Weekly Vulnerabilities Reports > August 15 to 21, 2022
Overview
452 new vulnerabilities reported during this period, including 75 critical vulnerabilities and 167 high severity vulnerabilities. This weekly summary report vulnerabilities in 964 products from 170 vendors including Intel, Otfcc Project, Fedoraproject, Cybozu, and Swftools. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Cross-site Scripting", "SQL Injection", "Out-of-bounds Read", and "Improper Input Validation".
- 300 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 99 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 307 reported vulnerabilities are exploitable by an anonymous user.
- Intel has the most reported vulnerabilities, with 57 reported vulnerabilities.
- Inventorymanagementsystem Project has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
75 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-15 | CVE-2022-35978 | Minetest | Unspecified vulnerability in Minetest Minetest is a free open-source voxel game engine with easy modding and game creation. | 10.0 |
2022-08-21 | CVE-2022-34916 | Apache | Unspecified vulnerability in Apache Flume 1.10.0/1.4.0/1.9.0 Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. | 9.8 |
2022-08-20 | CVE-2022-36030 | Project Nexus Project | Unspecified vulnerability in Project-Nexus Project Project-Nexus 1.0.1 Project-nexus is a general-purpose blog website framework. | 9.8 |
2022-08-19 | CVE-2022-37175 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac15 Firmware 15.03.05.18 Tenda ac15 firmware V15.03.05.18 httpd server has stack buffer overflow in /goform/formWifiBasicSet. | 9.8 |
2022-08-19 | CVE-2022-23459 | Json Project | Use After Free vulnerability in Json++ Project Json++ 1.0.0/1.0.1 Jsonxx or Json++ is a JSON parser, writer and reader written in C++. | 9.8 |
2022-08-19 | CVE-2022-36578 | Jizhicms | SQL Injection vulnerability in Jizhicms 2.3.1 jizhicms v2.3.1 has SQL injection in the background. | 9.8 |
2022-08-19 | CVE-2022-35201 | Tenda | Unspecified vulnerability in Tenda Ac18 Firmware 15.03.05.05 Tenda-AC18 V15.03.05.05 was discovered to contain a remote command execution (RCE) vulnerability. | 9.8 |
2022-08-19 | CVE-2022-36605 | Yimihome | SQL Injection vulnerability in Yimihome Ywoa 6.1 Yimioa v6.1 was discovered to contain a SQL injection vulnerability via the orderbyGET parameter. | 9.8 |
2022-08-19 | CVE-2022-36606 | Yimihome | SQL Injection vulnerability in Yimihome Ywoa Ywoa before v6.1 was discovered to contain a SQL injection vulnerability via /oa/setup/checkPool?database. | 9.8 |
2022-08-19 | CVE-2022-34615 | Mealie | Weak Password Requirements vulnerability in Mealie 0.5.5/1.0.0 Mealie 1.0.0beta3 employs weak password requirements which allows attackers to potentially gain unauthorized access to the application via brute-force attacks. | 9.8 |
2022-08-19 | CVE-2022-29805 | Fishbowlinventory | Deserialization of Untrusted Data vulnerability in Fishbowlinventory Fishbowl A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload. | 9.8 |
2022-08-19 | CVE-2022-36220 | Ethz | Unspecified vulnerability in Ethz Safe Exam Browser Kiosk breakout (without quit password) in Safe Exam Browser (Windows) <3.4.0, which allows an attacker to achieve code execution via the browsers' print dialog. | 9.8 |
2022-08-18 | CVE-2020-36599 | Omniauth | Improper Encoding or Escaping of Output vulnerability in Omniauth lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value. | 9.8 |
2022-08-18 | CVE-2022-35540 | Dotnetcore | Use of Hard-coded Credentials vulnerability in Dotnetcore Agileconfig Hardcoded JWT Secret in AgileConfig <1.6.8 Server allows remote attackers to use the generated JWT token to gain administrator access. | 9.8 |
2022-08-18 | CVE-2022-30601 | Intel | Insufficiently Protected Credentials vulnerability in Intel products Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable information disclosure and escalation of privilege via network access. | 9.8 |
2022-08-18 | CVE-2022-36947 | Faststone | Out-of-bounds Write vulnerability in Faststone Image Viewer Unsafe Parsing of a PNG tRNS chunk in FastStone Image Viewer through 7.5 results in a stack buffer overflow. | 9.8 |
2022-08-18 | CVE-2022-22730 | Intel | Improper Authentication vulnerability in Intel Edge Insights for Industrial Improper authentication in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |
2022-08-18 | CVE-2022-25899 | Intel | Unspecified vulnerability in Intel Open Active Management Technology Cloud Toolkit Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | 9.8 |
2022-08-18 | CVE-2022-36722 | Library Management System Project | SQL Injection vulnerability in Library Management System Project Library Management System 1.0 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the title parameter at /librarian/history.php. | 9.8 |
2022-08-18 | CVE-2022-36725 | Library Management System Project | SQL Injection vulnerability in Library Management System Project Library Management System 1.0 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /student/dele.php. | 9.8 |
2022-08-18 | CVE-2022-36727 | Library Management System Project | SQL Injection vulnerability in Library Management System Project Library Management System 1.0 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /staff/delete.php. | 9.8 |
2022-08-18 | CVE-2022-36728 | Library Management System Project | SQL Injection vulnerability in Library Management System Project Library Management System 1.0 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /staff/delstu.php. | 9.8 |
2022-08-18 | CVE-2022-36729 | Library Management System Project | SQL Injection vulnerability in Library Management System Project Library Management System 1.0 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /librarian/del.php. | 9.8 |
2022-08-18 | CVE-2022-35976 | Weave | Unspecified vulnerability in Weave Gitops Tools The GitOps Tools Extension for VSCode relies on kubeconfigs in order to communicate with Kubernetes clusters. | 9.8 |
2022-08-18 | CVE-2022-35175 | Barangay Management System Project | SQL Injection vulnerability in Barangay Management System Project Barangay Management System 1.0 Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php. | 9.8 |
2022-08-18 | CVE-2022-35975 | Weave | Unspecified vulnerability in Weave Gitops Tools The GitOps Tools Extension for VSCode can make it easier to manage Flux objects. | 9.8 |
2022-08-18 | CVE-2022-37061 | Flir | OS Command Injection vulnerability in Flir AX8 Firmware All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are vulnerable to Remote Command Injection. | 9.8 |
2022-08-18 | CVE-2022-2876 | Student Management System Project | Unspecified vulnerability in Student Management System Project Student Management System A vulnerability, which was classified as critical, was found in SourceCodester Student Management System. | 9.8 |
2022-08-18 | CVE-2022-35153 | Fusionpbx | Improper Encoding or Escaping of Output vulnerability in Fusionpbx 5.0.1 FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. | 9.8 |
2022-08-18 | CVE-2022-35154 | Shopro | SQL Injection vulnerability in Shopro Mall System 1.3.8 Shopro Mall System v1.3.8 was discovered to contain a SQL injection vulnerability via the value parameter. | 9.8 |
2022-08-18 | CVE-2022-35164 | GNU | Use After Free vulnerability in GNU Libredwg LibreDWG v0.12.4.4608 & commit f2dea29 was discovered to contain a heap use-after-free via bit_copy_chain. | 9.8 |
2022-08-18 | CVE-2022-35598 | Inventorymanagementsystem Project | SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0 A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username. | 9.8 |
2022-08-18 | CVE-2022-35599 | Inventorymanagementsystem Project | SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0 A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode. | 9.8 |
2022-08-18 | CVE-2022-35601 | Inventorymanagementsystem Project | SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0 A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | 9.8 |
2022-08-18 | CVE-2022-35602 | Inventorymanagementsystem Project | SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0 A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user. | 9.8 |
2022-08-18 | CVE-2022-35603 | Inventorymanagementsystem Project | SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0 A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt. | 9.8 |
2022-08-18 | CVE-2022-35605 | Inventorymanagementsystem Project | SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0 A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc. | 9.8 |
2022-08-18 | CVE-2022-35606 | Inventorymanagementsystem Project | SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0 A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.' | 9.8 |
2022-08-17 | CVE-2022-23747 | Sony | Classic Buffer Overflow vulnerability in Sony products In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback. | 9.8 |
2022-08-17 | CVE-2022-23764 | Teruten | Origin Validation Error vulnerability in Teruten Webcube 1.0.5.5 The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. | 9.8 |
2022-08-17 | CVE-2022-2336 | Softing | Unspecified vulnerability in Softing products Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. | 9.8 |
2022-08-17 | CVE-2022-35147 | Html JS | Information Exposure vulnerability in Html-Js Doracms DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request. | 9.8 |
2022-08-17 | CVE-2022-35121 | Xxyopen | SQL Injection vulnerability in Xxyopen Novel-Plus 3.6.1 Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java. | 9.8 |
2022-08-17 | CVE-2022-35516 | Dedecms | Code Injection vulnerability in Dedecms DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php. | 9.8 |
2022-08-17 | CVE-2022-2870 | Laravel | Unspecified vulnerability in Laravel A vulnerability was found in laravel 5.1 and classified as problematic. | 9.8 |
2022-08-17 | CVE-2022-22455 | IBM | Unspecified vulnerability in IBM Security Verify Governance 10.0 IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. | 9.8 |
2022-08-17 | CVE-2022-36190 | Gpac | Use After Free vulnerability in Gpac GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. | 9.8 |
2022-08-17 | CVE-2022-1400 | Device42 | Use of Hard-coded Credentials vulnerability in Device42 Cmdb Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. | 9.8 |
2022-08-16 | CVE-2022-2662 | Sequi | Unspecified vulnerability in Sequi Portbloque S Firmware Sequi PortBloque S has a improper authentication issues which may allow an attacker to bypass the authentication process and gain user-level access to the device. | 9.8 |
2022-08-16 | CVE-2022-34256 | Adobe Magento | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. | 9.8 |
2022-08-16 | CVE-2022-37437 | Splunk | Improper Certificate Validation vulnerability in Splunk 9.0.0 When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. | 9.8 |
2022-08-16 | CVE-2021-39085 | IBM | SQL Injection vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to SQL injection. | 9.8 |
