Weekly Vulnerabilities Reports > August 22 to 28, 2022
Overview
591 new vulnerabilities reported during this period, including 126 critical vulnerabilities and 252 high severity vulnerabilities. This weekly summary report vulnerabilities in 638 products from 216 vendors including H3C, Redhat, Tenda, Fedoraproject, and Totolink. Vulnerabilities are notably categorized as "Out-of-bounds Write", "SQL Injection", "Cross-site Scripting", "OS Command Injection", and "Improper Authentication".
- 406 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 151 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 322 reported vulnerabilities are exploitable by an anonymous user.
- H3C has the most reported vulnerabilities, with 67 reported vulnerabilities.
- H3C has the most reported critical vulnerabilities, with 33 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
126 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-22 | CVE-2022-30547 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 9.9 |
2022-08-28 | CVE-2022-36705 | Ingredients Stock Management System Project | SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_waste.php. | 9.8 |
2022-08-28 | CVE-2022-36706 | Ingredients Stock Management System Project | SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_stockout.php. | 9.8 |
2022-08-28 | CVE-2022-36708 | Library Management System Project | SQL Injection vulnerability in Library Management System Project Library Management System 1.0 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /student/bookdetails.php. | 9.8 |
2022-08-28 | CVE-2022-37055 | Dlink | Classic Buffer Overflow vulnerability in Dlink Go-Rt-Ac750 Firmware Reva1.01B03/Revb2.00B02 D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, | 9.8 |
2022-08-28 | CVE-2022-37056 | Dlink | OS Command Injection vulnerability in Dlink Go-Rt-Ac750 Firmware Reva1.01B03/Revb2.00B02 D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, | 9.8 |
2022-08-28 | CVE-2022-38555 | Linksys | Out-of-bounds Write vulnerability in Linksys E1200 Firmware 1.0.04 Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. | 9.8 |
2022-08-28 | CVE-2022-36755 | Dlink | Improper Authentication vulnerability in Dlink Dir-845L Firmware D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. | 9.8 |
2022-08-28 | CVE-2022-36756 | Dlink | Code Injection vulnerability in Dlink Dir-845L Firmware DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. | 9.8 |
2022-08-28 | CVE-2022-37053 | Trendnet | Code Injection vulnerability in Trendnet Tew733Gr Firmware 1.03B01 TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. | 9.8 |
2022-08-28 | CVE-2022-37057 | Dlink | OS Command Injection vulnerability in Dlink Go-Rt-Ac750 Firmware Reva1.01B03/Revb2.00B02 D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. | 9.8 |
2022-08-28 | CVE-2022-38556 | Trendnet | Improper Authentication vulnerability in Trendnet Tew733Gr Firmware 1.03B01 Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | 9.8 |
2022-08-28 | CVE-2022-38557 | Dlink | Improper Authentication vulnerability in Dlink Dir-845L Firmware D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. | 9.8 |
2022-08-27 | CVE-2022-38792 | Exotel Project | Unspecified vulnerability in Exotel Project Exotel 0.1.6 The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party. | 9.8 |
2022-08-27 | CVE-2022-3013 | Simple Task Managing System Project | Unspecified vulnerability in Simple Task Managing System Project Simple Task Managing System 1.0 A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. | 9.8 |
2022-08-26 | CVE-2022-36543 | Edoc Doctor Appointment System Project | SQL Injection vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1 Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php. | 9.8 |
2022-08-26 | CVE-2022-36544 | Edoc Doctor Appointment System Project | SQL Injection vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1 Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php. | 9.8 |
2022-08-26 | CVE-2022-36545 | Edoc Doctor Appointment System Project | SQL Injection vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1 Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php. | 9.8 |
2022-08-26 | CVE-2022-36678 | Simple Task Scheduling System Project | SQL Injection vulnerability in Simple Task Scheduling System Project Simple Task Scheduling System 1.0 Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | 9.8 |
2022-08-26 | CVE-2022-36679 | Simple Task Scheduling System Project | SQL Injection vulnerability in Simple Task Scheduling System Project Simple Task Scheduling System 1.0 Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user. | 9.8 |
2022-08-26 | CVE-2022-36680 | Simple Task Scheduling System Project | SQL Injection vulnerability in Simple Task Scheduling System Project Simple Task Scheduling System 1.0 Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule. | 9.8 |
2022-08-26 | CVE-2022-36681 | Simple Task Scheduling System Project | SQL Injection vulnerability in Simple Task Scheduling System Project Simple Task Scheduling System 1.0 Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account. | 9.8 |
2022-08-26 | CVE-2022-36682 | Simple Task Scheduling System Project | SQL Injection vulnerability in Simple Task Scheduling System Project Simple Task Scheduling System 1.0 Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student. | 9.8 |
2022-08-26 | CVE-2022-36683 | Simple Task Scheduling System Project | SQL Injection vulnerability in Simple Task Scheduling System Project Simple Task Scheduling System 1.0 Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment. | 9.8 |
2022-08-26 | CVE-2022-37152 | Online Diagnostic LAB Management System Project | SQL Injection vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0 An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client" | 9.8 |
2022-08-25 | CVE-2022-28747 | Gosecure | Unspecified vulnerability in Gosecure Titan Inbox Detection & Response Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution. | 9.8 |
2022-08-25 | CVE-2022-31499 | Nortekcontrol | OS Command Injection vulnerability in Nortekcontrol Emerge E3 Firmware 0.3207E/0.3207P/0.3209C Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. | 9.8 |
2022-08-25 | CVE-2021-43329 | Mumara | SQL Injection vulnerability in Mumara Classic 2.9.3 A SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter. | 9.8 |
2022-08-25 | CVE-2022-36692 | Ingredients Stock Management System Project | SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category. | 9.8 |
2022-08-25 | CVE-2022-36693 | Ingredients Stock Management System Project | SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_item. | 9.8 |
2022-08-25 | CVE-2022-36695 | Ingredients Stock Management System Project | SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockin. | 9.8 |
2022-08-25 | CVE-2022-36696 | Ingredients Stock Management System Project | SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockout. | 9.8 |
2022-08-25 | CVE-2022-36697 | Ingredients Stock Management System Project | SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_waste. | 9.8 |
2022-08-25 | CVE-2022-36715 | Library Management System Project | SQL Injection vulnerability in Library Management System Project Library Management System 1.0 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/search.php. | 9.8 |
2022-08-25 | CVE-2022-36716 | Library Management System Project | SQL Injection vulnerability in Library Management System Project Library Management System 1.0 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/changestock.php. | 9.8 |
2022-08-25 | CVE-2022-36719 | Library Management System Project | SQL Injection vulnerability in Library Management System Project Library Management System 1.0 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the ok parameter at /admin/history.php. | 9.8 |
2022-08-25 | CVE-2022-37158 | Iocoder | Weak Password Requirements vulnerability in Iocoder Ruoyi-Vue-Pro 3.8.3 RuoYi v3.8.3 has a Weak password vulnerability in the management system. | 9.8 |
2022-08-25 | CVE-2022-37159 | Claroline | Unrestricted Upload of File with Dangerous Type vulnerability in Claroline Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload. | 9.8 |
2022-08-25 | CVE-2022-37085 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the AddWlanMacList function. | 9.8 |
2022-08-25 | CVE-2022-37086 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed. | 9.8 |
2022-08-25 | CVE-2022-37087 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetMobileAPInfoById. | 9.8 |
2022-08-25 | CVE-2022-37088 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAP5GWifiById. | 9.8 |
2022-08-25 | CVE-2022-37089 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditMacList. | 9.8 |
2022-08-25 | CVE-2022-37090 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID. | 9.8 |
2022-08-25 | CVE-2022-37091 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditWlanMacList. | 9.8 |
2022-08-25 | CVE-2022-37092 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById. | 9.8 |
2022-08-25 | CVE-2022-37093 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function AddMacList. | 9.8 |
2022-08-25 | CVE-2022-37094 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G. | 9.8 |
2022-08-25 | CVE-2022-37095 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateWanParams. | 9.8 |
2022-08-25 | CVE-2022-37096 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EnableIpv6. | 9.8 |
2022-08-25 | CVE-2022-37097 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPInfoById. | 9.8 |
2022-08-25 | CVE-2022-37098 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateIpv6Params. | 9.8 |
2022-08-25 | CVE-2022-37099 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateSnat. | 9.8 |
2022-08-25 | CVE-2022-37100 | H3C | Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004 H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateMacClone. | 9.8 |
2022-08-25 | CVE-2022-37240 | Altn | Injection vulnerability in Altn Security Gateway for Email Servers 8.5.2 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter. | 9.8 |
2022-08-25 | CVE-2022-37242 | Altn | Injection vulnerability in Altn Security Gateway for Email Servers 8.5.2 MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter. | 9.8 |
