 Adobe
Magento
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint.
8.8
2022-08-16 CVE-2022-34255 Adobe
Magento
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation.
8.8
2022-08-16 CVE-2022-35011 Pngdec Project Classic Buffer Overflow vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1

PNGDec commit 8abf6be was discovered to contain a global buffer overflow via inflate_fast at /src/inffast.c.

8.8
2022-08-16 CVE-2022-38362 Apache Unspecified vulnerability in Apache Apache-Airflow-Providers-Docker

Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host.

8.8
2022-08-16 CVE-2022-35239 Contec Improper Input Validation vulnerability in Contec Sv-Cpt-Mc310 Firmware and Sv-Cpt-Mc310F Firmware

The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files.

8.8
2022-08-16 CVE-2022-36309 Airspan OS Command Injection vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249

Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI.

8.8
2022-08-16 CVE-2022-36310 Airspan Unspecified vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249

Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB.

8.8
2022-08-16 CVE-2022-36312 Airspan Cross-Site Request Forgery (CSRF) vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511

Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI.

8.8
2022-08-15 CVE-2022-38357 Eyeofnetwork Injection vulnerability in Eyeofnetwork Eyes of Network web 5.3

Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php.

8.8
2022-08-15 CVE-2022-38359 Eyeofnetwork Cross-Site Request Forgery (CSRF) vulnerability in Eyeofnetwork Eyes of Network web 5.3

Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections.

8.8
2022-08-15 CVE-2022-38368 Aviatrix Improper Authentication vulnerability in Aviatrix Gateway

An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376.

8.8
2022-08-15 CVE-2022-35623 Nordicsemi Out-of-bounds Write vulnerability in Nordicsemi Nrf5 SDK for Mesh 5.0

In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuth

8.8
2022-08-15 CVE-2022-35624 Nordicsemi Out-of-bounds Write vulnerability in Nordicsemi Nrf5 SDK for Mesh 5.0

In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO > SegN

8.8
2022-08-15 CVE-2022-2381 E Unlocked Student Result Project Unspecified vulnerability in E Unlocked - Student Result Project E Unlocked - Student Result 1.0.4

The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack

8.8
2022-08-15 CVE-2022-2818 Agentejo Unspecified vulnerability in Agentejo Cockpit

Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.

8.8
2022-08-15 CVE-2022-36006 Arvados Deserialization of Untrusted Data vulnerability in Arvados

Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data.

8.8
2022-08-15 CVE-2022-37400 Apache Unspecified vulnerability in Apache Openoffice

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database.

8.8
2022-08-15 CVE-2022-37401 Apache Unspecified vulnerability in Apache Openoffice

Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database.

8.8
2022-08-15 CVE-2022-2820 Namelessmc Unspecified vulnerability in Namelessmc Nameless

Session Fixation in GitHub repository namelessmc/nameless prior to v2.0.2.

8.2
2022-08-19 CVE-2022-36171 Mapgis Use of Hard-coded Credentials vulnerability in Mapgis Igserver 10.5.6.11

MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion.

8.1
2022-08-18 CVE-2022-21225 Intel Unspecified vulnerability in Intel Data Center Manager

Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

8.0
2022-08-18 CVE-2022-26017 Intel Unspecified vulnerability in Intel Driver & Support Assistant

Improper access control in the Intel(R) DSA software for before version 22.2.14 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

8.0
2022-08-18 CVE-2022-2625 Postgresql
Fedoraproject
Redhat
A vulnerability was found in PostgreSQL.
8.0
2022-08-19 CVE-2022-2793 Emerson Insufficient Verification of Data Authenticity vulnerability in Emerson Electric'S Proficy

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol.

7.8
2022-08-19 CVE-2022-2889 VIM
Fedoraproject
Use After Free in GitHub repository vim/vim prior to 9.0.0225.
7.8
2022-08-18 CVE-2022-27493 Intel Improper Initialization vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware

Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable an escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-28858 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware

Improper buffer restriction in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-33209 Intel Improper Input Validation vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware

Improper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-34488 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware

Improper buffer restrictions in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2021-23223 Intel Improper Initialization vulnerability in Intel products

Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2021-33060 Intel
Netapp
Out-of-bounds Write vulnerability in multiple products

Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2021-33847 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2021-37409 Intel Incorrect Authorization vulnerability in Intel products

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-21148 Intel Unspecified vulnerability in Intel Edge Insights for Industrial

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-21181 Intel Improper Input Validation vulnerability in Intel products

Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-21229 Intel Unspecified vulnerability in Intel Control Center 1.2.1.1007

Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-21807 Intel Uncontrolled Search Path Element vulnerability in Intel Vtune Profiler

Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-21812 Intel Unspecified vulnerability in Intel Hardware Accelerated Execution Manager

Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-25841 Intel Uncontrolled Search Path Element vulnerability in Intel Datacenter Group Event

Uncontrolled search path elements in the Intel(R) Datacenter Group Event Android application, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-25966 Intel Unspecified vulnerability in Intel Edge Insights for Industrial

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-25999 Intel Uncontrolled Search Path Element vulnerability in Intel Enpirion Digital Power Configurator GUI

Uncontrolled search path element in the Intel(R) Enpirion(R) Digital Power Configurator GUI software, all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-26344 Intel Incorrect Default Permissions vulnerability in Intel Single Event API

Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-26374 Intel Uncontrolled Search Path Element vulnerability in Intel Single Event API

Uncontrolled search path in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-26844 Intel Insufficiently Protected Credentials vulnerability in Intel Single Event API

Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-28696 Intel Uncontrolled Search Path Element vulnerability in Intel Distribution for Python 2017/2018/2019

Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-08-18 CVE-2022-28757 Zoom Unspecified vulnerability in Zoom Meetings

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process.

7.8
2022-08-18 CVE-2022-37047 Broadcom
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713.

7.8
2022-08-18 CVE-2022-37048 Broadcom
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344.

7.8
2022-08-18 CVE-2022-37049 Broadcom
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150.

7.8
2022-08-18 CVE-2022-37025 Mcafee Improper Privilege Management vulnerability in Mcafee Security Scan Plus

An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack.

7.8
2022-08-17 CVE-2022-28751 Zoom Improper Verification of Cryptographic Signature vulnerability in Zoom Meetings

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process.

7.8
2022-08-17 CVE-2022-28752 Zoom Unspecified vulnerability in Zoom Rooms

Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability.