2022-08-16 | CVE-2022-2847 | Guest Management System Project | Unspecified vulnerability in Guest Management System Project Guest Management System A vulnerability, which was classified as critical, has been found in SourceCodester Guest Management System. | 9.8 |
2022-08-16 | CVE-2022-36242 | Oretnom23 | SQL Injection vulnerability in Oretnom23 Clinic'S Patient Management System 1.0 Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=. | 9.8 |
2022-08-16 | CVE-2022-30264 | Emerson | Insufficient Verification of Data Authenticity vulnerability in Emerson products The Emerson ROC and FloBoss RTU product lines through 2022-05-02 perform insecure filesystem operations. | 9.8 |
2022-08-16 | CVE-2022-36272 | Mingsoft | SQL Injection vulnerability in Mingsoft Mcms 5.2.8 Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter. | 9.8 |
2022-08-16 | CVE-2022-36273 | Tenda | OS Command Injection vulnerability in Tenda AC9 Firmware 15.03.2.21Cn Tenda AC9 V15.03.2.21_cn is vulnerable to command injection via goform/SetSysTimeCfg. | 9.8 |
2022-08-16 | CVE-2022-36599 | Mingsoft | SQL Injection vulnerability in Mingsoft Mcms 5.2.8 Mingsoft MCMS 5.2.8 was discovered to contain a SQL injection vulnerability in /mdiy/model/delete URI via models Lists. | 9.8 |
2022-08-16 | CVE-2022-36344 | Justsystems | Unquoted Search Path or Element vulnerability in Justsystems products An unquoted search path vulnerability exists in 'JustSystems JUST Online Update for J-License' bundled with multiple products for corporate users as in Ichitaro through Pro5 and others. | 9.8 |
2022-08-15 | CVE-2020-21642 | Zohocorp | Path Traversal vulnerability in Zohocorp Manageengine Analytics Plus Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code. | 9.8 |
2022-08-15 | CVE-2022-36010 | React Editable Json Tree Project | Unspecified vulnerability in React Editable Json Tree Project React Editable Json Tree This library allows strings to be parsed as functions and stored as a specialized component, [`JsonFunctionValue`](https://github.com/oxyno-zeta/react-editable-json-tree/blob/09a0ca97835b0834ad054563e2fddc6f22bc5d8c/src/components/JsonFunctionValue.js). | 9.8 |
2022-08-15 | CVE-2022-36523 | Dlink | Command Injection vulnerability in Dlink Go-Rt-Ac750 Firmware 101B03/200B02 D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | 9.8 |
2022-08-15 | CVE-2022-36525 | Dlink | Classic Buffer Overflow vulnerability in Dlink Go-Rt-Ac750 Firmware 101B03/200B02 D-Link Go-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Buffer Overflow via authenticationcgi_main. | 9.8 |
2022-08-15 | CVE-2022-34294 | Totd Project | Insufficient Entropy vulnerability in Totd Project Totd 1.5.3 totd 1.5.3 uses a fixed UDP source port in upstream queries sent to DNS resolvers. | 9.8 |
2022-08-15 | CVE-2022-36262 | Taogogo | Code Injection vulnerability in Taogogo Taocms 3.0.2 An issue was discovered in taocms 3.0.2. | 9.8 |
2022-08-15 | CVE-2022-2180 | Greyd | Unspecified vulnerability in Greyd Greyd.Suite The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution (RCE). | 9.8 |
2022-08-15 | CVE-2022-2314 | VR Calendar Project | Unspecified vulnerability in VR Calendar Project VR Calendar The VR Calendar WordPress plugin through 2.3.2 lets any user execute arbitrary PHP functions on the site. | 9.8 |
2022-08-15 | CVE-2022-2812 | Guest Management System Project | Unspecified vulnerability in Guest Management System Project Guest Management System A vulnerability classified as critical was found in SourceCodester Guest Management System. | 9.8 |
2022-08-15 | CVE-2022-38221 | THE Isle Evrima Project | Classic Buffer Overflow vulnerability in the Isle Evrima Project the Isle Evrima A buffer overflow in the FTcpListener thread in The Isle Evrima (the dedicated server on Windows and Linux) 0.9.88.07 before 2022-08-12 allows a remote attacker to crash any server with an accessible RCON port, or possibly execute arbitrary code. | 9.8 |
2022-08-16 | CVE-2022-38193 | Esri | Code Injection vulnerability in Esri Portal for Arcgis There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution. | 9.6 |
2022-08-19 | CVE-2020-27794 | Radare | Double Free vulnerability in Radare Radare2 A double free issue was discovered in radare2 in cmd_info.c:cmd_info(). | 9.1 |
2022-08-19 | CVE-2022-22489 | IBM | XXE vulnerability in IBM MQ IBM MQ 8.0, (9.0, 9.1, 9.2 LTS), and (9.1 and 9.2 CD) are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 9.1 |
2022-08-17 | CVE-2022-35122 | Ecowitt | Missing Authentication for Critical Function vulnerability in Ecowitt Gw1100 Firmware An access control issue in Ecowitt GW1100 Series Weather Stations <=GW1100B_v2.1.5 allows unauthenticated attackers to access sensitive information including device and local WiFi passwords. | 9.1 |
2022-08-17 | CVE-2022-1399 | Device42 | Argument Injection or Modification vulnerability in Device42 Cmdb An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. | 9.1 |
2022-08-16 | CVE-2022-36308 | Airspan | Insufficiently Protected Credentials vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249 Airspan AirVelocity 1500 web management UI displays SNMP credentials in plaintext on software versions older than 15.18.00.2511, and stores SNMPv3 credentials unhashed on the filesystem, enabling anyone with web access to use these credentials to manipulate the eNodeB over SNMP. | 9.1 |
167 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-21 | CVE-2022-2921 | Notrinos | Unspecified vulnerability in Notrinos Notrinoserp Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository notrinos/notrinoserp prior to v0.7. | 8.8 |
2022-08-21 | CVE-2022-30036 | Malighting | Use of Hard-coded Credentials vulnerability in Malighting Grandma2 Light Firmware MA Lighting grandMA2 Light has a password of root for the root account. | 8.8 |
2022-08-20 | CVE-2022-2909 | Simple AND Nice Shopping Cart Script Project | Unspecified vulnerability in Simple and Nice Shopping Cart Script Project Simple and Nice Shopping Cart Script A vulnerability was found in SourceCodester Simple and Nice Shopping Cart Script. | 8.8 |
2022-08-19 | CVE-2022-36157 | Xuxueli | Improper Privilege Management vulnerability in Xuxueli Xxl-Job XXL-JOB all versions as of 11 July 2022 are vulnerable to Insecure Permissions resulting in the ability to execute admin function with low Privilege account. | 8.8 |
2022-08-19 | CVE-2022-36009 | Matrix | Unspecified vulnerability in Matrix Dendrite and Gomatrixserverlib gomatrixserverlib is a Go library for matrix protocol federation. | 8.8 |
2022-08-19 | CVE-2022-36170 | Mapgis | Use of Hard-coded Credentials vulnerability in Mapgis Igserver 10.5 MapGIS 10.5 Pro IGServer has hardcoded credentials in the front-end and can lead to escalation of privileges and arbitrary file deletion. | 8.8 |
2022-08-19 | CVE-2022-36224 | Xunruicms | Cross-Site Request Forgery (CSRF) vulnerability in Xunruicms 4.5.6 XunRuiCMS V4.5.6 is vulnerable to Cross Site Request Forgery (CSRF). | 8.8 |
2022-08-19 | CVE-2022-36225 | Eyoucms | Cross-Site Request Forgery (CSRF) vulnerability in Eyoucms 1.5.8 EyouCMS V1.5.8-UTF8-SP1 is vulnerable to Cross Site Request Forgery (CSRF) via the background, column management function and add. | 8.8 |
2022-08-19 | CVE-2022-36577 | Jizhicms | Cross-Site Request Forgery (CSRF) vulnerability in Jizhicms 2.3.1 An issue was discovered in jizhicms v2.3.1. | 8.8 |
2022-08-19 | CVE-2022-36579 | Wellcms | Cross-Site Request Forgery (CSRF) vulnerability in Wellcms 2.2.0 Wellcms 2.2.0 is vulnerable to Cross Site Request Forgery (CSRF). | 8.8 |
2022-08-19 | CVE-2022-35909 | Jellyfin | Unspecified vulnerability in Jellyfin In Jellyfin before 10.8, the /users endpoint has incorrect access control for admin functionality. | 8.8 |
2022-08-19 | CVE-2022-2886 | Laravel | Deserialization of Untrusted Data vulnerability in Laravel A vulnerability, which was classified as critical, was found in Laravel 5.1. | 8.8 |
2022-08-19 | CVE-2022-35167 | Prinitix | Incorrect Permission Assignment for Critical Resource vulnerability in Prinitix Cloud Print Management 1.3.1149.0 Printix Cloud Print Management v1.3.1149.0 for Windows was discovered to contain insecure permissions. | 8.8 |
2022-08-18 | CVE-2022-21139 | Intel | Inadequate Encryption Strength vulnerability in Intel products Inadequate encryption strength for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 8.8 |
2022-08-18 | CVE-2022-23182 | Intel | Unspecified vulnerability in Intel Data Center Manager Improper access control in the Intel(R) Data Center Manager software before version 4.1 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 8.8 |
2022-08-17 | CVE-2022-23765 | Iptime | Cross-Site Request Forgery (CSRF) vulnerability in Iptime products This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. | 8.8 |
2022-08-17 | CVE-2022-1410 | Device42 | OS Command Injection vulnerability in Device42 Cmdb OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. | 8.8 |
2022-08-16 | CVE-2020-14321 | Moodle | Incorrect Authorization vulnerability in Moodle In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, teachers of a course were able to assign themselves the manager role within that course. | 8.8 |
2022-08-16 | CVE-2022-2661 | Sequi | Unspecified vulnerability in Sequi Portbloque S Firmware Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests. | 8.8 |
2022-08-16 | CVE-2022-34254 | Adobe Magento | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could be abused by an attacker to inject malicious scripts into the vulnerable endpoint. | 8.8 |
2022-08-16 | CVE-2022-34255 | Adobe Magento | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. | 8.8 |
2022-08-16 | CVE-2022-35011 | Pngdec Project | Classic Buffer Overflow vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1 PNGDec commit 8abf6be was discovered to contain a global buffer overflow via inflate_fast at /src/inffast.c. | 8.8 |
2022-08-16 | CVE-2022-38362 | Apache | Unspecified vulnerability in Apache Apache-Airflow-Providers-Docker Apache Airflow Docker's Provider prior to 3.0.0 shipped with an example DAG that was vulnerable to (authenticated) remote code exploit of code on the Airflow worker host. | 8.8 |
2022-08-16 | CVE-2022-35239 | Contec | Improper Input Validation vulnerability in Contec Sv-Cpt-Mc310 Firmware and Sv-Cpt-Mc310F Firmware The image file management page of SolarView Compact SV-CPT-MC310 Ver.7.23 and earlier, and SV-CPT-MC310F Ver.7.23 and earlier contains an insufficient verification vulnerability when uploading files. | 8.8 |
2022-08-16 | CVE-2022-36309 | Airspan | OS Command Injection vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249 Airspan AirVelocity 1500 software versions prior to 15.18.00.2511 have a root command injection vulnerability in the ActiveBank parameter of the recoverySubmit.cgi script running on the eNodeB's web management UI. | 8.8 |
2022-08-16 | CVE-2022-36310 | Airspan | Unspecified vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249 Airspan AirVelocity 1500 software prior to version 15.18.00.2511 had NET-SNMP-EXTEND-MIB enabled on its snmpd service, enabling an attacker with SNMP write abilities to execute commands as root on the eNodeB. | 8.8 |