2022-08-25 | CVE-2022-37798 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer. | 9.8 |
2022-08-25 | CVE-2022-37799 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement. | 9.8 |
2022-08-25 | CVE-2022-37800 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function fromSetRouteStatic. | 9.8 |
2022-08-25 | CVE-2022-37801 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand. | 9.8 |
2022-08-25 | CVE-2022-37802 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromNatStaticSetting. | 9.8 |
2022-08-25 | CVE-2022-37803 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat. | 9.8 |
2022-08-25 | CVE-2022-37804 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo. | 9.8 |
2022-08-25 | CVE-2022-37805 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHandle. | 9.8 |
2022-08-25 | CVE-2022-37806 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient. | 9.8 |
2022-08-25 | CVE-2022-37807 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function formSetClientState. | 9.8 |
2022-08-25 | CVE-2022-37808 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the function formWifiWpsOOB. | 9.8 |
2022-08-25 | CVE-2022-37809 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the speed_dir parameter in the function formSetSpeedWan. | 9.8 |
2022-08-25 | CVE-2022-37810 | Tenda | OS Command Injection vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac. | 9.8 |
2022-08-25 | CVE-2022-37811 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in the function formSetPPTPServer. | 9.8 |
2022-08-25 | CVE-2022-37812 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the firewallEn parameter in the function formSetFirewallCfg. | 9.8 |
2022-08-25 | CVE-2022-37813 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime. | 9.8 |
2022-08-25 | CVE-2022-37814 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter. | 9.8 |
2022-08-25 | CVE-2022-37815 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex. | 9.8 |
2022-08-25 | CVE-2022-37816 | Tenda | Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23 Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind. | 9.8 |
2022-08-25 | CVE-2022-36511 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function EditApAdvanceInfo. | 9.8 |
2022-08-25 | CVE-2022-36513 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function edditactionlist. | 9.8 |
2022-08-25 | CVE-2022-36514 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function WanModeSetMultiWan. | 9.8 |
2022-08-25 | CVE-2022-36515 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function addactionlist. | 9.8 |
2022-08-25 | CVE-2022-36516 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function ap_version_check. | 9.8 |
2022-08-25 | CVE-2022-36517 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function debug_wlan_advance. | 9.8 |
2022-08-25 | CVE-2022-36518 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function EditWlanMacList. | 9.8 |
2022-08-25 | CVE-2022-36519 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function AddWlanMacList. | 9.8 |
2022-08-25 | CVE-2022-36520 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function DEleteusergroup. | 9.8 |
2022-08-25 | CVE-2022-37066 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateDDNS. | 9.8 |
2022-08-25 | CVE-2022-37067 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanParamsMulti. | 9.8 |
2022-08-25 | CVE-2022-37068 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateMacCloneFinal. | 9.8 |
2022-08-25 | CVE-2022-37069 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateSnat. | 9.8 |
2022-08-25 | CVE-2022-37070 | H3C | OS Command Injection vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | 9.8 |
2022-08-25 | CVE-2022-37071 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateOne2One. | 9.8 |
2022-08-25 | CVE-2022-37072 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanLinkspyMulti. | 9.8 |
2022-08-25 | CVE-2022-37073 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanModeMulti. | 9.8 |
2022-08-25 | CVE-2022-2957 | Simple AND Nice Shopping Cart Script Project | SQL Injection vulnerability in Simple and Nice Shopping Cart Script Project Simple and Nice Shopping Cart Script A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. | 9.8 |
2022-08-25 | CVE-2022-34960 | Mikrotik | Link Following vulnerability in Mikrotik Routeros 7.4 The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. | 9.8 |
2022-08-24 | CVE-2022-32839 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved bounds checks. | 9.8 |
2022-08-24 | CVE-2022-37181 | 72Crm | Unrestricted Upload of File with Dangerous Type vulnerability in 72Crm Wukong CRM 9.0 72crm 9.0 has an Arbitrary file upload vulnerability. | 9.8 |
2022-08-24 | CVE-2021-39815 | Use After Free vulnerability in Google Android The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. | 9.8 | |
2022-08-24 | CVE-2022-20122 | Use After Free vulnerability in Google Android The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. | 9.8 | |
2022-08-24 | CVE-2022-38078 | Sixapart | Code Injection vulnerability in Sixapart Movable Type Movable Type XMLRPC API provided by Six Apart Ltd. | 9.8 |
2022-08-23 | CVE-2022-35115 | Icewarp | SQL Injection vulnerability in Icewarp Webclient DC2 13.0.2.9 IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php. | 9.8 |
2022-08-23 | CVE-2022-35726 | Yotuwp | Improper Authentication vulnerability in Yotuwp Video Gallery Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress. | 9.8 |
2022-08-23 | CVE-2022-37111 | Bluecms Project | SQL Injection vulnerability in Bluecms Project Bluecms 1.6 BlueCMS 1.6 has SQL injection in line 132 of admin/article.php | 9.8 |
2022-08-23 | CVE-2022-37112 | Bluecms Project | SQL Injection vulnerability in Bluecms Project Bluecms 1.6 BlueCMS 1.6 has SQL injection in line 55 of admin/model.php | 9.8 |
2022-08-23 | CVE-2022-37113 | Bluecms Project | SQL Injection vulnerability in Bluecms Project Bluecms 1.6 Bluecms 1.6 has SQL injection in line 132 of admin/area.php | 9.8 |
2022-08-23 | CVE-2022-37223 | Jflyfox | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list. | 9.8 |
2022-08-23 | CVE-2022-37199 | Jflyfox | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list. | 9.8 |
2022-08-23 | CVE-2021-42627 | Dlink | Unspecified vulnerability in Dlink products The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page. | 9.8 |
2022-08-23 | CVE-2022-35733 | Unimo | Missing Authentication for Critical Function vulnerability in Unimo products Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier) allows a remote unauthenticated attacker to execute an arbitrary OS command by sending a specially crafted request to the affected device web interface. | 9.8 |
2022-08-23 | CVE-2021-42232 | TP Link | OS Command Injection vulnerability in Tp-Link Archer A7 Firmware 210519 TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. | 9.8 |
2022-08-23 | CVE-2022-34919 | Zengenti | Improper Authentication vulnerability in Zengenti Contensis The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. | 9.8 |
2022-08-22 | CVE-2022-38667 | Crowcpp | Use After Free vulnerability in Crowcpp Crow HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used. | 9.8 |
2022-08-22 | CVE-2022-2842 | GYM Management System Project | Unspecified vulnerability in GYM Management System Project GYM Management System A vulnerability classified as critical has been found in SourceCodester Gym Management System. | 9.8 |
2022-08-22 | CVE-2022-35150 | Baijiacms Project | Unrestricted Upload of File with Dangerous Type vulnerability in Baijiacms Project Baijiacms 41420170105 Baijicms v4 was discovered to contain an arbitrary file upload vulnerability. | 9.8 |
2022-08-22 | CVE-2022-35583 | Wkhtmltopdf | Server-Side Request Forgery (SSRF) vulnerability in Wkhtmltopdf 0.12.6 wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. | 9.8 |
2022-08-22 | CVE-2020-27836 | Redhat | Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform 4.6 A flaw was found in cluster-ingress-operator. | 9.8 |
2022-08-22 | CVE-2021-3586 | Redhat | Insecure Default Initialization of Resource vulnerability in Redhat Openshift Service Mesh and Servicemesh-Operator A flaw was found in servicemesh-operator. | 9.8 |
2022-08-22 | CVE-2022-34149 | Miniorange | Unspecified vulnerability in Miniorange WP Oauth Server Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. | 9.8 |
2022-08-22 | CVE-2022-34773 | Tabit | Injection vulnerability in Tabit Tabit - HTTP Method manipulation. | 9.8 |
2022-08-22 | CVE-2022-34858 | Miniorange | Unspecified vulnerability in Miniorange Oauth 2.0 Client for SSO Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress. | 9.8 |
2022-08-22 | CVE-2022-37134 | Dlink | Improper Validation of Specified Quantity in Input vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. | 9.8 |
2022-08-22 | CVE-2022-2927 | Notrinos | Unspecified vulnerability in Notrinos Notrinoserp Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7. | 9.8 |
2022-08-22 | CVE-2022-36198 | Phpgurukul | SQL Injection vulnerability in PHPgurukul BUS Pass Management System 1.0 Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php | 9.8 |
2022-08-22 | CVE-2022-26842 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 9.6 |
2022-08-27 | CVE-2019-15167 | Tcpdump | Out-of-bounds Read vulnerability in Tcpdump The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. | 9.1 |
2022-08-23 | CVE-2022-36261 | Taogogo | Path Traversal vulnerability in Taogogo Taocms 3.0.2 An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt | 9.1 |
2022-08-22 | CVE-2022-28712 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 9.0 |
252 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-28 | CVE-2022-36704 | Library Management System Project | SQL Injection vulnerability in Library Management System Project Library Management System 1.0 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php. | 8.8 |
2022-08-27 | CVE-2022-3012 | Fast Food Ordering System Project | Unspecified vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0 A vulnerability was found in oretnom23 Fast Food Ordering System. | 8.8 |