7.8
2022-08-17 CVE-2022-2862 VIM
Fedoraproject
Use After Free in GitHub repository vim/vim prior to 9.0.0221.
7.8
2022-08-17 CVE-2022-2849 VIM
Fedoraproject
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220.
7.8
2022-08-17 CVE-2022-2845 Fedoraproject
VIM
Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.
7.8
2022-08-17 CVE-2022-30262 Emerson Insufficient Verification of Data Authenticity vulnerability in Emerson products

The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity.

7.8
2022-08-17 CVE-2022-31262 GOG Improper Preservation of Permissions vulnerability in GOG Galaxy 2.0.46/2.0.51

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46.

7.8
2022-08-17 CVE-2022-37459 Amperecomputing Information Exposure Through Discrepancy vulnerability in Amperecomputing Ampere Altra Firmware and Ampere Altra MAX Firmware

Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.

7.8
2022-08-16 CVE-2020-10728 Automationbroker Improper Privilege Management vulnerability in Automationbroker APB

A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1.

7.8
2022-08-16 CVE-2022-34998 Bitbanksoftware Classic Buffer Overflow vulnerability in Bitbanksoftware Jpegdec 1.2.7

JPEGDEC commit be4843c was discovered to contain a global buffer overflow via JPEGDecodeMCU at /src/jpeg.inl.

7.8
2022-08-16 CVE-2022-35003 Bitbanksoftware Classic Buffer Overflow vulnerability in Bitbanksoftware Jpegdec 1.2.7

JPEGDEC commit be4843c was discovered to contain a global buffer overflow via ucDitherBuffer at /src/jpeg.inl.

7.8
2022-08-16 CVE-2022-36139 Swfmill Out-of-bounds Write vulnerability in Swfmill

SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Writer::writeByte(unsigned char).

7.8
2022-08-16 CVE-2022-36142 Swfmill Out-of-bounds Write vulnerability in Swfmill

SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Reader::getU30().

7.8
2022-08-16 CVE-2022-36143 Swfmill Out-of-bounds Write vulnerability in Swfmill

SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via __interceptor_strlen.part at /sanitizer_common/sanitizer_common_interceptors.inc.

7.8
2022-08-16 CVE-2022-36144 Swfmill Out-of-bounds Write vulnerability in Swfmill

SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via base64_encode.

7.8
2022-08-16 CVE-2022-37781 Fdkaac Project Out-of-bounds Write vulnerability in Fdkaac Project Fdkaac 1.0.3

fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __interceptor_memcpy.part.46 at /sanitizer_common/sanitizer_common_interceptors.inc.

7.8
2022-08-16 CVE-2022-38227 Xpdf Project Out-of-bounds Write vulnerability in Xpdf Project Xpdf 3.04

XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp.

7.8
2022-08-16 CVE-2022-38228 Xpdf Project Out-of-bounds Write vulnerability in Xpdf Project Xpdf 3.04

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc.

7.8
2022-08-16 CVE-2022-38229 Xpdf Project Out-of-bounds Write vulnerability in Xpdf Project Xpdf 3.04

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.

7.8
2022-08-16 CVE-2022-38231 Xpdf Project Out-of-bounds Write vulnerability in Xpdf Project Xpdf 3.04

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc.

7.8
2022-08-16 CVE-2022-38236 Xpdf Project Classic Buffer Overflow vulnerability in Xpdf Project Xpdf 3.04

XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc.

7.8
2022-08-16 CVE-2022-38237 Xpdf Project Out-of-bounds Write vulnerability in Xpdf Project Xpdf 3.04

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc.

7.8
2022-08-16 CVE-2022-38238 Xpdf Project Out-of-bounds Write vulnerability in Xpdf Project Xpdf 3.04

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /xpdf/Stream.cc.

7.8
2022-08-16 CVE-2022-37393 Zimbra Unspecified vulnerability in Zimbra Collaboration

Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters.

7.8
2022-08-16 CVE-2021-30490 Power Software Download Incorrect Default Permissions vulnerability in Power-Software-Download Viewpower 1.0421012/1.0421353

upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation.

7.8
2022-08-15 CVE-2022-28756 Zoom Unspecified vulnerability in Zoom Meetings

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process.

7.8
2022-08-15 CVE-2022-2817 VIM
Fedoraproject
Use After Free in GitHub repository vim/vim prior to 9.0.0213.
7.8
2022-08-15 CVE-2022-2816 VIM
Fedoraproject
Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212.
7.8
2022-08-15 CVE-2022-2819 VIM
Fedoraproject
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211.
7.8
2022-08-15 CVE-2022-38223 Tats
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3.

7.8
2022-08-20 CVE-2022-38493 Rhonabwy Project Use of a Broken or Risky Cryptographic Algorithm vulnerability in Rhonabwy Project Rhonabwy

Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption.

7.5
2022-08-19 CVE-2020-27793 Radare Off-by-one Error vulnerability in Radare Radare2

An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c.

7.5
2022-08-19 CVE-2020-27795 Radare Use of Uninitialized Resource vulnerability in Radare Radare2

A segmentation fault was discovered in radare2 with adf command.

7.5
2022-08-19 CVE-2022-2792 Emerson Unspecified vulnerability in Emerson Electric'S Proficy

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.

7.5
2022-08-19 CVE-2022-23460 Json Project Uncontrolled Recursion vulnerability in Json++ Project Json++ 1.0.0/1.0.1

Jsonxx or Json++ is a JSON parser, writer and reader written in C++.

7.5
2022-08-19 CVE-2022-2049 Octopus Unspecified vulnerability in Octopus Server

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function.

7.5
2022-08-19 CVE-2022-2074 Octopus Unspecified vulnerability in Octopus Server

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template.

7.5
2022-08-19 CVE-2022-2075 Octopus Unspecified vulnerability in Octopus Server

In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation.

7.5
2022-08-18 CVE-2022-21160 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Improper buffer restrictions for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via network access.

7.5
2022-08-18 CVE-2022-21197 Intel Improper Input Validation vulnerability in Intel products

Improper input validation for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via network access.

7.5
2022-08-18 CVE-2022-30296 Intel Insufficiently Protected Credentials vulnerability in Intel Datacenter Group Event

Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access.

7.5
2022-08-18 CVE-2022-37768 Jpeg Infinite Loop vulnerability in Jpeg Libjpeg

libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer.

7.5
2022-08-18 CVE-2022-37422 Payara Path Traversal vulnerability in Payara

Payara through 5.2022.2 allows directory traversal without authentication.

7.5
2022-08-18 CVE-2022-37062 Flir Missing Authentication for Critical Function vulnerability in Flir AX8 Firmware

All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction.

7.5
2022-08-18 CVE-2022-37060 Flir Path Traversal vulnerability in Flir AX8 Firmware

FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction.