2022-08-16 | CVE-2022-36312 | Airspan | Cross-Site Request Forgery (CSRF) vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511 Airspan AirVelocity 1500 software version 15.18.00.2511 lacks CSRF protections in the eNodeB's web management UI. | 8.8 |
2022-08-15 | CVE-2022-38357 | Eyeofnetwork | Injection vulnerability in Eyeofnetwork Eyes of Network web 5.3 Improper neutralization of special elements leaves the Eyes of Network Web application vulnerable to an iFrame injection attack, via the url parameter of /module/module_frame/index.php. | 8.8 |
2022-08-15 | CVE-2022-38359 | Eyeofnetwork | Cross-Site Request Forgery (CSRF) vulnerability in Eyeofnetwork Eyes of Network web 5.3 Cross-site request forgery attacks can be carried out against the Eyes of Network web application, due to an absence of adequate protections. | 8.8 |
2022-08-15 | CVE-2022-38368 | Aviatrix | Improper Authentication vulnerability in Aviatrix Gateway An issue was discovered in Aviatrix Gateway before 6.6.5712 and 6.7.x before 6.7.1376. | 8.8 |
2022-08-15 | CVE-2022-35623 | Nordicsemi | Out-of-bounds Write vulnerability in Nordicsemi Nrf5 SDK for Mesh 5.0 In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuth | 8.8 |
2022-08-15 | CVE-2022-35624 | Nordicsemi | Out-of-bounds Write vulnerability in Nordicsemi Nrf5 SDK for Mesh 5.0 In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO > SegN | 8.8 |
2022-08-15 | CVE-2022-2381 | E Unlocked Student Result Project | Unspecified vulnerability in E Unlocked - Student Result Project E Unlocked - Student Result 1.0.4 The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack | 8.8 |
2022-08-15 | CVE-2022-2818 | Agentejo | Unspecified vulnerability in Agentejo Cockpit Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2. | 8.8 |
2022-08-15 | CVE-2022-36006 | Arvados | Deserialization of Untrusted Data vulnerability in Arvados Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. | 8.8 |
2022-08-15 | CVE-2022-37400 | Apache | Unspecified vulnerability in Apache Openoffice Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. | 8.8 |
2022-08-15 | CVE-2022-37401 | Apache | Unspecified vulnerability in Apache Openoffice Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. | 8.8 |
2022-08-15 | CVE-2022-2820 | Namelessmc | Unspecified vulnerability in Namelessmc Nameless Session Fixation in GitHub repository namelessmc/nameless prior to v2.0.2. | 8.2 |
2022-08-19 | CVE-2022-36171 | Mapgis | Use of Hard-coded Credentials vulnerability in Mapgis Igserver 10.5.6.11 MapGIS IGServer 10.5.6.11 is vulnerable to Arbitrary file deletion. | 8.1 |
2022-08-18 | CVE-2022-21225 | Intel | Unspecified vulnerability in Intel Data Center Manager Improper neutralization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | 8.0 |
2022-08-18 | CVE-2022-26017 | Intel | Unspecified vulnerability in Intel Driver & Support Assistant Improper access control in the Intel(R) DSA software for before version 22.2.14 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | 8.0 |
2022-08-18 | CVE-2022-2625 | Postgresql Fedoraproject Redhat | A vulnerability was found in PostgreSQL. | 8.0 |
2022-08-19 | CVE-2022-2793 | Emerson | Insufficient Verification of Data Authenticity vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol. | 7.8 |
2022-08-19 | CVE-2022-2889 | VIM Fedoraproject | Use After Free in GitHub repository vim/vim prior to 9.0.0225. | 7.8 |
2022-08-18 | CVE-2022-27493 | Intel | Improper Initialization vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable an escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-28858 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware Improper buffer restriction in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-33209 | Intel | Improper Input Validation vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware Improper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-34488 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware Improper buffer restrictions in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2021-23223 | Intel | Improper Initialization vulnerability in Intel products Improper initialization for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2021-33060 | Intel Netapp | Out-of-bounds Write vulnerability in multiple products Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2021-33847 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2021-37409 | Intel | Incorrect Authorization vulnerability in Intel products Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-21148 | Intel | Unspecified vulnerability in Intel Edge Insights for Industrial Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-21181 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-21229 | Intel | Unspecified vulnerability in Intel Control Center 1.2.1.1007 Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-21807 | Intel | Uncontrolled Search Path Element vulnerability in Intel Vtune Profiler Uncontrolled search path elements in the Intel(R) VTune(TM) Profiler software before version 2022.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-21812 | Intel | Unspecified vulnerability in Intel Hardware Accelerated Execution Manager Improper access control in the Intel(R) HAXM software before version 7.7.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-25841 | Intel | Uncontrolled Search Path Element vulnerability in Intel Datacenter Group Event Uncontrolled search path elements in the Intel(R) Datacenter Group Event Android application, all versions, may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-25966 | Intel | Unspecified vulnerability in Intel Edge Insights for Industrial Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-25999 | Intel | Uncontrolled Search Path Element vulnerability in Intel Enpirion Digital Power Configurator GUI Uncontrolled search path element in the Intel(R) Enpirion(R) Digital Power Configurator GUI software, all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-26344 | Intel | Incorrect Default Permissions vulnerability in Intel Single Event API Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-26374 | Intel | Uncontrolled Search Path Element vulnerability in Intel Single Event API Uncontrolled search path in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-26844 | Intel | Insufficiently Protected Credentials vulnerability in Intel Single Event API Insufficiently protected credentials in the installation binaries for Intel(R) SEAPI in all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-28696 | Intel | Uncontrolled Search Path Element vulnerability in Intel Distribution for Python 2017/2018/2019 Uncontrolled search path in the Intel(R) Distribution for Python before version 2022.0.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 |
2022-08-18 | CVE-2022-28757 | Zoom | Unspecified vulnerability in Zoom Meetings The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. | 7.8 |
2022-08-18 | CVE-2022-37047 | Broadcom Fedoraproject | Out-of-bounds Write vulnerability in multiple products The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_ipv6_next at common/get.c:713. | 7.8 |
2022-08-18 | CVE-2022-37048 | Broadcom Fedoraproject | Out-of-bounds Write vulnerability in multiple products The component tcprewrite in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in get_l2len_protocol at common/get.c:344. | 7.8 |
2022-08-18 | CVE-2022-37049 | Broadcom Fedoraproject | Out-of-bounds Write vulnerability in multiple products The component tcpprep in Tcpreplay v4.4.1 was discovered to contain a heap-based buffer overflow in parse_mpls at common/get.c:150. | 7.8 |
2022-08-18 | CVE-2022-37025 | Mcafee | Improper Privilege Management vulnerability in Mcafee Security Scan Plus An improper privilege management vulnerability in McAfee Security Scan Plus (MSS+) before 4.1.262.1 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. | 7.8 |
2022-08-17 | CVE-2022-28751 | Zoom | Improper Verification of Cryptographic Signature vulnerability in Zoom Meetings The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. | 7.8 |
2022-08-17 | CVE-2022-28752 | Zoom | Unspecified vulnerability in Zoom Rooms Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. | 7.8 |
2022-08-17 | CVE-2022-2862 | VIM Fedoraproject | Use After Free in GitHub repository vim/vim prior to 9.0.0221. | 7.8 |
2022-08-17 | CVE-2022-2849 | VIM Fedoraproject | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. | 7.8 |
2022-08-17 | CVE-2022-2845 | Fedoraproject VIM | Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218. | 7.8 |
2022-08-17 | CVE-2022-30262 | Emerson | Insufficient Verification of Data Authenticity vulnerability in Emerson products The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. | 7.8 |
2022-08-17 | CVE-2022-31262 | GOG | Improper Preservation of Permissions vulnerability in GOG Galaxy 2.0.46/2.0.51 An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. | 7.8 |
2022-08-17 | CVE-2022-37459 | Amperecomputing | Information Exposure Through Discrepancy vulnerability in Amperecomputing Ampere Altra Firmware and Ampere Altra MAX Firmware Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue. | 7.8 |
2022-08-16 | CVE-2020-10728 | Automationbroker | Improper Privilege Management vulnerability in Automationbroker APB A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. | 7.8 |
2022-08-16 | CVE-2022-34998 | Bitbanksoftware | Classic Buffer Overflow vulnerability in Bitbanksoftware Jpegdec 1.2.7 JPEGDEC commit be4843c was discovered to contain a global buffer overflow via JPEGDecodeMCU at /src/jpeg.inl. | 7.8 |
2022-08-16 | CVE-2022-35003 | Bitbanksoftware | Classic Buffer Overflow vulnerability in Bitbanksoftware Jpegdec 1.2.7 JPEGDEC commit be4843c was discovered to contain a global buffer overflow via ucDitherBuffer at /src/jpeg.inl. | 7.8 |
2022-08-16 | CVE-2022-36139 | Swfmill | Out-of-bounds Write vulnerability in Swfmill SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Writer::writeByte(unsigned char). | 7.8 |
2022-08-16 | CVE-2022-36142 | Swfmill | Out-of-bounds Write vulnerability in Swfmill SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Reader::getU30(). | 7.8 |
2022-08-16 | CVE-2022-36143 | Swfmill | Out-of-bounds Write vulnerability in Swfmill SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via __interceptor_strlen.part at /sanitizer_common/sanitizer_common_interceptors.inc. | 7.8 |
2022-08-16 | CVE-2022-36144 | Swfmill | Out-of-bounds Write vulnerability in Swfmill SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via base64_encode. | 7.8 |
2022-08-16 | CVE-2022-37781 | Fdkaac Project | Out-of-bounds Write vulnerability in Fdkaac Project Fdkaac 1.0.3 fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __interceptor_memcpy.part.46 at /sanitizer_common/sanitizer_common_interceptors.inc. | 7.8 |
2022-08-16 | CVE-2022-38227 | Xpdf Project | Out-of-bounds Write vulnerability in Xpdf Project Xpdf 3.04 XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp. | 7.8 |