2022-08-26 | CVE-2022-2915 | Sonicwall | Out-of-bounds Write vulnerability in Sonicwall products A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. | 8.8 |
2022-08-26 | CVE-2022-36546 | Edoc Doctor Appointment System Project | Cross-Site Request Forgery (CSRF) vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1 Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. | 8.8 |
2022-08-26 | CVE-2022-36529 | Kensite CMS Project | SQL Injection vulnerability in Kensite CMS Project Kensite CMS 1.0 Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. | 8.8 |
2022-08-26 | CVE-2022-31773 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Datapower Gateway 10.0.2.0 IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 8.8 |
2022-08-26 | CVE-2022-25625 | Broadcom | Unspecified vulnerability in Broadcom Symantec Privileged Access Management A malicious unauthorized PAM user can access the administration configuration data and change the values. | 8.8 |
2022-08-26 | CVE-2021-3020 | Clusterlabs | Improper Privilege Management vulnerability in Clusterlabs Hawk An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. | 8.8 |
2022-08-25 | CVE-2022-36119 | Ssctech | Deserialization of Untrusted Data vulnerability in Ssctech Blue Prism An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. | 8.8 |
2022-08-25 | CVE-2022-36720 | Library Management System Project | SQL Injection vulnerability in Library Management System Project Library Management System 1.0 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/modify1.php. | 8.8 |
2022-08-25 | CVE-2022-36721 | Library Management System Project | SQL Injection vulnerability in Library Management System Project Library Management System 1.0 Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Textbook parameter at /admin/modify.php. | 8.8 |
2022-08-25 | CVE-2022-36698 | Ingredients Stock Management System Project | SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php. | 8.8 |
2022-08-25 | CVE-2022-36699 | Ingredients Stock Management System Project | SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/manage_category.php. | 8.8 |
2022-08-25 | CVE-2022-36700 | Ingredients Stock Management System Project | SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/manage_item.php. | 8.8 |
2022-08-25 | CVE-2022-36701 | Ingredients Stock Management System Project | SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/view_item.php. | 8.8 |
2022-08-25 | CVE-2022-36703 | Ingredients Stock Management System Project | SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0 Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /stocks/manage_stockin.php. | 8.8 |
2022-08-25 | CVE-2021-4112 | Redhat | Unspecified vulnerability in Redhat products A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. | 8.8 |
2022-08-25 | CVE-2022-20824 | Cisco | Out-of-bounds Write vulnerability in Cisco products A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. | 8.8 |
2022-08-25 | CVE-2022-20921 | Cisco | Unspecified vulnerability in Cisco ACI Multi-Site Orchestrator A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. | 8.8 |
2022-08-25 | CVE-2022-2031 | Samba | Improper Authentication vulnerability in Samba A flaw was found in Samba. | 8.8 |
2022-08-25 | CVE-2022-32744 | Samba | Authentication Bypass by Spoofing vulnerability in Samba A flaw was found in Samba. | 8.8 |
2022-08-25 | CVE-2021-25642 | Apache | Unspecified vulnerability in Apache Hadoop ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. | 8.8 |
2022-08-25 | CVE-2022-36804 | Atlassian | Unspecified vulnerability in Atlassian Bitbucket Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. | 8.8 |
2022-08-25 | CVE-2022-32427 | Printerlogic | Path Traversal vulnerability in Printerlogic Windows Client 25.0.0.676 PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. | 8.8 |
2022-08-24 | CVE-2022-32893 | Apple Fedoraproject Debian Webkitgtk Wpewebkit | Out-of-bounds Write vulnerability in multiple products An out-of-bounds write issue was addressed with improved bounds checking. | 8.8 |
2022-08-24 | CVE-2022-37178 | 72Crm | SQL Injection vulnerability in 72Crm Wukong CRM 9.0 An issue was discovered in 72crm 9.0. | 8.8 |
2022-08-24 | CVE-2022-2234 | Myscada | OS Command Injection vulnerability in Myscada Mypro An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system. | 8.8 |
2022-08-24 | CVE-2022-36633 | Goteleport | OS Command Injection vulnerability in Goteleport Teleport Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. | 8.8 |
2022-08-24 | CVE-2022-37333 | Exceedone | SQL Injection vulnerability in Exceedone Exment SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands. | 8.8 |
2022-08-24 | CVE-2022-38132 | Linksys | OS Command Injection vulnerability in Linksys Mr8300 Firmware 1.0 Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. | 8.8 |
2022-08-23 | CVE-2022-1513 | Lenovo | OS Command Injection vulnerability in Lenovo Pcmanager A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website. | 8.8 |
2022-08-23 | CVE-2022-36288 | Wpdownloadmanager | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | 8.8 |
2022-08-23 | CVE-2022-36292 | Wpchill | Unspecified vulnerability in Wpchill Gallery Photoblocks 1.2.6 Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. | 8.8 |
2022-08-23 | CVE-2022-36379 | Yookassa | Cross-Site Request Forgery (CSRF) vulnerability in Yookassa Yukassa for Woocommerce Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | 8.8 |
2022-08-23 | CVE-2022-36389 | Wordplus | Unspecified vulnerability in Wordplus Better Messages Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress. | 8.8 |
2022-08-23 | CVE-2022-36394 | Contest Gallery | Unspecified vulnerability in Contest-Gallery Contest Gallery Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress. | 8.8 |
2022-08-22 | CVE-2022-29468 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. | 8.8 |
2022-08-22 | CVE-2022-30534 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 8.8 |
2022-08-22 | CVE-2022-30605 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 8.8 |
2022-08-22 | CVE-2022-32282 | Wwbn | Improper Authentication vulnerability in Wwbn Avideo 11.6 An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 8.8 |
2022-08-22 | CVE-2022-32572 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 8.8 |
2022-08-22 | CVE-2022-33147 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 8.8 |
2022-08-22 | CVE-2022-33148 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 8.8 |
2022-08-22 | CVE-2022-33149 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 8.8 |
2022-08-22 | CVE-2022-34652 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 8.8 |
2022-08-22 | CVE-2021-3590 | Theforeman Redhat | Cleartext Transmission of Sensitive Information vulnerability in multiple products A flaw was found in Foreman project. | 8.8 |
2022-08-22 | CVE-2022-2557 | Radiustheme | Unspecified vulnerability in Radiustheme Team - Wordpress Team Members Showcase The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector. | 8.8 |
2022-08-22 | CVE-2022-2594 | Advancedcustomfields | Unrestricted Upload of File with Dangerous Type vulnerability in Advancedcustomfields Advanced Custom Fields The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available. | 8.8 |
2022-08-22 | CVE-2022-34347 | Wpdownloadmanager | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | 8.8 |
2022-08-22 | CVE-2022-34772 | Tabit | Weak Password Requirements vulnerability in Tabit Tabit - password enumeration. | 8.8 |
2022-08-22 | CVE-2022-36346 | Maxfoundry | Unspecified vulnerability in Maxfoundry Maxbuttons Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress. | 8.8 |
2022-08-25 | CVE-2022-20823 | Cisco | Out-of-bounds Read vulnerability in Cisco products A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 8.6 |
2022-08-24 | CVE-2022-34838 | ABB | Insufficiently Protected Credentials vulnerability in ABB Zenon Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. | 8.4 |
2022-08-25 | CVE-2022-31269 | Nortekcontrol | Use of Hard-coded Credentials vulnerability in Nortekcontrol Emerge E3 Firmware 0.3207E/0.3207P/0.3209C Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. | 8.2 |
2022-08-25 | CVE-2021-3929 | Qemu Fedoraproject | Use After Free vulnerability in multiple products A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. | 8.2 |
2022-08-24 | CVE-2022-34836 | ABB | Path Traversal vulnerability in ABB Zenon Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. | 8.2 |
2022-08-26 | CVE-2021-3414 | Redhat | Improper Preservation of Permissions vulnerability in Redhat Satellite 6.7 A flaw was found in satellite. | 8.1 |
2022-08-26 | CVE-2021-40285 | Htmly | Path Traversal vulnerability in Htmly 2.8.1 htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php. | 8.1 |
2022-08-26 | CVE-2022-29850 | Lexmark | Exposure of Resource to Wrong Sphere vulnerability in Lexmark products Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots. | 8.1 |
2022-08-26 | CVE-2022-36120 | Ssctech | Unspecified vulnerability in Ssctech Blue Prism Enterprise An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. | 8.1 |
2022-08-25 | CVE-2021-43766 | Odyssey Project | Improper Certificate Validation vulnerability in Odyssey Project Odyssey 1.1 Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | 8.1 |
2022-08-25 | CVE-2022-32745 | Samba | Use of Uninitialized Resource vulnerability in Samba A flaw was found in Samba. | 8.1 |
2022-08-24 | CVE-2021-4125 | Redhat | Deserialization of Untrusted Data vulnerability in Redhat Openshift It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. | 8.1 |
2022-08-25 | CVE-2022-2997 | Snipeitapp | Unspecified vulnerability in Snipeitapp Snipe-It Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10. | 8.0 |
2022-08-22 | CVE-2021-36852 | Thimpress | Unspecified vulnerability in Thimpress WP Hotel Booking Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. | 8.0 |
2022-08-28 | CVE-2022-3016 | VIM Fedoraproject | Use After Free in GitHub repository vim/vim prior to 9.0.0286. | 7.8 |
2022-08-26 | CVE-2021-20260 | Theforeman | Insufficiently Protected Credentials vulnerability in Theforeman Foreman A flaw was found in the Foreman project. | 7.8 |