7.5
2022-08-18 CVE-2022-35173 Nginx Improper Check for Unusual or Exceptional Conditions vulnerability in Nginx NJS 0.7.5

An issue was discovered in Nginx NJS v0.7.5.

7.5
2022-08-18 CVE-2022-35198 Contract Management System Project Improper Authentication vulnerability in Contract Management System Project Contract Managment System 2.0

Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information.

7.5
2022-08-18 CVE-2021-30070 Hestiacp Unspecified vulnerability in Hestiacp

An issue was discovered in HestiaCP before v1.3.5.

7.5
2022-08-17 CVE-2021-26639 Wisa Download of Code Without Integrity Check vulnerability in Wisa Smart Wing CMS 1905

This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS.

7.5
2022-08-17 CVE-2022-1069 Softing Unspecified vulnerability in Softing products

A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.

7.5
2022-08-17 CVE-2022-1748 Softing NULL Pointer Dereference vulnerability in Softing products

Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.

7.5
2022-08-17 CVE-2022-2335 Softing Unspecified vulnerability in Softing products

A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.

7.5
2022-08-17 CVE-2022-2337 Softing Unspecified vulnerability in Softing products

A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.

7.5
2022-08-17 CVE-2022-2547 Softing Unspecified vulnerability in Softing products

A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22.

7.5
2022-08-17 CVE-2022-36186 Gpac NULL Pointer Dereference vulnerability in Gpac 2.1

A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS).

7.5
2022-08-17 CVE-2022-38149 Hashicorp Information Exposure Through Log Files vulnerability in Hashicorp Consul Template

HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly.

7.5
2022-08-17 CVE-2021-45454 Amperecomputing Unspecified vulnerability in Amperecomputing Ampere Altra Firmware and Ampere Altra MAX Firmware

Ampere Altra before SRP 1.08b and Altra Max? before SRP 2.05 allow information disclosure of power telemetry via HWmon.

7.5
2022-08-17 CVE-2022-1401 Device42 Unspecified vulnerability in Device42 Cmdb

Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions.

7.5
2022-08-16 CVE-2021-42052 Ipesa Path Traversal vulnerability in Ipesa E-Flow 3.3.6

IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter.

7.5
2022-08-16 CVE-2020-14322 Moodle Allocation of Resources Without Limits or Throttling vulnerability in Moodle

In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service.

7.5
2022-08-16 CVE-2022-2831 Blender Out-of-bounds Write vulnerability in Blender 3.3.0

A flaw was found in Blender 3.3.0.

7.5
2022-08-16 CVE-2022-2832 Blender Unspecified vulnerability in Blender 3.3.0

A flaw was found in Blender 3.3.0.

7.5
2022-08-16 CVE-2022-2833 Blender Infinite Loop vulnerability in Blender 3.3.0

Endless Infinite loop in Blender-thumnailing due to logical bugs.

7.5
2022-08-16 CVE-2022-38184 Esri Unspecified vulnerability in Esri Portal for Arcgis

There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.

7.5
2022-08-16 CVE-2022-33939 Yokogawa Unspecified vulnerability in Yokogawa products

CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption.

7.5
2022-08-16 CVE-2022-35734 Hjholdings Use of Hard-coded Credentials vulnerability in Hjholdings Hulu 3.0.47

'Hulu / ????' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service.

7.5
2022-08-16 CVE-2022-24949 Eternal Terminal Project Classic Buffer Overflow vulnerability in Eternal Terminal Project Eternal Terminal

A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0.

7.5
2022-08-16 CVE-2022-24950 Eternal Terminal Project Race Condition vulnerability in Eternal Terminal Project Eternal Terminal

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users.

7.5
2022-08-16 CVE-2022-38216 Mapbox Integer Overflow or Wraparound vulnerability in Mapbox Maps Software Development KIT

An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries.

7.5
2022-08-15 CVE-2022-38187 Esri Unspecified vulnerability in Esri Portal for Arcgis

Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs.

7.5
2022-08-15 CVE-2020-21365 Wkhtmltopdf
Debian
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations.

7.5
2022-08-15 CVE-2020-21641 Zohocorp XXE vulnerability in Zohocorp Manageengine Analytics Plus

Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file.

7.5
2022-08-15 CVE-2020-23622 Cling Project Server-Side Request Forgery (SSRF) vulnerability in Cling Project Cling

An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header

7.5
2022-08-15 CVE-2022-36524 Dlink Improper Authentication vulnerability in Dlink Go-Rt-Ac750 Firmware 101B03/200B02

D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh.

7.5
2022-08-15 CVE-2022-36526 Dlink Unspecified vulnerability in Dlink Go-Rt-Ac750 Firmware 101B03/200B02

D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin.

7.5
2022-08-15 CVE-2022-33988 Dproxy Nexgen Project HTTP Request Smuggling vulnerability in Dproxy-Nexgen Project Dproxy-Nexgen

dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker.

7.5
2022-08-15 CVE-2022-33990 Dproxy Nexgen Project Unspecified vulnerability in Dproxy-Nexgen Project Dproxy-Nexgen

Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.

7.5
2022-08-15 CVE-2022-33992 Domain Name Relay Daemon Project Unspecified vulnerability in Domain Name Relay Daemon Project Domain Name Relay Daemon 2.20.3

DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1.

7.5
2022-08-15 CVE-2022-2379 Easy Student Results Project Unspecified vulnerability in Easy Student Results Project Easy Student Results

The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc

7.5
2022-08-15 CVE-2022-2813 Guest Management System Project Unspecified vulnerability in Guest Management System Project Guest Management System

A vulnerability, which was classified as problematic, was found in SourceCodester Guest Management System.

7.5
2022-08-15 CVE-2022-2821 Namelessmc Unspecified vulnerability in Namelessmc Nameless

Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2.

7.5
2022-08-15 CVE-2022-2822 Octoprint Unspecified vulnerability in Octoprint

An attacker can freely brute force username and password and can takeover any account.

7.5
2022-08-19 CVE-2022-2788 Emerson Path Traversal vulnerability in Emerson Electric'S Proficy

Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC.

7.3
2022-08-19 CVE-2022-36263 Logitech Unspecified vulnerability in Logitech Streamlabs Desktop 1.9.0

StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe.

7.3
2022-08-18 CVE-2022-29549 Qualys Improper Validation of Integrity Check Value vulnerability in Qualys Cloud Agent for Linux

An issue was discovered in Qualys Cloud Agent 4.8.0-49.