2022-08-16 | CVE-2022-38228 | Xpdf Project | Out-of-bounds Write vulnerability in Xpdf Project Xpdf 3.04 XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. | 7.8 |
2022-08-16 | CVE-2022-38229 | Xpdf Project | Out-of-bounds Write vulnerability in Xpdf Project Xpdf 3.04 XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. | 7.8 |
2022-08-16 | CVE-2022-38231 | Xpdf Project | Out-of-bounds Write vulnerability in Xpdf Project Xpdf 3.04 XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc. | 7.8 |
2022-08-16 | CVE-2022-38236 | Xpdf Project | Classic Buffer Overflow vulnerability in Xpdf Project Xpdf 3.04 XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc. | 7.8 |
2022-08-16 | CVE-2022-38237 | Xpdf Project | Out-of-bounds Write vulnerability in Xpdf Project Xpdf 3.04 XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc. | 7.8 |
2022-08-16 | CVE-2022-38238 | Xpdf Project | Out-of-bounds Write vulnerability in Xpdf Project Xpdf 3.04 XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /xpdf/Stream.cc. | 7.8 |
2022-08-16 | CVE-2022-37393 | Zimbra | Unspecified vulnerability in Zimbra Collaboration Zimbra's sudo configuration permits the zimbra user to execute the zmslapd binary as root with arbitrary parameters. | 7.8 |
2022-08-16 | CVE-2021-30490 | Power Software Download | Incorrect Default Permissions vulnerability in Power-Software-Download Viewpower 1.0421012/1.0421353 upsMonitor in ViewPower (aka ViewPowerHTML) 1.04-21012 through 1.04-21353 has insecure permissions for the service binary that enable an Authenticated User to modify files, allowing for privilege escalation. | 7.8 |
2022-08-15 | CVE-2022-28756 | Zoom | Unspecified vulnerability in Zoom Meetings The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. | 7.8 |
2022-08-15 | CVE-2022-2817 | VIM Fedoraproject | Use After Free in GitHub repository vim/vim prior to 9.0.0213. | 7.8 |
2022-08-15 | CVE-2022-2816 | VIM Fedoraproject | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. | 7.8 |
2022-08-15 | CVE-2022-2819 | VIM Fedoraproject | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. | 7.8 |
2022-08-15 | CVE-2022-38223 | Tats Fedoraproject | Out-of-bounds Write vulnerability in multiple products There is an out-of-bounds write in checkType located in etc.c in w3m 0.5.3. | 7.8 |
2022-08-20 | CVE-2022-38493 | Rhonabwy Project | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Rhonabwy Project Rhonabwy Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. | 7.5 |
2022-08-19 | CVE-2020-27793 | Radare | Off-by-one Error vulnerability in Radare Radare2 An off-by-one overflow flaw was found in radare2 due to mismatched array length in core_java.c. | 7.5 |
2022-08-19 | CVE-2020-27795 | Radare | Use of Uninitialized Resource vulnerability in Radare Radare2 A segmentation fault was discovered in radare2 with adf command. | 7.5 |
2022-08-19 | CVE-2022-2792 | Emerson | Unspecified vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists. | 7.5 |
2022-08-19 | CVE-2022-23460 | Json Project | Uncontrolled Recursion vulnerability in Json++ Project Json++ 1.0.0/1.0.1 Jsonxx or Json++ is a JSON parser, writer and reader written in C++. | 7.5 |
2022-08-19 | CVE-2022-2049 | Octopus | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service via the package upload function. | 7.5 |
2022-08-19 | CVE-2022-2074 | Octopus | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service using the Variable Project Template. | 7.5 |
2022-08-19 | CVE-2022-2075 | Octopus | Unspecified vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to perform a Regex Denial of Service targeting the build information request validation. | 7.5 |
2022-08-18 | CVE-2022-21160 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer restrictions for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2022-08-18 | CVE-2022-21197 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via network access. | 7.5 |
2022-08-18 | CVE-2022-30296 | Intel | Insufficiently Protected Credentials vulnerability in Intel Datacenter Group Event Insufficiently protected credentials in the Intel(R) Datacenter Group Event iOS application, all versions, may allow an unauthenticated user to potentially enable information disclosure via network access. | 7.5 |
2022-08-18 | CVE-2022-37768 | Jpeg | Infinite Loop vulnerability in Jpeg Libjpeg libjpeg commit 281daa9 was discovered to contain an infinite loop via the component Frame::ParseTrailer. | 7.5 |
2022-08-18 | CVE-2022-37422 | Payara | Path Traversal vulnerability in Payara Payara through 5.2022.2 allows directory traversal without authentication. | 7.5 |
2022-08-18 | CVE-2022-37062 | Flir | Missing Authentication for Critical Function vulnerability in Flir AX8 Firmware All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an insecure design vulnerability due to an improper directory access restriction. | 7.5 |
2022-08-18 | CVE-2022-37060 | Flir | Path Traversal vulnerability in Flir AX8 Firmware FLIR AX8 thermal sensor cameras version up to and including 1.46.16 is vulnerable to Directory Traversal due to an improper access restriction. | 7.5 |
2022-08-18 | CVE-2022-35173 | Nginx | Improper Check for Unusual or Exceptional Conditions vulnerability in Nginx NJS 0.7.5 An issue was discovered in Nginx NJS v0.7.5. | 7.5 |
2022-08-18 | CVE-2022-35198 | Contract Management System Project | Improper Authentication vulnerability in Contract Management System Project Contract Managment System 2.0 Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information. | 7.5 |
2022-08-18 | CVE-2021-30070 | Hestiacp | Unspecified vulnerability in Hestiacp An issue was discovered in HestiaCP before v1.3.5. | 7.5 |
2022-08-17 | CVE-2021-26639 | Wisa | Download of Code Without Integrity Check vulnerability in Wisa Smart Wing CMS 1905 This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. | 7.5 |
2022-08-17 | CVE-2022-1069 | Softing | Unspecified vulnerability in Softing products A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | 7.5 |
2022-08-17 | CVE-2022-1748 | Softing | NULL Pointer Dereference vulnerability in Softing products Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability. | 7.5 |
2022-08-17 | CVE-2022-2335 | Softing | Unspecified vulnerability in Softing products A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | 7.5 |
2022-08-17 | CVE-2022-2337 | Softing | Unspecified vulnerability in Softing products A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22. | 7.5 |
2022-08-17 | CVE-2022-2547 | Softing | Unspecified vulnerability in Softing products A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22. | 7.5 |
2022-08-17 | CVE-2022-36186 | Gpac | NULL Pointer Dereference vulnerability in Gpac 2.1 A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). | 7.5 |
2022-08-17 | CVE-2022-38149 | Hashicorp | Information Exposure Through Log Files vulnerability in Hashicorp Consul Template HashiCorp Consul Template up to 0.27.2, 0.28.2, and 0.29.1 may expose the contents of Vault secrets in the error returned by the *template.Template.Execute method, when given a template using Vault secret contents incorrectly. | 7.5 |
2022-08-17 | CVE-2021-45454 | Amperecomputing | Unspecified vulnerability in Amperecomputing Ampere Altra Firmware and Ampere Altra MAX Firmware Ampere Altra before SRP 1.08b and Altra Max? before SRP 2.05 allow information disclosure of power telemetry via HWmon. | 7.5 |
2022-08-17 | CVE-2022-1401 | Device42 | Unspecified vulnerability in Device42 Cmdb Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. | 7.5 |
2022-08-16 | CVE-2021-42052 | Ipesa | Path Traversal vulnerability in Ipesa E-Flow 3.3.6 IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter. | 7.5 |
2022-08-16 | CVE-2020-14322 | Moodle | Allocation of Resources Without Limits or Throttling vulnerability in Moodle In Moodle before 3.9.1, 3.8.4, 3.7.7 and 3.5.13, yui_combo needed to limit the amount of files it can load to help mitigate the risk of denial of service. | 7.5 |
2022-08-16 | CVE-2022-2831 | Blender | Out-of-bounds Write vulnerability in Blender 3.3.0 A flaw was found in Blender 3.3.0. | 7.5 |
2022-08-16 | CVE-2022-2832 | Blender | Unspecified vulnerability in Blender 3.3.0 A flaw was found in Blender 3.3.0. | 7.5 |
2022-08-16 | CVE-2022-2833 | Blender | Infinite Loop vulnerability in Blender 3.3.0 Endless Infinite loop in Blender-thumnailing due to logical bugs. | 7.5 |
2022-08-16 | CVE-2022-38184 | Esri | Unspecified vulnerability in Esri Portal for Arcgis There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs. | 7.5 |
2022-08-16 | CVE-2022-33939 | Yokogawa | Unspecified vulnerability in Yokogawa products CENTUM VP / CS 3000 controller FCS (CP31, CP33, CP345, CP401, and CP451) contains an issue in processing communication packets, which may lead to resource consumption. | 7.5 |
2022-08-16 | CVE-2022-35734 | Hjholdings | Use of Hard-coded Credentials vulnerability in Hjholdings Hulu 3.0.47 'Hulu / ????' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. | 7.5 |
2022-08-16 | CVE-2022-24949 | Eternal Terminal Project | Classic Buffer Overflow vulnerability in Eternal Terminal Project Eternal Terminal A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. | 7.5 |
2022-08-16 | CVE-2022-24950 | Eternal Terminal Project | Race Condition vulnerability in Eternal Terminal Project Eternal Terminal A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. | 7.5 |
2022-08-16 | CVE-2022-38216 | Mapbox | Integer Overflow or Wraparound vulnerability in Mapbox Maps Software Development KIT An integer overflow exists in Mapbox's closed source gl-native library prior to version 10.6.1, which is bundled with multiple Mapbox products including open source libraries. | 7.5 |
2022-08-15 | CVE-2022-38187 | Esri | Unspecified vulnerability in Esri Portal for Arcgis Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs. | 7.5 |
2022-08-15 | CVE-2020-21365 | Wkhtmltopdf Debian | Path Traversal vulnerability in multiple products Directory traversal vulnerability in wkhtmltopdf through 0.12.5 allows remote attackers to read local files and disclose sensitive information via a crafted html file running with the default configurations. | 7.5 |
2022-08-15 | CVE-2020-21641 | Zohocorp | XXE vulnerability in Zohocorp Manageengine Analytics Plus Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file. | 7.5 |
2022-08-15 | CVE-2020-23622 | Cling Project | Server-Side Request Forgery (SSRF) vulnerability in Cling Project Cling An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header | 7.5 |
2022-08-15 | CVE-2022-36524 | Dlink | Improper Authentication vulnerability in Dlink Go-Rt-Ac750 Firmware 101B03/200B02 D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Static Default Credentials via /etc/init0.d/S80telnetd.sh. | 7.5 |
2022-08-15 | CVE-2022-36526 | Dlink | Unspecified vulnerability in Dlink Go-Rt-Ac750 Firmware 101B03/200B02 D-Link GO-RT-AC750 GORTAC750_revA_v101b03 & GO-RT-AC750_revB_FWv200b02 is vulnerable to Authentication Bypass via function phpcgi_main in cgibin. | 7.5 |