2022-08-26 | CVE-2022-30984 | Rubrik | Classic Buffer Overflow vulnerability in Rubrik CDM 7.0.1 A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent. | 7.8 |
2022-08-25 | CVE-2020-27796 | UPX Project | Out-of-bounds Read vulnerability in UPX Project UPX 4.0.0 A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | 7.8 |
2022-08-25 | CVE-2020-27799 | UPX Project | Out-of-bounds Read vulnerability in UPX Project UPX 4.0.0 A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file. | 7.8 |
2022-08-25 | CVE-2020-27800 | UPX Project | Out-of-bounds Read vulnerability in UPX Project UPX 4.0.0 A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file. | 7.8 |
2022-08-25 | CVE-2020-27801 | UPX Project | Out-of-bounds Read vulnerability in UPX Project UPX 4.0.0 A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file. | 7.8 |
2022-08-25 | CVE-2022-2982 | VIM Fedoraproject | Use After Free in GitHub repository vim/vim prior to 9.0.0260. | 7.8 |
2022-08-25 | CVE-2022-0135 | Virglrenderer Project Redhat Debian | An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). | 7.8 |
2022-08-25 | CVE-2022-2463 | Rockwellautomation | Unspecified vulnerability in Rockwellautomation Isagraf Workbench 6.0/6.6.9 Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. | 7.8 |
2022-08-25 | CVE-2022-2464 | Rockwellautomation | Unspecified vulnerability in Rockwellautomation Isagraf Workbench 6.0/6.6.9 Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. | 7.8 |
2022-08-25 | CVE-2022-2465 | Rockwellautomation | Unspecified vulnerability in Rockwellautomation Isagraf Workbench 6.0/6.6.9 Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. | 7.8 |
2022-08-25 | CVE-2022-36455 | Totolink | OS Command Injection vulnerability in Totolink A3600R Firmware 4.1.2Cu.5182B20201102 TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | 7.8 |
2022-08-25 | CVE-2022-37077 | Totolink | Out-of-bounds Write vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter. | 7.8 |
2022-08-25 | CVE-2022-37078 | Totolink | Out-of-bounds Write vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg. | 7.8 |
2022-08-25 | CVE-2022-37079 | Totolink | OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | 7.8 |
2022-08-25 | CVE-2022-37080 | Totolink | Out-of-bounds Write vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg. | 7.8 |
2022-08-25 | CVE-2022-37081 | Totolink | OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg. | 7.8 |
2022-08-25 | CVE-2022-37082 | Totolink | OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost. | 7.8 |
2022-08-25 | CVE-2022-37083 | Totolink | OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg. | 7.8 |
2022-08-25 | CVE-2022-37084 | Totolink | Out-of-bounds Write vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function. | 7.8 |
2022-08-25 | CVE-2022-37817 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind. | 7.8 |
2022-08-25 | CVE-2022-37818 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand. | 7.8 |
2022-08-25 | CVE-2022-37819 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime. | 7.8 |
2022-08-25 | CVE-2022-37820 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ddnsEn parameter in the function formSetSysToolDDNS. | 7.8 |
2022-08-25 | CVE-2022-37821 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ProvinceCode parameter in the function formSetProvince. | 7.8 |
2022-08-25 | CVE-2022-37822 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic. | 7.8 |
2022-08-25 | CVE-2022-37823 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetVirtualSer. | 7.8 |
2022-08-25 | CVE-2022-37824 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1 Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. | 7.8 |
2022-08-25 | CVE-2022-36456 | Totolink | OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.532B20210610 TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi. | 7.8 |
2022-08-25 | CVE-2022-36458 | Totolink | OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202 TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | 7.8 |
2022-08-25 | CVE-2022-36459 | Totolink | OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202 TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. | 7.8 |
2022-08-25 | CVE-2022-36460 | Totolink | OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202 TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | 7.8 |
2022-08-25 | CVE-2022-36461 | Totolink | OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202 TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | 7.8 |
2022-08-25 | CVE-2022-36462 | Totolink | Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202 TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg. | 7.8 |
2022-08-25 | CVE-2022-36463 | Totolink | Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202 TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg. | 7.8 |
2022-08-25 | CVE-2022-36464 | Totolink | Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202 TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules. | 7.8 |
2022-08-25 | CVE-2022-36465 | Totolink | Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202 TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the pppoeUser parameter. | 7.8 |
2022-08-25 | CVE-2022-36466 | Totolink | Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202 TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. | 7.8 |
2022-08-25 | CVE-2022-36467 | H3C | Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005 H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function EditMacList.d. | 7.8 |
2022-08-25 | CVE-2022-36468 | H3C | Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005 H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed. | 7.8 |
2022-08-25 | CVE-2022-36469 | H3C | Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005 H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById. | 7.8 |
2022-08-25 | CVE-2022-36470 | H3C | Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005 H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAP5GWifiById. | 7.8 |
2022-08-25 | CVE-2022-36471 | H3C | Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005 H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetMacAccessMode. | 7.8 |
2022-08-25 | CVE-2022-36472 | H3C | Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005 H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetMobileAPInfoById. | 7.8 |
2022-08-25 | CVE-2022-36473 | H3C | Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005 H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G. | 7.8 |
2022-08-25 | CVE-2022-36474 | H3C | Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005 H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function WlanWpsSet. | 7.8 |
2022-08-25 | CVE-2022-36475 | H3C | Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005 H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddMacList. | 7.8 |
2022-08-25 | CVE-2022-36477 | H3C | Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005 H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddWlanMacList. | 7.8 |
2022-08-25 | CVE-2022-36478 | H3C | Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005 H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Edit_BasicSSID. | 7.8 |
2022-08-25 | CVE-2022-36479 | Totolink | OS Command Injection vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost. | 7.8 |
2022-08-25 | CVE-2022-36480 | Totolink | Out-of-bounds Write vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg. | 7.8 |
2022-08-25 | CVE-2022-36481 | Totolink | OS Command Injection vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg. | 7.8 |
2022-08-25 | CVE-2022-36482 | Totolink | Out-of-bounds Write vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg. | 7.8 |
2022-08-25 | CVE-2022-36483 | Totolink | Out-of-bounds Write vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser parameter. | 7.8 |
2022-08-25 | CVE-2022-36484 | Totolink | Out-of-bounds Write vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg. | 7.8 |
2022-08-25 | CVE-2022-36485 | Totolink | OS Command Injection vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg. | 7.8 |
2022-08-25 | CVE-2022-36486 | Totolink | OS Command Injection vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | 7.8 |
2022-08-25 | CVE-2022-36487 | Totolink | OS Command Injection vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg. | 7.8 |
2022-08-25 | CVE-2022-36488 | Totolink | Out-of-bounds Write vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216 TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules. | 7.8 |
2022-08-25 | CVE-2022-36489 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EnableIpv6. | 7.8 |
2022-08-25 | CVE-2022-36490 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditMacList. | 7.8 |
2022-08-25 | CVE-2022-36491 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateIpv6Params. | 7.8 |
2022-08-25 | CVE-2022-36492 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddMacList. | 7.8 |
2022-08-25 | CVE-2022-36493 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById. | 7.8 |
2022-08-25 | CVE-2022-36494 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function edditactionlist. | 7.8 |
2022-08-25 | CVE-2022-36495 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function addactionlist. | 7.8 |
2022-08-25 | CVE-2022-36496 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMobileAPInfoById. | 7.8 |
2022-08-25 | CVE-2022-36497 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G. | 7.8 |
2022-08-25 | CVE-2022-36498 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed. | 7.8 |
2022-08-25 | CVE-2022-36499 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function DEleteusergroup. | 7.8 |
2022-08-25 | CVE-2022-36500 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditWlanMacList. | 7.8 |
2022-08-25 | CVE-2022-36501 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateSnat. | 7.8 |
2022-08-25 | CVE-2022-36502 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateWanParams. | 7.8 |
2022-08-25 | CVE-2022-36503 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateMacClone. | 7.8 |
2022-08-25 | CVE-2022-36504 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID. | 7.8 |