7.3
2022-08-18 CVE-2022-32579 Intel Improper Initialization vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware

Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access.

7.2
2022-08-17 CVE-2022-1373 Softing Path Traversal vulnerability in Softing products

The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files.

7.2
2022-08-17 CVE-2022-2334 Softing Unspecified vulnerability in Softing products

The application searches for a library dll that is not found.

7.2
2022-08-17 CVE-2022-36215 Dedebiz Unspecified vulnerability in Dedebiz Dedecmsv6 6.0.0

DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sys_info.php.

7.2
2022-08-17 CVE-2022-36216 Dedecms Code Injection vulnerability in Dedecms

DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.

7.2
2022-08-16 CVE-2020-1756 Moodle Improper Input Validation vulnerability in Moodle

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool.

7.2
2022-08-16 CVE-2022-34253 Adobe
Magento
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module.
7.2
2022-08-16 CVE-2022-36293 Nintendo Classic Buffer Overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP 001 Firmware

Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary code via unspecified vectors.

7.2
2022-08-16 CVE-2022-36381 Nintendo OS Command Injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP 001 Firmware

OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors.

7.2
2022-08-15 CVE-2022-2354 WP Dbmanager Project Incorrect Authorization vulnerability in Wp-Dbmanager Project Wp-Dbmanager

The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should.

7.2
2022-08-19 CVE-2020-27792 Artifex
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file.

7.1
2022-08-18 CVE-2021-23179 Intel Out-of-bounds Read vulnerability in Intel products

Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow a privileged user to potentially enable information disclosure via local access.

7.1
2022-08-16 CVE-2022-24951 Eternal Terminal Project Race Condition vulnerability in Eternal Terminal Project Eternal Terminal

A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future.

7.0

206 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-18 CVE-2022-28697 Intel Unspecified vulnerability in Intel products

Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

6.8
2022-08-16 CVE-2022-36307 Airspan Insufficiently Protected Credentials vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249

The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot.

6.8
2022-08-18 CVE-2022-21172 Intel Out-of-bounds Write vulnerability in Intel products

Out of bounds write for some Intel(R) PROSet/Wireless WiFi products may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2022-08-19 CVE-2022-36008 Parity Unspecified vulnerability in Parity Frontier

Frontier is Substrate's Ethereum compatibility layer.

6.5
2022-08-19 CVE-2022-36031 Monospace Unspecified vulnerability in Monospace Directus

Directus is a free and open-source data platform for headless content management.

6.5
2022-08-19 CVE-2022-34621 Mealie Authorization Bypass Through User-Controlled Key vulnerability in Mealie 0.5.5/1.0.0

Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter.

6.5
2022-08-18 CVE-2021-23168 Intel Out-of-bounds Read vulnerability in Intel products

Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.

6.5
2022-08-18 CVE-2021-44545 Intel Improper Input Validation vulnerability in Intel products

Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.

6.5
2022-08-18 CVE-2022-21212 Intel Improper Input Validation vulnerability in Intel products

Improper input validation for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access.

6.5
2022-08-18 CVE-2022-25228 Auieo SQL Injection vulnerability in Auieo Candidats 3.0.0

CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter

6.5
2022-08-18 CVE-2022-2568 Redhat Improper Privilege Management vulnerability in Redhat Ansible Automation Platform 2.0/2.1/2.2

A privilege escalation flaw was found in the Ansible Automation Platform.

6.5
2022-08-18 CVE-2022-37769 Jpeg Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jpeg Libjpeg

libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp.

6.5
2022-08-18 CVE-2022-37770 Jpeg Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jpeg Libjpeg

libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp.

6.5
2022-08-18 CVE-2022-36024 Pycord Development Unspecified vulnerability in Pycord Development Pycord 2.0.0

py-cord is a an API wrapper for Discord written in Python.

6.5
2022-08-18 CVE-2022-32453 Cybozu Injection vulnerability in Cybozu Office

HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors.

6.5
2022-08-17 CVE-2022-35148 Maccms SQL Injection vulnerability in Maccms 10.0

maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html.

6.5
2022-08-16 CVE-2022-35007 Pngdec Project Out-of-bounds Write vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1

PNGDec commit 8abf6be was discovered to contain a heap buffer overflow via __interceptor_fwrite.part.57 at sanitizer_common_interceptors.inc.

6.5
2022-08-16 CVE-2022-35008 Pngdec Project Out-of-bounds Write vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1

PNGDec commit 8abf6be was discovered to contain a stack overflow via /linux/main.cpp.

6.5
2022-08-16 CVE-2022-35009 Pngdec Project Allocation of Resources Without Limits or Throttling vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1

PNGDec commit 8abf6be was discovered to contain a memory allocation problem via asan_malloc_linux.cpp.

6.5
2022-08-16 CVE-2022-35010 Pngdec Project Out-of-bounds Write vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1

PNGDec commit 8abf6be was discovered to contain a heap buffer overflow via asan_interceptors_memintrinsics.cpp.

6.5
2022-08-16 CVE-2022-35012 Pngdec Project Out-of-bounds Write vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1

PNGDec commit 8abf6be was discovered to contain a heap buffer overflow via SaveBMP at /linux/main.cpp.

6.5
2022-08-16 CVE-2022-35013 Pngdec Project Resource Exhaustion vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1

PNGDec commit 8abf6be was discovered to contain a FPE via SaveBMP at /linux/main.cpp.

6.5
2022-08-16 CVE-2022-35100 Swftools Out-of-bounds Read vulnerability in Swftools

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via gfxline_getbbox at /lib/gfxtools.c.

6.5
2022-08-16 CVE-2022-35433 Ffjpeg Project Memory Leak vulnerability in Ffjpeg Project Ffjpeg

ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.

6.5
2022-08-16 CVE-2022-35447 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b04de.

6.5
2022-08-16 CVE-2022-35448 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b55af.

6.5
2022-08-16 CVE-2022-35449 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0466.

6.5
2022-08-16 CVE-2022-35450 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b84b1.

6.5
2022-08-16 CVE-2022-35451 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b03b5.

6.5
2022-08-16 CVE-2022-35452 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0b2c.

6.5
2022-08-16 CVE-2022-35453 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c08a6.

6.5
2022-08-16 CVE-2022-35454 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05aa.

6.5
2022-08-16 CVE-2022-35455 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0d63.

6.5
2022-08-16 CVE-2022-35456 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x617087.

6.5
2022-08-16 CVE-2022-35458 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05ce.

6.5
2022-08-16 CVE-2022-35459 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e412a.

6.5
2022-08-16 CVE-2022-35460 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x61731f.