2022-08-15 | CVE-2022-33988 | Dproxy Nexgen Project | HTTP Request Smuggling vulnerability in Dproxy-Nexgen Project Dproxy-Nexgen dproxy-nexgen (aka dproxy nexgen) re-uses the DNS transaction id (TXID) value from client queries, which allows attackers (able to send queries to the resolver) to conduct DNS cache-poisoning attacks because the TXID value is known to the attacker. | 7.5 |
2022-08-15 | CVE-2022-33990 | Dproxy Nexgen Project | Unspecified vulnerability in Dproxy-Nexgen Project Dproxy-Nexgen Misinterpretation of special domain name characters in dproxy-nexgen (aka dproxy nexgen) leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form. | 7.5 |
2022-08-15 | CVE-2022-33992 | Domain Name Relay Daemon Project | Unspecified vulnerability in Domain Name Relay Daemon Project Domain Name Relay Daemon 2.20.3 DNRD (aka Domain Name Relay Daemon) 2.20.3 forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. | 7.5 |
2022-08-15 | CVE-2022-2379 | Easy Student Results Project | Unspecified vulnerability in Easy Student Results Project Easy Student Results The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc | 7.5 |
2022-08-15 | CVE-2022-2813 | Guest Management System Project | Unspecified vulnerability in Guest Management System Project Guest Management System A vulnerability, which was classified as problematic, was found in SourceCodester Guest Management System. | 7.5 |
2022-08-15 | CVE-2022-2821 | Namelessmc | Unspecified vulnerability in Namelessmc Nameless Missing Critical Step in Authentication in GitHub repository namelessmc/nameless prior to v2.0.2. | 7.5 |
2022-08-15 | CVE-2022-2822 | Octoprint | Unspecified vulnerability in Octoprint An attacker can freely brute force username and password and can takeover any account. | 7.5 |
2022-08-19 | CVE-2022-2788 | Emerson | Path Traversal vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\..\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. | 7.3 |
2022-08-19 | CVE-2022-36263 | Logitech | Unspecified vulnerability in Logitech Streamlabs Desktop 1.9.0 StreamLabs Desktop Application 1.9.0 is vulnerable to Incorrect Access Control via obs64.exe. | 7.3 |
2022-08-18 | CVE-2022-29549 | Qualys | Improper Validation of Integrity Check Value vulnerability in Qualys Cloud Agent for Linux An issue was discovered in Qualys Cloud Agent 4.8.0-49. | 7.3 |
2022-08-18 | CVE-2022-32579 | Intel | Improper Initialization vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access. | 7.2 |
2022-08-17 | CVE-2022-1373 | Softing | Path Traversal vulnerability in Softing products The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. | 7.2 |
2022-08-17 | CVE-2022-2334 | Softing | Unspecified vulnerability in Softing products The application searches for a library dll that is not found. | 7.2 |
2022-08-17 | CVE-2022-36215 | Dedebiz | Unspecified vulnerability in Dedebiz Dedecmsv6 6.0.0 DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sys_info.php. | 7.2 |
2022-08-17 | CVE-2022-36216 | Dedecms | Code Injection vulnerability in Dedecms DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php. | 7.2 |
2022-08-16 | CVE-2020-1756 | Moodle | Improper Input Validation vulnerability in Moodle In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool. | 7.2 |
2022-08-16 | CVE-2022-34253 | Adobe Magento | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an XML Injection vulnerability in the Widgets Module. | 7.2 |
2022-08-16 | CVE-2022-36293 | Nintendo | Classic Buffer Overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP 001 Firmware Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary code via unspecified vectors. | 7.2 |
2022-08-16 | CVE-2022-36381 | Nintendo | OS Command Injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP 001 Firmware OS command injection vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. | 7.2 |
2022-08-15 | CVE-2022-2354 | WP Dbmanager Project | Incorrect Authorization vulnerability in Wp-Dbmanager Project Wp-Dbmanager The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. | 7.2 |
2022-08-19 | CVE-2020-27792 | Artifex Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. | 7.1 |
2022-08-18 | CVE-2021-23179 | Intel | Out-of-bounds Read vulnerability in Intel products Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow a privileged user to potentially enable information disclosure via local access. | 7.1 |
2022-08-16 | CVE-2022-24951 | Eternal Terminal Project | Race Condition vulnerability in Eternal Terminal Project Eternal Terminal A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future. | 7.0 |
206 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-18 | CVE-2022-28697 | Intel | Unspecified vulnerability in Intel products Improper access control in firmware for Intel(R) AMT and Intel(R) Standard Manageability may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 6.8 |
2022-08-16 | CVE-2022-36307 | Airspan | Insufficiently Protected Credentials vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249 The AirVelocity 1500 prints SNMP credentials on its physically accessible serial port during boot. | 6.8 |
2022-08-18 | CVE-2022-21172 | Intel | Out-of-bounds Write vulnerability in Intel products Out of bounds write for some Intel(R) PROSet/Wireless WiFi products may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 |
2022-08-19 | CVE-2022-36008 | Parity | Unspecified vulnerability in Parity Frontier Frontier is Substrate's Ethereum compatibility layer. | 6.5 |
2022-08-19 | CVE-2022-36031 | Monospace | Unspecified vulnerability in Monospace Directus Directus is a free and open-source data platform for headless content management. | 6.5 |
2022-08-19 | CVE-2022-34621 | Mealie | Authorization Bypass Through User-Controlled Key vulnerability in Mealie 0.5.5/1.0.0 Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR) vulnerability which allows attackers to modify user passwords and other attributes via modification of the user_id parameter. | 6.5 |
2022-08-18 | CVE-2021-23168 | Intel | Out-of-bounds Read vulnerability in Intel products Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 |
2022-08-18 | CVE-2021-44545 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 |
2022-08-18 | CVE-2022-21212 | Intel | Improper Input Validation vulnerability in Intel products Improper input validation for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 |
2022-08-18 | CVE-2022-25228 | Auieo | SQL Injection vulnerability in Auieo Candidats 3.0.0 CandidATS Version 3.0.0 Beta allows an authenticated user to inject SQL queries in '/index.php?m=settings&a=show' via the 'userID' parameter, in '/index.php?m=candidates&a=show' via the 'candidateID', in '/index.php?m=joborders&a=show' via the 'jobOrderID' and '/index.php?m=companies&a=show' via the 'companyID' parameter | 6.5 |
2022-08-18 | CVE-2022-2568 | Redhat | Improper Privilege Management vulnerability in Redhat Ansible Automation Platform 2.0/2.1/2.2 A privilege escalation flaw was found in the Ansible Automation Platform. | 6.5 |
2022-08-18 | CVE-2022-37769 | Jpeg | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jpeg Libjpeg libjpeg commit 281daa9 was discovered to contain a segmentation fault via HuffmanDecoder::Get at huffmandecoder.hpp. | 6.5 |
2022-08-18 | CVE-2022-37770 | Jpeg | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jpeg Libjpeg libjpeg commit 281daa9 was discovered to contain a segmentation fault via LineMerger::GetNextLowpassLine at linemerger.cpp. | 6.5 |
2022-08-18 | CVE-2022-36024 | Pycord Development | Unspecified vulnerability in Pycord Development Pycord 2.0.0 py-cord is a an API wrapper for Discord written in Python. | 6.5 |
2022-08-18 | CVE-2022-32453 | Cybozu | Injection vulnerability in Cybozu Office HTTP header injection vulnerability in Cybozu Office 10.0.0 to 10.8.5 may allow a remote attacker to obtain and/or alter the data of the product via unspecified vectors. | 6.5 |
2022-08-17 | CVE-2022-35148 | Maccms | SQL Injection vulnerability in Maccms 10.0 maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html. | 6.5 |
2022-08-16 | CVE-2022-35007 | Pngdec Project | Out-of-bounds Write vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1 PNGDec commit 8abf6be was discovered to contain a heap buffer overflow via __interceptor_fwrite.part.57 at sanitizer_common_interceptors.inc. | 6.5 |
2022-08-16 | CVE-2022-35008 | Pngdec Project | Out-of-bounds Write vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1 PNGDec commit 8abf6be was discovered to contain a stack overflow via /linux/main.cpp. | 6.5 |
2022-08-16 | CVE-2022-35009 | Pngdec Project | Allocation of Resources Without Limits or Throttling vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1 PNGDec commit 8abf6be was discovered to contain a memory allocation problem via asan_malloc_linux.cpp. | 6.5 |
2022-08-16 | CVE-2022-35010 | Pngdec Project | Out-of-bounds Write vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1 PNGDec commit 8abf6be was discovered to contain a heap buffer overflow via asan_interceptors_memintrinsics.cpp. | 6.5 |
2022-08-16 | CVE-2022-35012 | Pngdec Project | Out-of-bounds Write vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1 PNGDec commit 8abf6be was discovered to contain a heap buffer overflow via SaveBMP at /linux/main.cpp. | 6.5 |
2022-08-16 | CVE-2022-35013 | Pngdec Project | Resource Exhaustion vulnerability in Pngdec Project Pngdec 1.0.0/1.0.1 PNGDec commit 8abf6be was discovered to contain a FPE via SaveBMP at /linux/main.cpp. | 6.5 |
2022-08-16 | CVE-2022-35100 | Swftools | Out-of-bounds Read vulnerability in Swftools SWFTools commit 772e55a2 was discovered to contain a segmentation violation via gfxline_getbbox at /lib/gfxtools.c. | 6.5 |
2022-08-16 | CVE-2022-35433 | Ffjpeg Project | Memory Leak vulnerability in Ffjpeg Project Ffjpeg ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c. | 6.5 |
2022-08-16 | CVE-2022-35447 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b04de. | 6.5 |
2022-08-16 | CVE-2022-35448 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b55af. | 6.5 |
2022-08-16 | CVE-2022-35449 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0466. | 6.5 |
2022-08-16 | CVE-2022-35450 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b84b1. | 6.5 |
2022-08-16 | CVE-2022-35451 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b03b5. | 6.5 |
2022-08-16 | CVE-2022-35452 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0b2c. | 6.5 |
2022-08-16 | CVE-2022-35453 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c08a6. | 6.5 |
2022-08-16 | CVE-2022-35454 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05aa. | 6.5 |
2022-08-16 | CVE-2022-35455 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0d63. | 6.5 |
2022-08-16 | CVE-2022-35456 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x617087. | 6.5 |
2022-08-16 | CVE-2022-35458 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05ce. | 6.5 |
2022-08-16 | CVE-2022-35459 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e412a. | 6.5 |