2022-08-25 | CVE-2022-36505 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EDitusergroup. | 7.8 |
2022-08-25 | CVE-2022-36506 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMacAccessMode. | 7.8 |
2022-08-25 | CVE-2022-36507 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddWlanMacList. | 7.8 |
2022-08-25 | CVE-2022-36508 | H3C | Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003 H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPInfoById. | 7.8 |
2022-08-25 | CVE-2022-36509 | H3C | OS Command Injection vulnerability in H3C Gr3200 Firmware Minigr1B0V100R014 H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | 7.8 |
2022-08-25 | CVE-2022-36510 | H3C | OS Command Injection vulnerability in H3C Gr2200 Firmware Minigr1A0V100R014 H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList. | 7.8 |
2022-08-25 | CVE-2022-37074 | H3C | Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switch_debug_info_set. | 7.8 |
2022-08-25 | CVE-2022-37075 | Totolink | Out-of-bounds Write vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg. | 7.8 |
2022-08-25 | CVE-2022-37076 | Totolink | OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022 TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile. | 7.8 |
2022-08-24 | CVE-2022-32810 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 7.8 |
2022-08-24 | CVE-2022-32811 | Apple | Improper Locking vulnerability in Apple mac OS X and Macos A memory corruption vulnerability was addressed with improved locking. | 7.8 |
2022-08-24 | CVE-2022-32812 | Apple | Unspecified vulnerability in Apple mac OS X and Macos The issue was addressed with improved memory handling. | 7.8 |
2022-08-24 | CVE-2022-32813 | Apple | Unspecified vulnerability in Apple products The issue was addressed with improved memory handling. | 7.8 |
2022-08-24 | CVE-2022-32837 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved checks. | 7.8 |
2022-08-24 | CVE-2022-32840 | Apple | Unspecified vulnerability in Apple products This issue was addressed with improved checks. | 7.8 |
2022-08-24 | CVE-2022-32894 | Apple | Out-of-bounds Write vulnerability in Apple products An out-of-bounds write issue was addressed with improved bounds checking. | 7.8 |
2022-08-24 | CVE-2021-3999 | GNU Debian Netapp | A flaw was found in glibc. | 7.8 |
2022-08-24 | CVE-2021-4028 | Linux Suse | A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. | 7.8 |
2022-08-24 | CVE-2021-4037 | Linux Debian | A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. | 7.8 |
2022-08-24 | CVE-2021-4041 | Redhat | Improper Encoding or Escaping of Output vulnerability in Redhat Ansible Runner A flaw was found in ansible-runner. | 7.8 |
2022-08-24 | CVE-2022-2978 | Linux Debian | A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. | 7.8 |
2022-08-23 | CVE-2020-35511 | Libpng Debian | A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file. | 7.8 |
2022-08-23 | CVE-2022-2938 | Linux Redhat Fedoraproject Netapp | A flaw was found in the Linux kernel's implementation of Pressure Stall Information. | 7.8 |
2022-08-23 | CVE-2022-31676 | Vmware Debian Fedoraproject Netapp | Improper Privilege Management vulnerability in multiple products VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. | 7.8 |
2022-08-23 | CVE-2022-2946 | VIM Fedoraproject Debian | Use After Free in GitHub repository vim/vim prior to 9.0.0246. | 7.8 |
2022-08-23 | CVE-2021-23177 | Libarchive Fedoraproject Redhat Debian | An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. | 7.8 |
2022-08-23 | CVE-2021-31566 | Libarchive Fedoraproject Redhat Debian Splunk | An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. | 7.8 |
2022-08-22 | CVE-2022-25942 | Hdfgroup | Unspecified vulnerability in Hdfgroup Hdf5 1.10.4 An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. | 7.8 |
2022-08-22 | CVE-2022-25972 | Hdfgroup | Unspecified vulnerability in Hdfgroup Hdf5 1.10.4 An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. | 7.8 |
2022-08-22 | CVE-2022-26061 | Hdfgroup | Out-of-bounds Write vulnerability in Hdfgroup Hdf5 1.10.4 A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4. | 7.8 |
2022-08-22 | CVE-2022-38171 | Xpdfreader Freedesktop | Integer Overflow or Wraparound vulnerability in multiple products Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). | 7.8 |
2022-08-22 | CVE-2022-2930 | Octoprint | Unspecified vulnerability in Octoprint Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3. | 7.8 |
2022-08-28 | CVE-2022-38562 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. | 7.5 |
2022-08-28 | CVE-2022-38563 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. | 7.5 |
2022-08-28 | CVE-2022-38564 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. | 7.5 |
2022-08-28 | CVE-2022-38565 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. | 7.5 |
2022-08-28 | CVE-2022-38566 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. | 7.5 |
2022-08-28 | CVE-2022-38567 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. | 7.5 |
2022-08-28 | CVE-2022-38568 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. | 7.5 |
2022-08-28 | CVE-2022-38569 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd. | 7.5 |
2022-08-28 | CVE-2022-38570 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. | 7.5 |
2022-08-28 | CVE-2022-38571 | Tenda | Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856) Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem. | 7.5 |
2022-08-27 | CVE-2022-38794 | Zaver Project | Path Traversal vulnerability in Zaver Project Zaver Zaver through 2020-12-15 allows directory traversal via the GET /.. | 7.5 |
2022-08-26 | CVE-2022-36537 | Zkoss | Unspecified vulnerability in Zkoss ZK Framework ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. | 7.5 |
2022-08-26 | CVE-2022-0084 | Redhat | Allocation of Resources Without Limits or Throttling vulnerability in Redhat products A flaw was found in XNIO, specifically in the notifyReadClosed method. | 7.5 |
2022-08-26 | CVE-2022-0217 | Prosody | XML Entity Expansion vulnerability in Prosody It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. | 7.5 |
2022-08-26 | CVE-2021-3632 | Redhat | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak. | 7.5 |
2022-08-26 | CVE-2021-3703 | Redhat | Unspecified vulnerability in Redhat Openshift Serverless 1.0/1.16.0 It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. | 7.5 |
2022-08-26 | CVE-2021-3859 | Redhat Netapp | A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. | 7.5 |
2022-08-26 | CVE-2022-36521 | Cskefu | Missing Authentication for Critical Function vulnerability in Cskefu 7.0.1 Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts. | 7.5 |
2022-08-26 | CVE-2022-37151 | Online Diagnostic LAB Management System Project | Unspecified vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0 There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0. | 7.5 |
2022-08-26 | CVE-2022-35192 | Dlink | Classic Buffer Overflow vulnerability in Dlink Dsl-3782 Firmware 1.01 D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp. | 7.5 |
2022-08-25 | CVE-2021-42521 | VTK | NULL Pointer Dereference vulnerability in VTK There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. | 7.5 |
2022-08-25 | CVE-2021-42522 | Gnome | Memory Leak vulnerability in Gnome Anjuta 2.0.0 There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. | 7.5 |
2022-08-25 | CVE-2021-42523 | Colord Project | Memory Leak vulnerability in Colord Project Colord 1.4.4/1.4.5 There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. | 7.5 |
2022-08-25 | CVE-2022-2255 | Modwsgi Debian | Insufficient Verification of Data Authenticity vulnerability in multiple products A vulnerability was found in mod_wsgi. | 7.5 |
2022-08-25 | CVE-2022-22728 | Apache Fedoraproject Debian | A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. | 7.5 |
2022-08-24 | CVE-2022-32793 | Apple Fedoraproject | Out-of-bounds Write vulnerability in multiple products Multiple out-of-bounds write issues were addressed with improved bounds checking. | 7.5 |
2022-08-24 | CVE-2021-3998 | GNU Netapp | A flaw was found in glibc. | 7.5 |
2022-08-24 | CVE-2021-43309 | Litejs | Unspecified vulnerability in Litejs Uri-Template-Lite An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method | 7.5 |
2022-08-24 | CVE-2021-4213 | Dogtagpki Redhat Debian | Memory Leak vulnerability in multiple products A flaw was found in JSS, where it did not properly free up all memory. | 7.5 |
2022-08-24 | CVE-2021-0891 | Improper Privilege Management vulnerability in Google Android An unprivileged app can trigger PowerVR driver to return an uninitialized heap memory causing information disclosure.Product: AndroidVersions: Android SoCAndroid ID: A-236849490 | 7.5 | |
2022-08-24 | CVE-2021-0946 | Missing Initialization of Resource vulnerability in Google Android The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameInt on the heap, fills the contents of the buffer via PMR_PDumpSymbolicAddr, and then copies the buffer to userspace. | 7.5 | |
2022-08-24 | CVE-2021-0947 | Missing Initialization of Resource vulnerability in Google Android The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt on the heap, fills the contents of the buffer via TLServerDiscoverStreamsKM, and then copies the buffer to userspace. | 7.5 | |
2022-08-24 | CVE-2022-27812 | Stormshield | Unspecified vulnerability in Stormshield Network Security Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS. | 7.5 |
2022-08-24 | CVE-2022-24375 | Node Opcua Project | Resource Exhaustion vulnerability in Node-Opcua Project Node-Opcua The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False. | 7.5 |
2022-08-24 | CVE-2022-25903 | Opcua Project | Out-of-bounds Write vulnerability in Opcua Project Opcua The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed. | 7.5 |
2022-08-23 | CVE-2021-20298 | Openexr Debian | Out-of-bounds Write vulnerability in multiple products A flaw was found in OpenEXR's B44Compressor. | 7.5 |
2022-08-23 | CVE-2021-20304 | Openexr | Unspecified vulnerability in Openexr A flaw was found in OpenEXR's hufDecode functionality. | 7.5 |