6.5
2022-08-16 CVE-2022-35461 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0a32.

6.5
2022-08-16 CVE-2022-35462 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0bc3.

6.5
2022-08-16 CVE-2022-35463 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0478.

6.5
2022-08-16 CVE-2022-35464 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6171b2.

6.5
2022-08-16 CVE-2022-35465 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0414.

6.5
2022-08-16 CVE-2022-35466 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0473.

6.5
2022-08-16 CVE-2022-35467 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41b8.

6.5
2022-08-16 CVE-2022-35468 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e420d.

6.5
2022-08-16 CVE-2022-35469 Otfcc Project Improper Check for Unusual or Exceptional Conditions vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a segmentation violation via /x86_64-linux-gnu/libc.so.6+0xbb384.

6.5
2022-08-16 CVE-2022-35470 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x65fc97.

6.5
2022-08-16 CVE-2022-35471 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41b0.

6.5
2022-08-16 CVE-2022-35472 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a global overflow via /release-x64/otfccdump+0x718693.

6.5
2022-08-16 CVE-2022-35473 Otfcc Project Improper Check for Unusual or Exceptional Conditions vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7.

6.5
2022-08-16 CVE-2022-35474 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b544e.

6.5
2022-08-16 CVE-2022-35475 Otfcc Project Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41a8.

6.5
2022-08-16 CVE-2022-35476 Otfcc Project Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b.

6.5
2022-08-16 CVE-2022-35477 Otfcc Project Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954.

6.5
2022-08-16 CVE-2022-35478 Otfcc Project Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea.

6.5
2022-08-16 CVE-2022-35479 Otfcc Project Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6.

6.5
2022-08-16 CVE-2022-35481 Otfcc Project Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.

6.5
2022-08-16 CVE-2022-35482 Otfcc Project Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724.

6.5
2022-08-16 CVE-2022-35483 Otfcc Project Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8.

6.5
2022-08-16 CVE-2022-35484 Otfcc Project NULL Pointer Dereference vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f.

6.5
2022-08-16 CVE-2022-35485 Otfcc Project Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969.

6.5
2022-08-16 CVE-2022-35486 Otfcc Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Otfcc Project Otfcc 0.10.4

OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae.

6.5
2022-08-16 CVE-2021-39087 IBM Incorrect Default Permissions vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls.

6.5
2022-08-16 CVE-2022-24952 Eternal Terminal Project Improper Input Validation vulnerability in Eternal Terminal Project Eternal Terminal

Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC socket.

6.5
2022-08-16 CVE-2022-36306 Airspan Files or Directories Accessible to External Parties vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249

An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file.

6.5
2022-08-15 CVE-2022-35961 Openzeppelin Unspecified vulnerability in Openzeppelin Contracts and Contracts Upgradeable

OpenZeppelin Contracts is a library for secure smart contract development.

6.5
2022-08-18 CVE-2022-34345 Intel Improper Input Validation vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware

Improper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access.

6.2
2022-08-19 CVE-2022-35554 Bpcbt Cross-site Scripting vulnerability in Bpcbt Smartvista 2/2.2.22/3.28.0

Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side.

6.1
2022-08-19 CVE-2022-0542 Chatwoot Unspecified vulnerability in Chatwoot

Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0.

6.1
2022-08-18 CVE-2022-35212 Oscommerce Cross-site Scripting vulnerability in Oscommerce

osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error().

6.1
2022-08-18 CVE-2022-35213 Ecommerce Codeigniter Bootstrap Project Cross-site Scripting vulnerability in Ecommerce-Codeigniter-Bootstrap Project Ecommerce-Codeigniter-Bootstrap 20200803

Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php.

6.1
2022-08-18 CVE-2022-28715 Cybozu Cross-site Scripting vulnerability in Cybozu Office

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

6.1
2022-08-18 CVE-2022-29487 Cybozu Cross-site Scripting vulnerability in Cybozu Office

Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

6.1
2022-08-18 CVE-2022-30604 Cybozu Cross-site Scripting vulnerability in Cybozu Office

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors.

6.1
2022-08-18 CVE-2022-33151 Cybozu Cross-site Scripting vulnerability in Cybozu Office

Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors.

6.1
2022-08-18 CVE-2021-30071 Hestiacp Cross-site Scripting vulnerability in Hestiacp Control Panel

A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

6.1
2022-08-17 CVE-2022-35151 Keking Cross-site Scripting vulnerability in Keking Kkfileview 4.1.0

kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.

6.1
2022-08-17 CVE-2022-35133 Cherrytree Project Cross-site Scripting vulnerability in Cherrytree Project Cherrytree 0.99.30

A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.

6.1
2022-08-16 CVE-2022-25799 Cert Open Redirect vulnerability in Cert Vince 1.48.0/1.49.0

An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0.

6.1
2022-08-16 CVE-2020-14320 Moodle Cross-site Scripting vulnerability in Moodle

In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.

6.1
2022-08-16 CVE-2022-2843 Motopress Unspecified vulnerability in Motopress Timetable and Event Schedule

A vulnerability was found in MotoPress Timetable and Event Schedule.

6.1
2022-08-16 CVE-2022-2844 Motopress Unspecified vulnerability in Motopress Timetable and Event Schedule

A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06.

6.1
2022-08-16 CVE-2022-36530 Rageframe Cross-site Scripting vulnerability in Rageframe 2.6.37

An issue was discovered in rageframe2 2.6.37.

6.1
2022-08-16 CVE-2022-36311 Airspan Cross-site Scripting vulnerability in Airspan Airvelocity 1500 Firmware 9.3.0.01249

Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI.

6.1
2022-08-15 CVE-2022-38358 Eyeofnetwork Cross-site Scripting vulnerability in Eyeofnetwork Eyes of Network web 5.3

Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and rule_name_old, and at /module/admin_user/add_modify_user.php via the parameters user_name and user_email.

6.1
2022-08-15 CVE-2022-38186 Esri Cross-site Scripting vulnerability in Esri Portal for Arcgis

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.

6.1
2022-08-15 CVE-2022-38188 Esri Cross-site Scripting vulnerability in Esri Portal for Arcgis

There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.

6.1
2022-08-15 CVE-2022-38190 Esri Cross-site Scripting vulnerability in Esri Portal for Arcgis

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser

6.1
2022-08-15 CVE-2022-2378 Easy Student Results Project Unspecified vulnerability in Easy Student Results Project Easy Student Results

The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

6.1
2022-08-15 CVE-2022-2811 Guest Management System Project Unspecified vulnerability in Guest Management System Project Guest Management System

A vulnerability classified as problematic has been found in SourceCodester Guest Management System.