2022-08-16 | CVE-2022-35460 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x61731f. | 6.5 |
2022-08-16 | CVE-2022-35461 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0a32. | 6.5 |
2022-08-16 | CVE-2022-35462 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0bc3. | 6.5 |
2022-08-16 | CVE-2022-35463 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0478. | 6.5 |
2022-08-16 | CVE-2022-35464 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6171b2. | 6.5 |
2022-08-16 | CVE-2022-35465 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0414. | 6.5 |
2022-08-16 | CVE-2022-35466 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0473. | 6.5 |
2022-08-16 | CVE-2022-35467 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41b8. | 6.5 |
2022-08-16 | CVE-2022-35468 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e420d. | 6.5 |
2022-08-16 | CVE-2022-35469 | Otfcc Project | Improper Check for Unusual or Exceptional Conditions vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a segmentation violation via /x86_64-linux-gnu/libc.so.6+0xbb384. | 6.5 |
2022-08-16 | CVE-2022-35470 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x65fc97. | 6.5 |
2022-08-16 | CVE-2022-35471 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41b0. | 6.5 |
2022-08-16 | CVE-2022-35472 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a global overflow via /release-x64/otfccdump+0x718693. | 6.5 |
2022-08-16 | CVE-2022-35473 | Otfcc Project | Improper Check for Unusual or Exceptional Conditions vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7. | 6.5 |
2022-08-16 | CVE-2022-35474 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b544e. | 6.5 |
2022-08-16 | CVE-2022-35475 | Otfcc Project | Out-of-bounds Write vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41a8. | 6.5 |
2022-08-16 | CVE-2022-35476 | Otfcc Project | Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b. | 6.5 |
2022-08-16 | CVE-2022-35477 | Otfcc Project | Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954. | 6.5 |
2022-08-16 | CVE-2022-35478 | Otfcc Project | Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea. | 6.5 |
2022-08-16 | CVE-2022-35479 | Otfcc Project | Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6. | 6.5 |
2022-08-16 | CVE-2022-35481 | Otfcc Project | Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. | 6.5 |
2022-08-16 | CVE-2022-35482 | Otfcc Project | Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724. | 6.5 |
2022-08-16 | CVE-2022-35483 | Otfcc Project | Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8. | 6.5 |
2022-08-16 | CVE-2022-35484 | Otfcc Project | NULL Pointer Dereference vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f. | 6.5 |
2022-08-16 | CVE-2022-35485 | Otfcc Project | Out-of-bounds Read vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969. | 6.5 |
2022-08-16 | CVE-2022-35486 | Otfcc Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Otfcc Project Otfcc 0.10.4 OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae. | 6.5 |
2022-08-16 | CVE-2021-39087 | IBM | Incorrect Default Permissions vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. | 6.5 |
2022-08-16 | CVE-2022-24952 | Eternal Terminal Project | Improper Input Validation vulnerability in Eternal Terminal Project Eternal Terminal Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC socket. | 6.5 |
2022-08-16 | CVE-2022-36306 | Airspan | Files or Directories Accessible to External Parties vulnerability in Airspan Airvelocity 1500 Firmware 15.18.00.2511/9.3.0.01249 An authenticated attacker can enumerate and download sensitive files, including the eNodeB's web management UI's TLS private key, the web server binary, and the web server configuration file. | 6.5 |
2022-08-15 | CVE-2022-35961 | Openzeppelin | Unspecified vulnerability in Openzeppelin Contracts and Contracts Upgradeable OpenZeppelin Contracts is a library for secure smart contract development. | 6.5 |
2022-08-18 | CVE-2022-34345 | Intel | Improper Input Validation vulnerability in Intel Lapbc510 Firmware and Lapbc710 Firmware Improper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access. | 6.2 |
2022-08-19 | CVE-2022-35554 | Bpcbt | Cross-site Scripting vulnerability in Bpcbt Smartvista 2/2.2.22/3.28.0 Multiple reflected XSS vulnerabilities occur when handling error message of BPC SmartVista version 3.28.0 allowing an attacker to execute javascript code at client side. | 6.1 |
2022-08-19 | CVE-2022-0542 | Chatwoot | Unspecified vulnerability in Chatwoot Cross-site Scripting (XSS) - DOM in GitHub repository chatwoot/chatwoot prior to 2.7.0. | 6.1 |
2022-08-18 | CVE-2022-35212 | Oscommerce | Cross-site Scripting vulnerability in Oscommerce osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the function tep_db_error(). | 6.1 |
2022-08-18 | CVE-2022-35213 | Ecommerce Codeigniter Bootstrap Project | Cross-site Scripting vulnerability in Ecommerce-Codeigniter-Bootstrap Project Ecommerce-Codeigniter-Bootstrap 20200803 Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site scripting (XSS) vulnerability via the function base_url() at /blog/blogpublish.php. | 6.1 |
2022-08-18 | CVE-2022-28715 | Cybozu | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 6.1 |
2022-08-18 | CVE-2022-29487 | Cybozu | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 6.1 |
2022-08-18 | CVE-2022-30604 | Cybozu | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 6.1 |
2022-08-18 | CVE-2022-33151 | Cybozu | Cross-site Scripting vulnerability in Cybozu Office Cross-site scripting vulnerability in the specific parameters of Cybozu Office 10.0.0 to 10.8.5 allows remote attackers to inject an arbitrary script via unspecified vectors. | 6.1 |
2022-08-18 | CVE-2021-30071 | Hestiacp | Cross-site Scripting vulnerability in Hestiacp Control Panel A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 |
2022-08-17 | CVE-2022-35151 | Keking | Cross-site Scripting vulnerability in Keking Kkfileview 4.1.0 kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java. | 6.1 |
2022-08-17 | CVE-2022-35133 | Cherrytree Project | Cross-site Scripting vulnerability in Cherrytree Project Cherrytree 0.99.30 A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node. | 6.1 |
2022-08-16 | CVE-2022-25799 | Cert | Open Redirect vulnerability in Cert Vince 1.48.0/1.49.0 An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.50.0. | 6.1 |
2022-08-16 | CVE-2020-14320 | Moodle | Cross-site Scripting vulnerability in Moodle In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk. | 6.1 |
2022-08-16 | CVE-2022-2843 | Motopress | Unspecified vulnerability in Motopress Timetable and Event Schedule A vulnerability was found in MotoPress Timetable and Event Schedule. | 6.1 |
2022-08-16 | CVE-2022-2844 | Motopress | Unspecified vulnerability in Motopress Timetable and Event Schedule A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. | 6.1 |
2022-08-16 | CVE-2022-36530 | Rageframe | Cross-site Scripting vulnerability in Rageframe 2.6.37 An issue was discovered in rageframe2 2.6.37. | 6.1 |
2022-08-16 | CVE-2022-36311 | Airspan | Cross-site Scripting vulnerability in Airspan Airvelocity 1500 Firmware 9.3.0.01249 Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection leading to XSS in the SNMP community field in the eNodeB's web management UI. | 6.1 |
2022-08-15 | CVE-2022-38358 | Eyeofnetwork | Cross-site Scripting vulnerability in Eyeofnetwork Eyes of Network web 5.3 Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/admin_notifiers/rules.php and /module/report_event/indext.php via the parameters rule_notification, rule_name, and rule_name_old, and at /module/admin_user/add_modify_user.php via the parameters user_name and user_email. | 6.1 |
2022-08-15 | CVE-2022-38186 | Esri | Cross-site Scripting vulnerability in Esri Portal for Arcgis There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | 6.1 |
2022-08-15 | CVE-2022-38188 | Esri | Cross-site Scripting vulnerability in Esri Portal for Arcgis There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. | 6.1 |
2022-08-15 | CVE-2022-38190 | Esri | Cross-site Scripting vulnerability in Esri Portal for Arcgis A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser | 6.1 |
2022-08-15 | CVE-2022-2378 | Easy Student Results Project | Unspecified vulnerability in Easy Student Results Project Easy Student Results The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-08-15 | CVE-2022-2811 | Guest Management System Project | Unspecified vulnerability in Guest Management System Project Guest Management System A vulnerability classified as problematic has been found in SourceCodester Guest Management System. | 6.1 |
2022-08-15 | CVE-2022-2814 | Simple AND Nice Shopping Cart Script Project | Unspecified vulnerability in Simple and Nice Shopping Cart Script Project Simple and Nice Shopping Cart Script A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and classified as problematic. | 6.1 |
2022-08-15 | CVE-2022-2116 | Webacetechs | Unspecified vulnerability in Webacetechs Contact Form DB - Elementor The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting | 6.1 |
2022-08-19 | CVE-2022-2790 | Emerson | Unspecified vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files). | 5.9 |
2022-08-19 | CVE-2022-34624 | Mealie | Insufficient Session Expiration vulnerability in Mealie 0.5.5/1.0.0 Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request. | 5.9 |
2022-08-16 | CVE-2020-14379 | Redhat | XXE vulnerability in Redhat Jboss A-Mq 7 A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure. | 5.6 |
2022-08-19 | CVE-2022-2789 | Emerson | Unspecified vulnerability in Emerson Electric'S Proficy Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulnerable to CWE-345 Insufficient Verification of Data Authenticity, and can display logic that is different than the compiled logic. | 5.5 |
2022-08-19 | CVE-2022-36233 | Tendacn | Out-of-bounds Write vulnerability in Tendacn AC9 Firmware 15.03.2.13 Tenda AC9 V15.03.2.13 is vulnerable to Buffer Overflow via httpd, form_fast_setting_wifi_set. | 5.5 |
2022-08-18 | CVE-2022-30944 | Intel | Insufficiently Protected Credentials vulnerability in Intel products Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access. | 5.5 |
2022-08-18 | CVE-2020-27788 | UPX Project | Out-of-bounds Read vulnerability in UPX Project UPX An out-of-bounds read access vulnerability was discovered in UPX in PackLinuxElf64::canPack() function of p_lx_elf.cpp file. | 5.5 |
2022-08-18 | CVE-2021-26254 | Intel | Out-of-bounds Read vulnerability in Intel products Out of bounds read for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable denial of service via local access. | 5.5 |