2022-08-23 | CVE-2021-3690 | Redhat | Memory Leak vulnerability in Redhat products A flaw was found in Undertow. | 7.5 |
2022-08-23 | CVE-2021-3839 | Dpdk Fedoraproject Redhat | Out-of-bounds Write vulnerability in multiple products A flaw was found in the vhost library in DPDK. | 7.5 |
2022-08-23 | CVE-2021-3905 | Openvswitch Redhat Canonical Fedoraproject | Memory Leak vulnerability in multiple products A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. | 7.5 |
2022-08-23 | CVE-2022-28882 | F Secure | Infinite Loop vulnerability in F-Secure products A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. | 7.5 |
2022-08-23 | CVE-2022-28883 | F Secure | Unspecified vulnerability in F-Secure products A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. | 7.5 |
2022-08-23 | CVE-2022-21208 | Node Opcua Project | Improper Validation of Specified Quantity in Input vulnerability in Node-Opcua Project Node-Opcua The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. | 7.5 |
2022-08-23 | CVE-2022-24298 | Freeopcua Project | Allocation of Resources Without Limits or Throttling vulnerability in Freeopcua Project Freeopcua All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False. | 7.5 |
2022-08-23 | CVE-2022-24381 | Asneg | Allocation of Resources Without Limits or Throttling vulnerability in Asneg OPC UA Stack All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. | 7.5 |
2022-08-23 | CVE-2022-25231 | Node Opcua Project | Allocation of Resources Without Limits or Throttling vulnerability in Node-Opcua Project Node-Opcua The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit. | 7.5 |
2022-08-23 | CVE-2022-25302 | OPC UA Stack Project | Unspecified vulnerability in OPC UA Stack Project OPC UA Stack All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. | 7.5 |
2022-08-23 | CVE-2022-25304 | Asyncua Project Opcua Project | Allocation of Resources Without Limits or Throttling vulnerability in multiple products All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. | 7.5 |
2022-08-23 | CVE-2022-25761 | Open62541 Fedoraproject | Allocation of Resources Without Limits or Throttling vulnerability in multiple products The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. | 7.5 |
2022-08-23 | CVE-2022-25888 | Opcua Project | Allocation of Resources Without Limits or Throttling vulnerability in Opcua Project Opcua The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. | 7.5 |
2022-08-23 | CVE-2022-33916 | Opcfoundation | Unspecified vulnerability in Opcfoundation UA .Net Standard Stack 1.04.368 OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information. | 7.5 |
2022-08-22 | CVE-2022-38668 | Crowcpp | Use of Uninitialized Resource vulnerability in Crowcpp Crow 1.0+4 HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB. | 7.5 |
2022-08-22 | CVE-2022-1930 | Ethereum | Unspecified vulnerability in Ethereum Eth-Account An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method | 7.5 |
2022-08-22 | CVE-2022-32777 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 7.5 |
2022-08-22 | CVE-2022-32778 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 7.5 |
2022-08-22 | CVE-2021-3513 | Redhat | Information Exposure Through an Error Message vulnerability in Redhat Keycloak A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled. | 7.5 |
2022-08-22 | CVE-2022-2362 | Wpdownloadmanager | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions. | 7.5 |
2022-08-22 | CVE-2022-2544 | Wpmanageninja | Unspecified vulnerability in Wpmanageninja Ninja JOB Board 1.0.0/1.2.2/1.3.1 The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes. | 7.5 |
2022-08-22 | CVE-2022-2551 | Snapcreek | Unspecified vulnerability in Snapcreek Duplicator The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating. | 7.5 |
2022-08-22 | CVE-2022-34770 | Tabit | Authorization Bypass Through User-Controlled Key vulnerability in Tabit Tabit - sensitive information disclosure. | 7.5 |
2022-08-22 | CVE-2022-34775 | Tabit | Authorization Bypass Through User-Controlled Key vulnerability in Tabit Tabit - Excessive data exposure. | 7.5 |
2022-08-22 | CVE-2022-34776 | Tabit | Information Exposure vulnerability in Tabit Tabit - giftcard stealth. | 7.5 |
2022-08-22 | CVE-2022-37133 | Dlink | Improper Resource Shutdown or Release vulnerability in Dlink Dir-816 Firmware 1.10Cnb04 D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. | 7.5 |
2022-08-26 | CVE-2021-3563 | Openstack Debian Redhat | Incorrect Authorization vulnerability in multiple products A flaw was found in openstack-keystone. | 7.4 |
2022-08-23 | CVE-2021-28861 | Python Fedoraproject | Open Redirect vulnerability in multiple products Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure. | 7.4 |
2022-08-26 | CVE-2022-36226 | Siteservercms Project | Missing Authorization vulnerability in Siteservercms Project Siteservercms SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. | 7.2 |
2022-08-23 | CVE-2022-36285 | Uploading SVG Webp AND ICO Files Project | Unspecified vulnerability in Uploading Svg, Webp and ICO Files Project Uploading Svg, Webp and ICO Files 1.0.1 Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. | 7.2 |
2022-08-23 | CVE-2022-35203 | Trendnet | Improper Authentication vulnerability in Trendnet Tv-Ip572Pi Firmware 1.0 An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information. | 7.2 |
2022-08-23 | CVE-2022-34486 | Pukiwiki | Path Traversal vulnerability in Pukiwiki Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attacker with an administrative privilege to execute a malicious script via unspecified vectors. | 7.2 |
2022-08-22 | CVE-2021-37289 | Planex | Incorrect Default Permissions vulnerability in Planex Mzk-Dp150N Firmware 1.42/1.43 Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp. | 7.2 |
2022-08-22 | CVE-2022-25811 | Transposh | Unspecified vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection | 7.2 |
2022-08-22 | CVE-2022-25812 | Transposh | Unspecified vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE | 7.2 |
2022-08-22 | CVE-2022-2593 | Deliciousbrains | Unspecified vulnerability in Deliciousbrains Better Search Replace The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks | 7.2 |
2022-08-22 | CVE-2022-33900 | Sandhillsdev | Deserialization of Untrusted Data vulnerability in Sandhillsdev Easy Digital Downloads PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress. | 7.2 |
2022-08-25 | CVE-2022-36115 | Ssctech | Unspecified vulnerability in Ssctech Blue Prism An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. | 7.1 |
2022-08-24 | CVE-2021-4204 | Linux Debian Redhat Netapp | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. | 7.1 |
2022-08-22 | CVE-2021-3481 | QT | Out-of-bounds Read vulnerability in QT A flaw was found in Qt. | 7.1 |
2022-08-26 | CVE-2021-3864 | Linux Debian Redhat | A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. | 7.0 |
2022-08-25 | CVE-2022-2959 | Linux | Improper Locking vulnerability in Linux Kernel A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). | 7.0 |
205 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-23 | CVE-2021-20316 | Samba Debian Redhat | Race Condition vulnerability in multiple products A flaw was found in the way Samba handled file/directory metadata. | 6.8 |
2022-08-23 | CVE-2021-3827 | Redhat | Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. | 6.8 |
2022-08-26 | CVE-2022-34301 | Kidan Redhat Microsoft | A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. | 6.7 |
2022-08-26 | CVE-2022-34302 | Horizondatasys Redhat Microsoft | A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. | 6.7 |
2022-08-26 | CVE-2022-34303 | Eurosoft UK Redhat Microsoft | A flaw was found in Eurosoft bootloaders before 2022-06-01. | 6.7 |
2022-08-26 | CVE-2021-35939 | RPM Redhat | It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. | 6.7 |
2022-08-25 | CVE-2021-35938 | RPM Fedoraproject Redhat | Link Following vulnerability in multiple products A symbolic link issue was found in rpm. | 6.7 |
2022-08-25 | CVE-2022-20865 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 6.7 |
2022-08-25 | CVE-2022-2991 | Linux | Out-of-bounds Write vulnerability in Linux Kernel A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. | 6.7 |
2022-08-24 | CVE-2021-4178 | Redhat | Deserialization of Untrusted Data vulnerability in Redhat products A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. | 6.7 |
2022-08-23 | CVE-2021-3701 | Redhat | Incorrect Default Permissions vulnerability in Redhat Ansible Runner 2.0.0 A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. | 6.6 |
2022-08-28 | CVE-2022-3017 | Froxlor | Unspecified vulnerability in Froxlor Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38. | 6.5 |
2022-08-26 | CVE-2022-36542 | Edoc Doctor Appointment System Project | Unspecified vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1 An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data. | 6.5 |
2022-08-26 | CVE-2022-36522 | Mikrotik | Reachable Assertion vulnerability in Mikrotik Routeros Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. | 6.5 |
2022-08-26 | CVE-2021-39394 | MM Wiki Project | Cross-Site Request Forgery (CSRF) vulnerability in Mm-Wiki Project Mm-Wiki 0.2.1 mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information. | 6.5 |
2022-08-25 | CVE-2022-37316 | RSA | Unspecified vulnerability in RSA Archer Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. | 6.5 |
2022-08-25 | CVE-2021-3979 | Redhat Fedoraproject | Improper Authentication vulnerability in multiple products A key length flaw was found in Red Hat Ceph Storage. | 6.5 |
2022-08-25 | CVE-2022-23715 | Elastic | Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. | 6.5 |
2022-08-24 | CVE-2021-4209 | GNU Redhat Netapp | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in GnuTLS. | 6.5 |
2022-08-23 | CVE-2021-3975 | Redhat Canonical Fedoraproject Debian Netapp | A use-after-free flaw was found in libvirt. | 6.5 |
2022-08-23 | CVE-2022-37428 | Powerdns Fedoraproject | Incomplete Cleanup vulnerability in multiple products PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties. | 6.5 |