6.1
2022-08-15 CVE-2022-2814 Simple AND Nice Shopping Cart Script Project Unspecified vulnerability in Simple and Nice Shopping Cart Script Project Simple and Nice Shopping Cart Script

A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic.

6.1
2022-08-15 CVE-2022-2116 Webacetechs Unspecified vulnerability in Webacetechs Contact Form DB - Elementor

The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

6.1
2022-08-19 CVE-2022-2790 Emerson Unspecified vulnerability in Emerson Electric'S Proficy

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).

5.9
2022-08-19 CVE-2022-34624 Mealie Insufficient Session Expiration vulnerability in Mealie 0.5.5/1.0.0

Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request.

5.9
2022-08-16 CVE-2020-14379 Redhat XXE vulnerability in Redhat Jboss A-Mq 7

A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.

5.6
2022-08-19 CVE-2022-2789 Emerson Unspecified vulnerability in Emerson Electric'S Proficy

Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic.

5.5
2022-08-19 CVE-2022-36233 Tendacn Out-of-bounds Write vulnerability in Tendacn AC9 Firmware 15.03.2.13

Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set.

5.5
2022-08-18 CVE-2022-30944 Intel Insufficiently Protected Credentials vulnerability in Intel products

Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.

5.5
2022-08-18 CVE-2020-27788 UPX Project Out-of-bounds Read vulnerability in UPX Project UPX

An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file.

5.5
2022-08-18 CVE-2021-26254 Intel Out-of-bounds Read vulnerability in Intel products

Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable denial of service via local access.

5.5
2022-08-18 CVE-2021-26257 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2022-08-18 CVE-2021-26950 Intel Out-of-bounds Read vulnerability in Intel products

Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2022-08-18 CVE-2021-44470 Intel Incorrect Default Permissions vulnerability in Intel Connect M

Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2022-08-18 CVE-2022-21140 Intel Unspecified vulnerability in Intel products

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable information disclosure via local access.

5.5
2022-08-18 CVE-2022-21152 Intel Unspecified vulnerability in Intel Edge Insights for Industrial

Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2022-08-18 CVE-2022-21233 Intel Unspecified vulnerability in Intel products

Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

5.5
2022-08-18 CVE-2022-21793 Vmware Unspecified vulnerability in VMWare I40En and Ixgben

Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access.

5.5
2022-08-18 CVE-2022-23403 Intel Improper Input Validation vulnerability in Intel Data Center Manager

Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2022-08-18 CVE-2022-24378 Intel Improper Initialization vulnerability in Intel Data Center Manager

Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access.

5.5
2022-08-18 CVE-2022-26373 Intel
Debian
Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
5.5
2022-08-18 CVE-2022-27500 Intel Incorrect Default Permissions vulnerability in Intel Support

Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2022-08-18 CVE-2022-29507 Intel Insufficiently Protected Credentials vulnerability in Intel Team Blue

Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2022-08-18 CVE-2020-27787 UPX Project Unspecified vulnerability in UPX Project UPX

A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp.

5.5
2022-08-18 CVE-2020-27790 UPX Project Divide By Zero vulnerability in UPX Project UPX

A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file.

5.5
2022-08-18 CVE-2022-2874 VIM Unspecified vulnerability in VIM

NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224.

5.5
2022-08-18 CVE-2022-29550 Qualys Information Exposure Through Log Files vulnerability in Qualys Cloud Agent 4.8.049

An issue was discovered in Qualys Cloud Agent 4.8.0-49.

5.5
2022-08-18 CVE-2022-35165 Axiosys Infinite Loop vulnerability in Axiosys Bento4 1.6.0639

An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows attackers to cause a Denial of Service (DoS) via a crafted mp4 input.

5.5
2022-08-18 CVE-2022-35166 Jpeg Infinite Loop vulnerability in Jpeg Libjpeg 20220615

libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal.

5.5
2022-08-17 CVE-2022-2867 Libtiff
Fedoraproject
Debian
libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write.
5.5
2022-08-17 CVE-2022-2868 Libtiff
Fedoraproject
Debian
Improper Validation of Specified Quantity in Input vulnerability in multiple products

libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.

5.5
2022-08-17 CVE-2022-2869 Libtiff
Fedoraproject
Debian
libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine.
5.5
2022-08-17 CVE-2022-36191 Gpac Out-of-bounds Write vulnerability in Gpac

A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box.

5.5
2022-08-16 CVE-2022-34999 Bitbanksoftware Incorrect Comparison vulnerability in Bitbanksoftware Jpegdec 1.2.7

JPEGDEC commit be4843c was discovered to contain a FPE via DecodeJPEG at /src/jpeg.inl.

5.5
2022-08-16 CVE-2022-35000 Bitbanksoftware Unspecified vulnerability in Bitbanksoftware Jpegdec 1.2.7

JPEGDEC commit be4843c was discovered to contain a segmentation fault via fseek at /libio/fseek.c.

5.5
2022-08-16 CVE-2022-35002 Bitbanksoftware Unspecified vulnerability in Bitbanksoftware Jpegdec 1.2.7

JPEGDEC commit be4843c was discovered to contain a segmentation fault via TIFFSHORT at /src/jpeg.inl.

5.5
2022-08-16 CVE-2022-35004 Bitbanksoftware Unspecified vulnerability in Bitbanksoftware Jpegdec 1.2.7

JPEGDEC commit be4843c was discovered to contain a FPE via TIFFSHORT at /src/jpeg.inl.

5.5
2022-08-16 CVE-2022-35101 Swftools Out-of-bounds Write vulnerability in Swftools

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memset-vec-unaligned-erms.S.

5.5
2022-08-16 CVE-2022-35104 Swftools Out-of-bounds Write vulnerability in Swftools

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::reset() at /xpdf/Stream.cc.

5.5
2022-08-16 CVE-2022-35105 Swftools Out-of-bounds Write vulnerability in Swftools

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via /bin/png2swf+0x552cea.

5.5
2022-08-16 CVE-2022-35106 Swftools Out-of-bounds Read vulnerability in Swftools

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::computeTableChecksum(unsigned char*, int) at /xpdf/FoFiTrueType.cc.

5.5
2022-08-16 CVE-2022-35107 Swftools Allocation of Resources Without Limits or Throttling vulnerability in Swftools

SWFTools commit 772e55a2 was discovered to contain a stack overflow via vfprintf at /stdio-common/vfprintf.c.

5.5
2022-08-16 CVE-2022-35108 Swftools NULL Pointer Dereference vulnerability in Swftools

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.