2022-08-18 | CVE-2021-26257 | Intel | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2022-08-18 | CVE-2021-26950 | Intel | Out-of-bounds Read vulnerability in Intel products Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2022-08-18 | CVE-2021-44470 | Intel | Incorrect Default Permissions vulnerability in Intel Connect M Incorrect default permissions for the Intel(R) Connect M Android application before version 1.7.4 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-08-18 | CVE-2022-21140 | Intel | Unspecified vulnerability in Intel products Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow a privileged user to potentially enable information disclosure via local access. | 5.5 |
2022-08-18 | CVE-2022-21152 | Intel | Unspecified vulnerability in Intel Edge Insights for Industrial Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-08-18 | CVE-2022-21233 | Intel | Unspecified vulnerability in Intel products Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | 5.5 |
2022-08-18 | CVE-2022-21793 | Vmware | Unspecified vulnerability in VMWare I40En and Ixgben Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access. | 5.5 |
2022-08-18 | CVE-2022-23403 | Intel | Improper Input Validation vulnerability in Intel Data Center Manager Improper input validation in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2022-08-18 | CVE-2022-24378 | Intel | Improper Initialization vulnerability in Intel Data Center Manager Improper initialization in the Intel(R) Data Center Manager software before version 4.1 may allow an authenticated user to potentially enable denial of service via local access. | 5.5 |
2022-08-18 | CVE-2022-26373 | Intel Debian | Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | 5.5 |
2022-08-18 | CVE-2022-27500 | Intel | Incorrect Default Permissions vulnerability in Intel Support Incorrect default permissions for the Intel(R) Support Android application before 21.07.40 may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-08-18 | CVE-2022-29507 | Intel | Insufficiently Protected Credentials vulnerability in Intel Team Blue Insufficiently protected credentials in the Intel(R) Team Blue mobile application in all versions may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 |
2022-08-18 | CVE-2020-27787 | UPX Project | Unspecified vulnerability in UPX Project UPX A Segmentaation fault was found in UPX in invert_pt_dynamic() function in p_lx_elf.cpp. | 5.5 |
2022-08-18 | CVE-2020-27790 | UPX Project | Divide By Zero vulnerability in UPX Project UPX A floating point exception issue was discovered in UPX in PackLinuxElf64::invert_pt_dynamic() function of p_lx_elf.cpp file. | 5.5 |
2022-08-18 | CVE-2022-2874 | VIM | Unspecified vulnerability in VIM NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. | 5.5 |
2022-08-18 | CVE-2022-29550 | Qualys | Information Exposure Through Log Files vulnerability in Qualys Cloud Agent 4.8.049 An issue was discovered in Qualys Cloud Agent 4.8.0-49. | 5.5 |
2022-08-18 | CVE-2022-35165 | Axiosys | Infinite Loop vulnerability in Axiosys Bento4 1.6.0639 An issue in AP4_SgpdAtom::AP4_SgpdAtom() of Bento4-1.6.0-639 allows attackers to cause a Denial of Service (DoS) via a crafted mp4 input. | 5.5 |
2022-08-18 | CVE-2022-35166 | Jpeg | Infinite Loop vulnerability in Jpeg Libjpeg 20220615 libjpeg commit 842c7ba was discovered to contain an infinite loop via the component JPEG::ReadInternal. | 5.5 |
2022-08-17 | CVE-2022-2867 | Libtiff Fedoraproject Debian | libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. | 5.5 |
2022-08-17 | CVE-2022-2868 | Libtiff Fedoraproject Debian | Improper Validation of Specified Quantity in Input vulnerability in multiple products libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop. | 5.5 |
2022-08-17 | CVE-2022-2869 | Libtiff Fedoraproject Debian | libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. | 5.5 |
2022-08-17 | CVE-2022-36191 | Gpac | Out-of-bounds Write vulnerability in Gpac A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. | 5.5 |
2022-08-16 | CVE-2022-34999 | Bitbanksoftware | Incorrect Comparison vulnerability in Bitbanksoftware Jpegdec 1.2.7 JPEGDEC commit be4843c was discovered to contain a FPE via DecodeJPEG at /src/jpeg.inl. | 5.5 |
2022-08-16 | CVE-2022-35000 | Bitbanksoftware | Unspecified vulnerability in Bitbanksoftware Jpegdec 1.2.7 JPEGDEC commit be4843c was discovered to contain a segmentation fault via fseek at /libio/fseek.c. | 5.5 |
2022-08-16 | CVE-2022-35002 | Bitbanksoftware | Unspecified vulnerability in Bitbanksoftware Jpegdec 1.2.7 JPEGDEC commit be4843c was discovered to contain a segmentation fault via TIFFSHORT at /src/jpeg.inl. | 5.5 |
2022-08-16 | CVE-2022-35004 | Bitbanksoftware | Unspecified vulnerability in Bitbanksoftware Jpegdec 1.2.7 JPEGDEC commit be4843c was discovered to contain a FPE via TIFFSHORT at /src/jpeg.inl. | 5.5 |
2022-08-16 | CVE-2022-35101 | Swftools | Out-of-bounds Write vulnerability in Swftools SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memset-vec-unaligned-erms.S. | 5.5 |
2022-08-16 | CVE-2022-35104 | Swftools | Out-of-bounds Write vulnerability in Swftools SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::reset() at /xpdf/Stream.cc. | 5.5 |
2022-08-16 | CVE-2022-35105 | Swftools | Out-of-bounds Write vulnerability in Swftools SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via /bin/png2swf+0x552cea. | 5.5 |
2022-08-16 | CVE-2022-35106 | Swftools | Out-of-bounds Read vulnerability in Swftools SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::computeTableChecksum(unsigned char*, int) at /xpdf/FoFiTrueType.cc. | 5.5 |
2022-08-16 | CVE-2022-35107 | Swftools | Allocation of Resources Without Limits or Throttling vulnerability in Swftools SWFTools commit 772e55a2 was discovered to contain a stack overflow via vfprintf at /stdio-common/vfprintf.c. | 5.5 |
2022-08-16 | CVE-2022-35108 | Swftools | NULL Pointer Dereference vulnerability in Swftools SWFTools commit 772e55a2 was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. | 5.5 |
2022-08-16 | CVE-2022-35109 | Swftools | Out-of-bounds Write vulnerability in Swftools SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c. | 5.5 |
2022-08-16 | CVE-2022-35110 | Swftools | Memory Leak vulnerability in Swftools SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c. | 5.5 |
2022-08-16 | CVE-2022-35111 | Swftools | Allocation of Resources Without Limits or Throttling vulnerability in Swftools SWFTools commit 772e55a2 was discovered to contain a stack overflow via __sanitizer::StackDepotNode::hash(__sanitizer::StackTrace const&) at /sanitizer_common/sanitizer_stackdepot.cpp. | 5.5 |
2022-08-16 | CVE-2022-35113 | Swftools | Out-of-bounds Write vulnerability in Swftools SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via swf_DefineLosslessBitsTagToImage at /modules/swfbits.c. | 5.5 |
2022-08-16 | CVE-2022-35114 | Swftools | Out-of-bounds Read vulnerability in Swftools SWFTools commit 772e55a2 was discovered to contain a segmentation violation via extractFrame at /readers/swf.c. | 5.5 |
2022-08-16 | CVE-2022-35434 | Jpeg Quant Smooth Project | Incorrect Comparison vulnerability in Jpeg Quant Smooth Project Jpeg Quant Smooth jpeg-quantsmooth before commit 8879454 contained a floating point exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c. | 5.5 |
2022-08-16 | CVE-2022-36140 | Swfmill | Improper Check for Unusual or Exceptional Conditions vulnerability in Swfmill SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2::write(SWF::Writer*, SWF::Context*). | 5.5 |
2022-08-16 | CVE-2022-36141 | Swfmill | Improper Check for Unusual or Exceptional Conditions vulnerability in Swfmill SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write(SWF::Writer*, SWF::Context*). | 5.5 |
2022-08-16 | CVE-2022-36145 | Swfmill | Improper Check for Unusual or Exceptional Conditions vulnerability in Swfmill SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::Reader::getWord(). | 5.5 |
2022-08-16 | CVE-2022-36146 | Swfmill | Allocation of Resources Without Limits or Throttling vulnerability in Swfmill SWFMill commit 53d7690 was discovered to contain a memory allocation issue via operator new[](unsigned long) at asan_new_delete.cpp. | 5.5 |
2022-08-16 | CVE-2022-36148 | Fdkaac Project | Incorrect Comparison vulnerability in Fdkaac Project Fdkaac fdkaac commit 53fe239 was discovered to contain a floating point exception (FPE) via wav_open at /src/wav_reader.c. | 5.5 |
2022-08-16 | CVE-2022-36149 | Monostream | Use After Free vulnerability in Monostream Tifig 0.2.2 tifig v0.2.2 was discovered to contain a heap-use-after-free via temInfoEntry(). | 5.5 |
2022-08-16 | CVE-2022-36150 | Monostream | Out-of-bounds Write vulnerability in Monostream Tifig 0.2.2 tifig v0.2.2 was discovered to contain a heap-buffer overflow via __asan_memmove at /asan/asan_interceptors_memintrinsics.cpp. | 5.5 |
2022-08-16 | CVE-2022-36151 | Monostream | NULL Pointer Dereference vulnerability in Monostream Tifig 0.2.2 tifig v0.2.2 was discovered to contain a segmentation violation via getType() at /common/bbox.cpp. | 5.5 |
2022-08-16 | CVE-2022-36152 | Monostream | Memory Leak vulnerability in Monostream Tifig 0.2.2 tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan_new_delete.cpp. | 5.5 |
2022-08-16 | CVE-2022-36153 | Monostream | NULL Pointer Dereference vulnerability in Monostream Tifig 0.2.2 tifig v0.2.2 was discovered to contain a segmentation violation via std::vector<unsigned int, std::allocator<unsigned int> >::size() const at /bits/stl_vector.h. | 5.5 |
2022-08-16 | CVE-2022-36155 | Monostream | Allocation of Resources Without Limits or Throttling vulnerability in Monostream Tifig 0.2.2 tifig v0.2.2 was discovered to contain a resource allocation issue via operator new(unsigned long) at asan_new_delete.cpp. | 5.5 |
2022-08-16 | CVE-2022-37439 | Splunk | Unspecified vulnerability in Splunk and Universal Forwarder In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. | 5.5 |
2022-08-16 | CVE-2022-38230 | Xpdf Project | Incorrect Comparison vulnerability in Xpdf Project Xpdf 3.04 XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc. | 5.5 |
2022-08-16 | CVE-2022-38233 | Xpdf Project | Improper Check for Unusual or Exceptional Conditions vulnerability in Xpdf Project Xpdf 3.04 XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc. | 5.5 |
2022-08-16 | CVE-2022-38234 | Xpdf Project | Improper Check for Unusual or Exceptional Conditions vulnerability in Xpdf Project Xpdf 3.04 XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc. | 5.5 |
2022-08-16 | CVE-2022-38235 | Xpdf Project | Improper Check for Unusual or Exceptional Conditions vulnerability in Xpdf Project Xpdf 3.04 XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. | 5.5 |
2022-08-16 | CVE-2022-38194 | Esri | Missing Encryption of Sensitive Data vulnerability in Esri Portal for Arcgis 10.8.1 In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. | 5.5 |
2022-08-16 | CVE-2022-29959 | Emerson | Insufficiently Protected Credentials vulnerability in Emerson Openbsi 5.9 Emerson OpenBSI through 2022-04-29 mishandles credential storage. | 5.5 |
2022-08-19 | CVE-2022-37254 | Dolphinphp Project | Cross-site Scripting vulnerability in Dolphinphp Project Dolphinphp 1.5.1 DolphinPHP 1.5.1 is vulnerable to Cross Site Scripting (XSS) via Background - > System - > system function - > configuration management. | 5.4 |