2022-08-23 | CVE-2022-38663 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins GIT Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding. | 6.5 |
2022-08-23 | CVE-2022-38665 | Jenkins | Insufficiently Protected Credentials vulnerability in Jenkins Collabnet Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 6.5 |
2022-08-23 | CVE-2021-3670 | Samba Redhat Fedoraproject | MaxQueryDuration not honoured in Samba AD DC LDAP | 6.5 |
2022-08-23 | CVE-2022-33142 | Wordplus | Unspecified vulnerability in Wordplus Better Messages Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress. | 6.5 |
2022-08-23 | CVE-2022-34868 | Yookassa | Unspecified vulnerability in Yookassa Yukassa for Woocommerce Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress. | 6.5 |
2022-08-23 | CVE-2020-35992 | Fiserv | Insufficiently Protected Credentials vulnerability in Fiserv Prologue 20201216 Fiserv Prologue through 2020-12-16 does not properly protect the database password. | 6.5 |
2022-08-23 | CVE-2022-35191 | Dlink | Improper Resource Shutdown or Release vulnerability in Dlink Dsl-3782 Firmware 1.01 D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request. | 6.5 |
2022-08-22 | CVE-2022-28710 | Wwbn | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo 11.6 An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 6.5 |
2022-08-22 | CVE-2022-32761 | Wwbn | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo 11.6 An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 6.5 |
2022-08-22 | CVE-2022-32480 | Dell | Insecure Default Initialization of Resource vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. | 6.5 |
2022-08-22 | CVE-2022-25810 | Transposh | Unspecified vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. | 6.5 |
2022-08-22 | CVE-2022-2388 | WOW Company | Unspecified vulnerability in Wow-Company WP Coder The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack | 6.5 |
2022-08-22 | CVE-2022-2392 | Lana | Unspecified vulnerability in Lana Downloads Manager The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher. | 6.5 |
2022-08-22 | CVE-2022-2555 | Yotpo Reviews FOR Woocommerce Project | Unspecified vulnerability in Yotpo Reviews for Woocommerce Project Yotpo Reviews for Woocommerce 2.0.4 The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack. | 6.5 |
2022-08-25 | CVE-2021-35937 | RPM Redhat Fedoraproject | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products A race condition vulnerability was found in rpm. | 6.4 |
2022-08-24 | CVE-2022-36945 | Mazda | Authentication Bypass by Capture-replay vulnerability in Mazda Firmware 2020 The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. | 6.4 |
2022-08-24 | CVE-2022-37305 | Honda | Authentication Bypass by Capture-replay vulnerability in Honda Firmware The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. | 6.4 |
2022-08-24 | CVE-2022-37418 | Nissan KIA Hyundai | Authentication Bypass by Capture-replay vulnerability in multiple products The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. | 6.4 |
2022-08-23 | CVE-2021-3702 | Redhat | Race Condition vulnerability in Redhat Ansible Runner 2.0.0 A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. | 6.3 |
2022-08-27 | CVE-2022-3014 | Simple Task Managing System Project | Unspecified vulnerability in Simple Task Managing System Project Simple Task Managing System 1.0 A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. | 6.1 |
2022-08-27 | CVE-2022-3015 | Fast Food Ordering System Project | Unspecified vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0 A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. | 6.1 |
2022-08-26 | CVE-2022-36547 | Edoc Doctor Appointment System Project | Cross-site Scripting vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1 Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. | 6.1 |
2022-08-26 | CVE-2021-3427 | Deluge Torrent | Unspecified vulnerability in Deluge-Torrent Deluge The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. | 6.1 |
2022-08-26 | CVE-2021-39393 | MM Wiki Project | Cross-site Scripting vulnerability in Mm-Wiki Project Mm-Wiki 0.2.1 mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor. | 6.1 |
2022-08-25 | CVE-2022-31798 | Nortekcontrol | Session Fixation vulnerability in Nortekcontrol Emerge E3 Firmware 0.3207E/0.3207P Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. | 6.1 |
2022-08-25 | CVE-2022-37318 | RSA | Cross-site Scripting vulnerability in RSA Archer Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. | 6.1 |
2022-08-25 | CVE-2021-3914 | Redhat | Cross-site Scripting vulnerability in Redhat products It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. | 6.1 |
2022-08-25 | CVE-2022-37952 | GE | Cross-site Scripting vulnerability in GE Workstationst A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. | 6.1 |
2022-08-25 | CVE-2022-37953 | GE | Unspecified vulnerability in GE Workstationst An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. | 6.1 |
2022-08-25 | CVE-2022-37161 | Claroline | Cross-site Scripting vulnerability in Claroline Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload. | 6.1 |
2022-08-24 | CVE-2022-34837 | ABB | Insufficiently Protected Credentials vulnerability in ABB Zenon Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon. | 6.1 |
2022-08-24 | CVE-2022-37153 | Articatech | Cross-site Scripting vulnerability in Articatech Artica Proxy 4.30.000000 An issue was discovered in Artica Proxy 4.30.000000. | 6.1 |
2022-08-23 | CVE-2022-38172 | Servicenow | Cross-site Scripting vulnerability in Servicenow Sandiego ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard. | 6.1 |
2022-08-23 | CVE-2022-38463 | Servicenow | Cross-site Scripting vulnerability in Servicenow Sandiego ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. | 6.1 |
2022-08-23 | CVE-2022-29476 | 8Degreethemes | Unspecified vulnerability in 8Degreethemes Notification BAR Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress. | 6.1 |
2022-08-23 | CVE-2022-35278 | Apache Netapp | Cross-site Scripting vulnerability in multiple products In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue. | 6.1 |
2022-08-23 | CVE-2022-2956 | Noxen Project | Cross-site Scripting vulnerability in Noxen Project Noxen A vulnerability classified as problematic has been found in ConsoleTVs Noxen. | 6.1 |
2022-08-23 | CVE-2022-27637 | Pukiwiki | Cross-site Scripting vulnerability in Pukiwiki 1.5.1/1.5.2/1.5.3 Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 6.1 |
2022-08-23 | CVE-2019-25075 | Gravitee | Cross-site Scripting vulnerability in Gravitee API Management HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request. | 6.1 |
2022-08-22 | CVE-2022-30690 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 6.1 |
2022-08-22 | CVE-2022-32770 | Wwbn | Cross-site Scripting vulnerability in Wwbn Avideo 11.6 A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 6.1 |
2022-08-22 | CVE-2022-32771 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 6.1 |
2022-08-22 | CVE-2022-32772 | Wwbn | Cross-site Scripting vulnerability in Wwbn Avideo 11.6 A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 6.1 |
2022-08-22 | CVE-2022-28598 | Frappe | Cross-site Scripting vulnerability in Frappe Erpnext 12.29.0 Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users. | 6.1 |
2022-08-22 | CVE-2021-24910 | Transposh | Unspecified vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue | 6.1 |
2022-08-22 | CVE-2021-3639 | Uninett | Unspecified vulnerability in Uninett MOD Auth Mellon A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. | 6.1 |
2022-08-22 | CVE-2022-1932 | Rezgo | Unspecified vulnerability in Rezgo Online Booking The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file | 6.1 |
2022-08-22 | CVE-2022-2383 | Slickremix | Unspecified vulnerability in Slickremix Feed Them Social The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-08-22 | CVE-2022-2532 | Slickremix | Unspecified vulnerability in Slickremix Feed Them Social The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-08-22 | CVE-2022-34857 | Smartypantsplugins | Cross-site Scripting vulnerability in Smartypantsplugins SP Project & Document Manager Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress | 6.1 |
2022-08-22 | CVE-2022-35654 | Pega | Cross-site Scripting vulnerability in Pega Platform 8.6 Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | 6.1 |
2022-08-22 | CVE-2022-35655 | Pega | Cross-site Scripting vulnerability in Pega Platform Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. | 6.1 |
2022-08-22 | CVE-2022-2932 | BDG | Unspecified vulnerability in BDG Mobiledoc KIT Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mobiledoc-kit prior to 0.14.2. | 6.1 |
2022-08-22 | CVE-2022-36251 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Clinic'S Patient Management System 1.0 Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php. | 6.1 |
2022-08-24 | CVE-2021-4158 | Qemu Redhat | A NULL pointer dereference issue was found in the ACPI code of QEMU. | 6.0 |
2022-08-25 | CVE-2021-43767 | Postgresql | Improper Certificate Validation vulnerability in Postgresql Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. | 5.9 |
2022-08-23 | CVE-2021-3714 | Linux Redhat | A flaw was found in the Linux kernels memory deduplication mechanism. | 5.9 |
2022-08-27 | CVE-2022-38791 | Mariadb Fedoraproject | Improper Locking vulnerability in multiple products In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. | 5.5 |
2022-08-26 | CVE-2022-0171 | Linux Redhat Debian | Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products A flaw was found in the Linux kernel. | 5.5 |
2022-08-26 | CVE-2022-0175 | Virglrenderer Project Redhat | A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). | 5.5 |
2022-08-26 | CVE-2021-3585 | Openstack | Cleartext Storage of Sensitive Information vulnerability in Openstack Tripleo Heat Templates A flaw was found in openstack-tripleo-heat-templates. | 5.5 |
2022-08-26 | CVE-2021-3669 | Linux IBM Debian Fedoraproject Redhat | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A flaw was found in the Linux kernel. | 5.5 |
2022-08-26 | CVE-2021-4216 | Artifex | Divide By Zero vulnerability in Artifex Mupdf A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. | 5.5 |