5.5
2022-08-16 CVE-2022-35109 Swftools Out-of-bounds Write vulnerability in Swftools

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.

5.5
2022-08-16 CVE-2022-35110 Swftools Memory Leak vulnerability in Swftools

SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.

5.5
2022-08-16 CVE-2022-35111 Swftools Allocation of Resources Without Limits or Throttling vulnerability in Swftools

SWFTools commit 772e55a2 was discovered to contain a stack overflow via __sanitizer::StackDepotNode::hash(__sanitizer::StackTrace const&) at /sanitizer_common/sanitizer_stackdepot.cpp.

5.5
2022-08-16 CVE-2022-35113 Swftools Out-of-bounds Write vulnerability in Swftools

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via swf_DefineLosslessBitsTagToImage at /modules/swfbits.c.

5.5
2022-08-16 CVE-2022-35114 Swftools Out-of-bounds Read vulnerability in Swftools

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via extractFrame at /readers/swf.c.

5.5
2022-08-16 CVE-2022-35434 Jpeg Quant Smooth Project Incorrect Comparison vulnerability in Jpeg Quant Smooth Project Jpeg Quant Smooth

jpeg-quantsmooth before commit 8879454 contained a floating point exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c.

5.5
2022-08-16 CVE-2022-36140 Swfmill Improper Check for Unusual or Exceptional Conditions vulnerability in Swfmill

SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2::write(SWF::Writer*, SWF::Context*).

5.5
2022-08-16 CVE-2022-36141 Swfmill Improper Check for Unusual or Exceptional Conditions vulnerability in Swfmill

SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write(SWF::Writer*, SWF::Context*).

5.5
2022-08-16 CVE-2022-36145 Swfmill Improper Check for Unusual or Exceptional Conditions vulnerability in Swfmill

SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::Reader::getWord().

5.5
2022-08-16 CVE-2022-36146 Swfmill Allocation of Resources Without Limits or Throttling vulnerability in Swfmill

SWFMill commit 53d7690 was discovered to contain a memory allocation issue via operator new[](unsigned long) at asan_new_delete.cpp.

5.5
2022-08-16 CVE-2022-36148 Fdkaac Project Incorrect Comparison vulnerability in Fdkaac Project Fdkaac

fdkaac commit 53fe239 was discovered to contain a floating point exception (FPE) via wav_open at /src/wav_reader.c.

5.5
2022-08-16 CVE-2022-36149 Monostream Use After Free vulnerability in Monostream Tifig 0.2.2

tifig v0.2.2 was discovered to contain a heap-use-after-free via temInfoEntry().

5.5
2022-08-16 CVE-2022-36150 Monostream Out-of-bounds Write vulnerability in Monostream Tifig 0.2.2

tifig v0.2.2 was discovered to contain a heap-buffer overflow via __asan_memmove at /asan/asan_interceptors_memintrinsics.cpp.

5.5
2022-08-16 CVE-2022-36151 Monostream NULL Pointer Dereference vulnerability in Monostream Tifig 0.2.2

tifig v0.2.2 was discovered to contain a segmentation violation via getType() at /common/bbox.cpp.

5.5
2022-08-16 CVE-2022-36152 Monostream Memory Leak vulnerability in Monostream Tifig 0.2.2

tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan_new_delete.cpp.

5.5
2022-08-16 CVE-2022-36153 Monostream NULL Pointer Dereference vulnerability in Monostream Tifig 0.2.2

tifig v0.2.2 was discovered to contain a segmentation violation via std::vector<unsigned int, std::allocator<unsigned int> >::size() const at /bits/stl_vector.h.

5.5
2022-08-16 CVE-2022-36155 Monostream Allocation of Resources Without Limits or Throttling vulnerability in Monostream Tifig 0.2.2

tifig v0.2.2 was discovered to contain a resource allocation issue via operator new(unsigned long) at asan_new_delete.cpp.

5.5
2022-08-16 CVE-2022-37439 Splunk Unspecified vulnerability in Splunk and Universal Forwarder

In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application.

5.5
2022-08-16 CVE-2022-38230 Xpdf Project Incorrect Comparison vulnerability in Xpdf Project Xpdf 3.04

XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc.

5.5
2022-08-16 CVE-2022-38233 Xpdf Project Improper Check for Unusual or Exceptional Conditions vulnerability in Xpdf Project Xpdf 3.04

XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc.

5.5
2022-08-16 CVE-2022-38234 Xpdf Project Improper Check for Unusual or Exceptional Conditions vulnerability in Xpdf Project Xpdf 3.04

XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc.

5.5
2022-08-16 CVE-2022-38235 Xpdf Project Improper Check for Unusual or Exceptional Conditions vulnerability in Xpdf Project Xpdf 3.04

XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.

5.5
2022-08-16 CVE-2022-38194 Esri Missing Encryption of Sensitive Data vulnerability in Esri Portal for Arcgis 10.8.1

In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted.

5.5
2022-08-16 CVE-2022-29959 Emerson Insufficiently Protected Credentials vulnerability in Emerson Openbsi 5.9

Emerson OpenBSI through 2022-04-29 mishandles credential storage.

5.5
2022-08-19 CVE-2022-37254 Dolphinphp Project Cross-site Scripting vulnerability in Dolphinphp Project Dolphinphp 1.5.1

DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management.

5.4
2022-08-19 CVE-2022-1021 Chatwoot Cross-site Scripting vulnerability in Chatwoot

Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0.

5.4
2022-08-19 CVE-2022-35910 Jellyfin Cross-site Scripting vulnerability in Jellyfin

In Jellyfin before 10.8, stored XSS allows theft of an admin access token.

5.4
2022-08-19 CVE-2020-23466 Phpgurukul Cross-site Scripting vulnerability in PHPgurukul Online Marriage Registration System 1.0

Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field.

5.4
2022-08-18 CVE-2021-32862 Jupyter
Debian
Cross-site Scripting vulnerability in multiple products

The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert.

5.4
2022-08-18 CVE-2022-35174 Getkirby Cross-site Scripting vulnerability in Getkirby Starterkit 3.7.0.2

A stored cross-site scripting (XSS) vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field.

5.4
2022-08-18 CVE-2022-37063 Flir Cross-site Scripting vulnerability in Flir AX8 Firmware

All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization.

5.4
2022-08-17 CVE-2022-2871 Notrinos Unspecified vulnerability in Notrinos Notrinoserp

Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.

5.4
2022-08-16 CVE-2021-39035 IBM Cross-site Scripting vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to cross-site scripting.