2022-08-19 | CVE-2022-1021 | Chatwoot | Cross-site Scripting vulnerability in Chatwoot Insecure Storage of Sensitive Information in GitHub repository chatwoot/chatwoot prior to 2.6.0. | 5.4 |
2022-08-19 | CVE-2022-35910 | Jellyfin | Cross-site Scripting vulnerability in Jellyfin In Jellyfin before 10.8, stored XSS allows theft of an admin access token. | 5.4 |
2022-08-19 | CVE-2020-23466 | Phpgurukul | Cross-site Scripting vulnerability in PHPgurukul Online Marriage Registration System 1.0 Cross Site Scripting (XSS) vulnerability exists in the phpgurukul Online Marriage Registration System 1.0 allows attackers to run arbitrary code via the wzipcode field. | 5.4 |
2022-08-18 | CVE-2021-32862 | Jupyter Debian | Cross-site Scripting vulnerability in multiple products The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. | 5.4 |
2022-08-18 | CVE-2022-35174 | Getkirby | Cross-site Scripting vulnerability in Getkirby Starterkit 3.7.0.2 A stored cross-site scripting (XSS) vulnerability in Kirby's Starterkit v3.7.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Tags field. | 5.4 |
2022-08-18 | CVE-2022-37063 | Flir | Cross-site Scripting vulnerability in Flir AX8 Firmware All FLIR AX8 thermal sensor cameras versions up to and including 1.46.16 are vulnerable to Cross Site Scripting (XSS) due to improper input sanitization. | 5.4 |
2022-08-17 | CVE-2022-2871 | Notrinos | Unspecified vulnerability in Notrinos Notrinoserp Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7. | 5.4 |
2022-08-16 | CVE-2021-39035 | IBM | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to cross-site scripting. | 5.4 |
2022-08-16 | CVE-2022-30575 | Tibco | Cross-site Scripting vulnerability in Tibco Data Science - Workbench and Statistica The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. | 5.4 |
2022-08-16 | CVE-2022-30576 | Tibco | Cross-site Scripting vulnerability in Tibco Data Science - Workbench and Statistica The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. | 5.4 |
2022-08-16 | CVE-2022-38189 | Esri | Cross-site Scripting vulnerability in Esri Portal for Arcgis A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | 5.4 |
2022-08-16 | CVE-2022-38192 | Esri | Cross-site Scripting vulnerability in Esri Portal for Arcgis A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser. | 5.4 |
2022-08-15 | CVE-2022-38191 | Esri | Cross-site Scripting vulnerability in Esri Portal for Arcgis There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application. | 5.4 |
2022-08-15 | CVE-2022-24654 | Intelbras | Cross-site Scripting vulnerability in Intelbras ATA 200 Firmware 74.19.10.21 Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload. | 5.4 |
2022-08-15 | CVE-2022-2824 | Open EMR | Unspecified vulnerability in Open-Emr Openemr Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1. | 5.4 |
2022-08-19 | CVE-2022-1901 | Octopus | Improper Privilege Management vulnerability in Octopus Server In affected versions of Octopus Deploy it is possible to unmask sensitive variables by using variable preview. | 5.3 |
2022-08-18 | CVE-2022-36023 | Hyperledger | Unspecified vulnerability in Hyperledger Fabric Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. | 5.3 |
2022-08-18 | CVE-2022-30693 | Cybozu | Information Exposure vulnerability in Cybozu Office Information disclosure vulnerability in the system configuration of Cybozu Office 10.0.0 to 10.8.5 allows a remote attacker to obtain the data of the product via unspecified vectors. | 5.3 |
2022-08-17 | CVE-2022-2338 | Softing | Unspecified vulnerability in Softing products Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. | 5.3 |
2022-08-17 | CVE-2022-38392 | Unspecified vulnerability in * 5400Rmp OEM Harddrive Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. | 5.3 | |
2022-08-16 | CVE-2020-1755 | Moodle | Insufficient Verification of Data Authenticity vulnerability in Moodle In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks. | 5.3 |
2022-08-16 | CVE-2022-34259 | Adobe Magento | Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. | 5.3 |
2022-08-16 | CVE-2021-39086 | IBM | Information Exposure Through an Error Message vulnerability in IBM Sterling File Gateway IBM Sterling File Gateway 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.3 |
2022-08-16 | CVE-2022-2838 | Eclipse | XXE vulnerability in Eclipse Sphinx In Eclipse Sphinx™ before version 0.13.1, Apache Xerces XML Parser was used without disabling processing of referenced external entities allowing the injection of arbitrary definitions which is able to access local files and expose their contents via HTTP requests. | 5.3 |
2022-08-15 | CVE-2022-33989 | Dproxy Nexgen Project | Insufficient Entropy vulnerability in Dproxy-Nexgen Project Dproxy-Nexgen dproxy-nexgen (aka dproxy nexgen) uses a static UDP source port (selected randomly only at boot time) in upstream queries sent to DNS resolvers. | 5.3 |
2022-08-15 | CVE-2022-33991 | Dproxy Nexgen Project | Authentication Bypass by Spoofing vulnerability in Dproxy-Nexgen Project Dproxy-Nexgen dproxy-nexgen (aka dproxy nexgen) forwards and caches DNS queries with the CD (aka checking disabled) bit set to 1. | 5.3 |
2022-08-15 | CVE-2022-33993 | Domain Name Relay Daemon Project | Unspecified vulnerability in Domain Name Relay Daemon Project Domain Name Relay Daemon 2.20.3 Misinterpretation of special domain name characters in DNRD (aka Domain Name Relay Daemon) 2.20.3 leads to cache poisoning because domain names and their associated IP addresses are cached in their misinterpreted form. | 5.3 |
2022-08-15 | CVE-2022-2535 | Searchwp | Unspecified vulnerability in Searchwp Live Ajax Search The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a live search are limited to published posts only, allowing unauthenticated users to make a crafted query disclosing private/draft/pending post titles along with their permalink | 5.3 |
2022-08-15 | CVE-2022-35948 | Nodejs | Unspecified vulnerability in Nodejs Undici undici is an HTTP/1.1 client, written from scratch for Node.js.`=< [email protected]` users are vulnerable to _CRLF Injection_ on headers when using unsanitized input as request headers, more specifically, inside the `content-type` header. | 5.3 |
2022-08-15 | CVE-2022-35954 | Github | Injection vulnerability in Github Toolkit The GitHub Actions ToolKit provides a set of packages to make creating actions easier. | 5.0 |
2022-08-21 | CVE-2022-2885 | Yetiforce | Unspecified vulnerability in Yetiforce Customer Relationship Management Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | 4.8 |
2022-08-17 | CVE-2022-35117 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Clinic'S Patient Management System 1.0 Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php. | 4.8 |
2022-08-16 | CVE-2022-34156 | Hjholdings | Improper Certificate Validation vulnerability in Hjholdings Hulu 'Hulu / ????' App for iOS versions prior to 3.0.81 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | 4.8 |
2022-08-15 | CVE-2022-2152 | Duplicate Page AND Post Project | Unspecified vulnerability in Duplicate Page and Post Project Duplicate Page and Post The Duplicate Page and Post WordPress plugin before 2.8 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-08-15 | CVE-2022-2384 | Supsystic | Unspecified vulnerability in Supsystic Digital Publications BY Supsystic The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-08-18 | CVE-2021-33126 | Intel | Unspecified vulnerability in Intel products Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2022-08-18 | CVE-2021-33128 | Intel | Unspecified vulnerability in Intel Ethernet Controller E810 Firmware Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2022-08-18 | CVE-2022-21240 | Intel | Out-of-bounds Read vulnerability in Intel products Out of bounds read for some Intel(R) PROSet/Wireless WiFi products may allow a privileged user to potentially enable information disclosure via local access. | 4.4 |
2022-08-18 | CVE-2022-26074 | Intel | Incomplete Cleanup vulnerability in Intel Server Platform Services Firmware Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2022-08-18 | CVE-2022-28709 | Intel | Unspecified vulnerability in Intel Ethernet Controller E810 Firmware Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.1.9 may allow a privileged user to potentially enable denial of service via local access. | 4.4 |
2022-08-16 | CVE-2020-10710 | Theforeman | Insufficiently Protected Credentials vulnerability in Theforeman Foreman A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. | 4.4 |
2022-08-18 | CVE-2022-35204 | Vitejs | Path Traversal vulnerability in Vitejs Vite Vitejs Vite before v2.9.13 was discovered to allow attackers to perform a directory traversal via a crafted URL to the victim's service. | 4.3 |
2022-08-18 | CVE-2022-25986 | Cybozu | Unspecified vulnerability in Cybozu Office Browse restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Scheduler. | 4.3 |
2022-08-18 | CVE-2022-29891 | Cybozu | Unspecified vulnerability in Cybozu Office Browse restriction bypass vulnerability in Custom Ap of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Custom App via unspecified vectors. | 4.3 |
2022-08-18 | CVE-2022-32283 | Cybozu | Unspecified vulnerability in Cybozu Office Browse restriction bypass vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Cabinet via unspecified vectors. | 4.3 |
2022-08-18 | CVE-2022-32544 | Cybozu | Unspecified vulnerability in Cybozu Office Operation restriction bypass vulnerability in Project of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Project via unspecified vectors. | 4.3 |
2022-08-18 | CVE-2022-32583 | Cybozu | Unspecified vulnerability in Cybozu Office Operation restriction bypass vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to alter the data of Scheduler via unspecified vectors. | 4.3 |
2022-08-18 | CVE-2022-33311 | Cybozu | Unspecified vulnerability in Cybozu Office Browse restriction bypass vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.5 allows a remote authenticated attacker to obtain the data of Address Book via unspecified vectors. | 4.3 |
2022-08-16 | CVE-2022-2846 | Dwbooster | Unspecified vulnerability in Dwbooster Calendar Event Multi View The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. | 4.3 |
4 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-16 | CVE-2022-37438 | Splunk | Unspecified vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. | 3.5 |
2022-08-18 | CVE-2021-23188 | Intel | Unspecified vulnerability in Intel products Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi products may allow an authenticated user to potentially enable information disclosure via local access. | 3.3 |
2022-08-15 | CVE-2022-36007 | Venice Project | Unspecified vulnerability in Venice Project Venice Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. | 3.3 |
2022-08-17 | CVE-2020-14394 | Qemu Fedoraproject Redhat | Infinite Loop vulnerability in multiple products An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. | 3.2 |