5.4
2022-08-16 CVE-2022-30575 Tibco Cross-site Scripting vulnerability in Tibco Data Science - Workbench and Statistica

The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system.

5.4
2022-08-16 CVE-2022-30576 Tibco Cross-site Scripting vulnerability in Tibco Data Science - Workbench and Statistica

The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system.

5.4
2022-08-16 CVE-2022-38189 Esri Cross-site Scripting vulnerability in Esri Portal for Arcgis

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.

5.4
2022-08-16 CVE-2022-38192 Esri Cross-site Scripting vulnerability in Esri Portal for Arcgis

A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser.

5.4
2022-08-15 CVE-2022-38191 Esri Cross-site Scripting vulnerability in Esri Portal for Arcgis

There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application.

5.4
2022-08-15 CVE-2022-24654 Intelbras Cross-site Scripting vulnerability in Intelbras ATA 200 Firmware 74.19.10.21

Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload.

5.4
2022-08-15 CVE-2022-2824 Open EMR Unspecified vulnerability in Open-Emr Openemr

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

5.4
2022-08-19 CVE-2022-1901 Octopus Improper Privilege Management vulnerability in Octopus Server

In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview.

5.3
2022-08-18 CVE-2022-36023 Hyperledger Unspecified vulnerability in Hyperledger Fabric

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications.

5.3
2022-08-18 CVE-2022-30693 Cybozu Information Exposure vulnerability in Cybozu Office

Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors.

5.3
2022-08-17 CVE-2022-2338 Softing Unspecified vulnerability in Softing products

Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack.

5.3
2022-08-17 CVE-2022-38392 Unspecified vulnerability in * 5400Rmp OEM Harddrive

Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video.

5.3
2022-08-16 CVE-2020-1755 Moodle Insufficient Verification of Data Authenticity vulnerability in Moodle

In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.

5.3
2022-08-16 CVE-2022-34259 Adobe
Magento
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass.
5.3
2022-08-16 CVE-2021-39086 IBM Information Exposure Through an Error Message vulnerability in IBM Sterling File Gateway

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

5.3
2022-08-16 CVE-2022-2838 Eclipse XXE vulnerability in Eclipse Sphinx

In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests.

5.3
2022-08-15 CVE-2022-33989 Dproxy Nexgen Project Insufficient Entropy vulnerability in Dproxy-Nexgen Project Dproxy-Nexgen

dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers.

5.3
2022-08-15 CVE-2022-33991 Dproxy Nexgen Project Authentication Bypass by Spoofing vulnerability in Dproxy-Nexgen Project Dproxy-Nexgen

dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1.

5.3
2022-08-15 CVE-2022-33993 Domain Name Relay Daemon Project Unspecified vulnerability in Domain Name Relay Daemon Project Domain Name Relay Daemon 2.20.3

Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form.

5.3
2022-08-15 CVE-2022-2535 Searchwp Unspecified vulnerability in Searchwp Live Ajax Search

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink

5.3
2022-08-15 CVE-2022-35948 Nodejs Unspecified vulnerability in Nodejs Undici

undici is an HTTP/1.1 client, written from scratch for Node.js.`=< [email protected]` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header.

5.3
2022-08-15 CVE-2022-35954 Github Injection vulnerability in Github Toolkit

The GitHub Actions ToolKit provides a set of packages to make creating actions easier.

5.0
2022-08-21 CVE-2022-2885 Yetiforce Unspecified vulnerability in Yetiforce Customer Relationship Management

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

4.8
2022-08-17 CVE-2022-35117 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Clinic'S Patient Management System 1.0

Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php.

4.8
2022-08-16 CVE-2022-34156 Hjholdings Improper Certificate Validation vulnerability in Hjholdings Hulu

'Hulu / ????' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack.

4.8
2022-08-15 CVE-2022-2152 Duplicate Page AND Post Project Unspecified vulnerability in Duplicate Page and Post Project Duplicate Page and Post

The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-08-15 CVE-2022-2384 Supsystic Unspecified vulnerability in Supsystic Digital Publications BY Supsystic

The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-08-18 CVE-2021-33126 Intel Unspecified vulnerability in Intel products

Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial of service via local access.

4.4
2022-08-18 CVE-2021-33128 Intel Unspecified vulnerability in Intel Ethernet Controller E810 Firmware

Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access.

4.4
2022-08-18 CVE-2022-21240 Intel Out-of-bounds Read vulnerability in Intel products

Out of bounds read for some Intel(R) PROSet/Wireless WiFi products may allow a privileged user to potentially enable information disclosure via local access.

4.4
2022-08-18 CVE-2022-26074 Intel Incomplete Cleanup vulnerability in Intel Server Platform Services Firmware

Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.

4.4
2022-08-18 CVE-2022-28709 Intel Unspecified vulnerability in Intel Ethernet Controller E810 Firmware

Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access.

4.4
2022-08-16 CVE-2020-10710 Theforeman Insufficiently Protected Credentials vulnerability in Theforeman Foreman

A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer.

4.4
2022-08-18 CVE-2022-35204 Vitejs Path Traversal vulnerability in Vitejs Vite

Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service.

4.3
2022-08-18 CVE-2022-25986 Cybozu Unspecified vulnerability in Cybozu Office

Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler.

4.3
2022-08-18 CVE-2022-29891 Cybozu Unspecified vulnerability in Cybozu Office

Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors.

4.3
2022-08-18 CVE-2022-32283 Cybozu Unspecified vulnerability in Cybozu Office

Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors.

4.3
2022-08-18 CVE-2022-32544 Cybozu Unspecified vulnerability in Cybozu Office

Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors.

4.3
2022-08-18 CVE-2022-32583 Cybozu Unspecified vulnerability in Cybozu Office

Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors.

4.3
2022-08-18 CVE-2022-33311 Cybozu Unspecified vulnerability in Cybozu Office

Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors.

4.3
2022-08-16 CVE-2022-2846 Dwbooster Unspecified vulnerability in Dwbooster Calendar Event Multi View

The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields.

4.3

4 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-16 CVE-2022-37438 Splunk Unspecified vulnerability in Splunk and Splunk Cloud Platform

In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component.

3.5
2022-08-18 CVE-2021-23188 Intel Unspecified vulnerability in Intel products

Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an authenticated user to potentially enable information disclosure via local access.

3.3
2022-08-15 CVE-2022-36007 Venice Project Unspecified vulnerability in Venice Project Venice

Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability.

3.3
2022-08-17 CVE-2020-14394 Qemu
Fedoraproject
Redhat
Infinite Loop vulnerability in multiple products

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring.

3.2