2022-08-26 | CVE-2022-38533 | GNU Fedoraproject | Out-of-bounds Write vulnerability in multiple products In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. | 5.5 |
2022-08-25 | CVE-2020-27797 | UPX Project | Release of Invalid Pointer or Reference vulnerability in UPX Project UPX 4.0.0 An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | 5.5 |
2022-08-25 | CVE-2020-27798 | UPX Project | Release of Invalid Pointer or Reference vulnerability in UPX Project UPX 4.0.0 An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | 5.5 |
2022-08-25 | CVE-2020-27802 | UPX Project | Divide By Zero vulnerability in UPX Project UPX 4.0.0 An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file. | 5.5 |
2022-08-25 | CVE-2021-20224 | Imagemagick | Integer Overflow or Wraparound vulnerability in Imagemagick An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. | 5.5 |
2022-08-25 | CVE-2021-23159 | SOX Project | Unspecified vulnerability in SOX Project SOX 14.4.27 A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. | 5.5 |
2022-08-25 | CVE-2021-23172 | SOX Project | Unspecified vulnerability in SOX Project SOX 14.4.27 A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. | 5.5 |
2022-08-25 | CVE-2021-23210 | SOX Project | Unspecified vulnerability in SOX Project SOX 14.4.27 A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. | 5.5 |
2022-08-25 | CVE-2021-33844 | SOX Project | Unspecified vulnerability in SOX Project SOX 14.4.27 A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. | 5.5 |
2022-08-25 | CVE-2022-2980 | VIM Fedoraproject | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. | 5.5 |
2022-08-25 | CVE-2021-4022 | Rizin | Use After Free vulnerability in Rizin A vulnerability was found in rizin. | 5.5 |
2022-08-25 | CVE-2022-37292 | Tenda | Out-of-bounds Write vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. | 5.5 |
2022-08-24 | CVE-2022-32834 | Apple | Unspecified vulnerability in Apple mac OS X and Macos An access issue was addressed with improvements to the sandbox. | 5.5 |
2022-08-24 | CVE-2022-32838 | Apple | Unspecified vulnerability in Apple products A logic issue was addressed with improved state management. | 5.5 |
2022-08-24 | CVE-2021-4142 | Candlepinproject | Unspecified vulnerability in Candlepinproject Candlepin The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. | 5.5 |
2022-08-24 | CVE-2021-4155 | Linux | Incorrect Calculation of Buffer Size vulnerability in Linux Kernel A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. | 5.5 |
2022-08-24 | CVE-2021-4214 | Libpng Debian Netapp | A heap overflow flaw was found in libpngs' pngimage.c program. | 5.5 |
2022-08-24 | CVE-2021-4218 | Linux | Improper Initialization vulnerability in Linux Kernel A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. | 5.5 |
2022-08-24 | CVE-2022-2569 | Arcinformatique | Unspecified vulnerability in Arcinformatique Pcvue 12.0.26/15/15.2.2 The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users | 5.5 |
2022-08-24 | CVE-2021-0698 | Use of Uninitialized Resource vulnerability in Google Android In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel heap content due to uninitialized data. | 5.5 | |
2022-08-24 | CVE-2021-0887 | Use of Uninitialized Resource vulnerability in Google Android In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. | 5.5 | |
2022-08-24 | CVE-2022-33172 | Bund | Unspecified vulnerability in Bund De.Fac2 1.34 de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC. | 5.5 |
2022-08-23 | CVE-2021-3917 | Redhat | Incorrect Default Permissions vulnerability in Redhat Coreos-Installer A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. | 5.5 |
2022-08-23 | CVE-2021-3995 | Kernel Fedoraproject | A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. | 5.5 |
2022-08-23 | CVE-2021-3996 | Kernel Fedoraproject | A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. | 5.5 |
2022-08-23 | CVE-2021-3997 | Systemd Project Fedoraproject Redhat | Uncontrolled Recursion vulnerability in multiple products A flaw was found in systemd. | 5.5 |
2022-08-23 | CVE-2021-3736 | Linux | Memory Leak vulnerability in Linux Kernel A flaw was found in the Linux kernel. | 5.5 |
2022-08-23 | CVE-2021-3759 | Linux Debian | Allocation of Resources Without Limits or Throttling vulnerability in multiple products A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. | 5.5 |
2022-08-23 | CVE-2021-3764 | Linux | Memory Leak vulnerability in Linux Kernel A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. | 5.5 |
2022-08-23 | CVE-2021-3798 | Opencryptoki Project | Unspecified vulnerability in Opencryptoki Project Opencryptoki A flaw was found in openCryptoki. | 5.5 |
2022-08-23 | CVE-2021-3800 | Gnome Debian Netapp | A flaw was found in glib before version 2.63.6. | 5.5 |
2022-08-22 | CVE-2022-2923 | VIM Fedoraproject | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. | 5.5 |
2022-08-22 | CVE-2022-31238 | Dell | Information Exposure vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. | 5.5 |
2022-08-22 | CVE-2021-3659 | Linux Fedoraproject Redhat | NULL Pointer Dereference vulnerability in multiple products A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection. | 5.5 |
2022-08-22 | CVE-2022-2873 | Linux Fedoraproject Redhat Netapp Debian | Incorrect Calculation of Buffer Size vulnerability in multiple products An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. | 5.5 |
2022-08-26 | CVE-2022-36548 | Edoc Doctor Appointment System Project | Cross-site Scripting vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1 Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. | 5.4 |
2022-08-26 | CVE-2022-0225 | Redhat | Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in Keycloak. | 5.4 |
2022-08-26 | CVE-2022-35714 | IBM | Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.1/7.6.1.2 IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. | 5.4 |
2022-08-26 | CVE-2022-37150 | Online Diagnostic LAB Management System Project | Cross-site Scripting vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0 An issue was discovered in Online Diagnostic Lab Management System 1.0. | 5.4 |
2022-08-25 | CVE-2022-37317 | RSA | Cross-site Scripting vulnerability in RSA Archer Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. | 5.4 |
2022-08-25 | CVE-2022-36527 | Jflyfox | Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0 Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module. | 5.4 |
2022-08-25 | CVE-2022-32746 | Samba | Use After Free vulnerability in Samba A flaw was found in the Samba AD LDAP server. | 5.4 |
2022-08-25 | CVE-2022-37160 | Claroline | Cross-site Scripting vulnerability in Claroline Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. | 5.4 |
2022-08-25 | CVE-2022-37162 | Claroline | Cross-site Scripting vulnerability in Claroline Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). | 5.4 |
2022-08-25 | CVE-2022-37238 | Altn | Cross-site Scripting vulnerability in Altn Security Gateway for Email Servers 8.5.2 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter. | 5.4 |
2022-08-25 | CVE-2022-37239 | Altn | Cross-site Scripting vulnerability in Altn Security Gateway for Email Servers 8.5.2 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint. | 5.4 |
2022-08-25 | CVE-2022-37241 | Altn | Cross-site Scripting vulnerability in Altn Security Gateway for Email Servers 8.5.2 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint. | 5.4 |
2022-08-25 | CVE-2022-37243 | Altn | Cross-site Scripting vulnerability in Altn Security Gateway for Email Servers 8.5.2 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint. | 5.4 |
2022-08-25 | CVE-2022-37244 | Altn | Cross-site Scripting vulnerability in Altn Security Gateway for Email Servers 8.5.2 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. | 5.4 |
2022-08-25 | CVE-2022-37245 | Altn | Cross-site Scripting vulnerability in Altn Security Gateway for Email Servers 8.5.2 MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint. | 5.4 |
2022-08-24 | CVE-2018-14520 | Getkirby | Cross-site Scripting vulnerability in Getkirby Kirby 2.5.12 An issue was discovered in Kirby 2.5.12. | 5.4 |
2022-08-24 | CVE-2022-38080 | Exceedone | Cross-site Scripting vulnerability in Exceedone Exment Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | 5.4 |
2022-08-24 | CVE-2022-38089 | Exceedone | Cross-site Scripting vulnerability in Exceedone Exment Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script. | 5.4 |
2022-08-23 | CVE-2022-38664 | Jenkins | Cross-site Scripting vulnerability in Jenkins JOB Configuration History Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names. | 5.4 |
2022-08-23 | CVE-2020-35509 | Redhat | Improper Certificate Validation vulnerability in Redhat Keycloak 11.0.3/12.0.0 A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. | 5.4 |
2022-08-23 | CVE-2022-34648 | Uploading SVG Webp AND ICO Files Project | Unspecified vulnerability in Uploading Svg, Webp and ICO Files Project Uploading Svg, Webp and ICO Files 1.0.1 Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress. | 5.4 |
2022-08-23 | CVE-2022-34658 | Wpdownloadmanager | Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. | 5.4 |
2022-08-23 | CVE-2022-36282 | Search Exclude Project | Unspecified vulnerability in Search Exclude Project Search Exclude Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress. | 5.4 |
2022-08-23 | CVE-2022-36341 | AS Create Pinterest Pinboard Pages Project | Unspecified vulnerability in AS - Create Pinterest Pinboard Pages Project AS - Create Pinterest Pinboard Pages Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS – Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress. | 5.4 |
2022-08-23 | CVE-2022-36347 | Thealpinepress | Unspecified vulnerability in Thealpinepress Alpine Phototile for Pinterest Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine PhotoTile for Pinterest plugin <= 1.3.1 at WordPress. | 5.4 |
2022-08-23 | CVE-2022-36405 | Amcharts | Cross-site Scripting vulnerability in Amcharts Amcharts: Charts and Maps Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress. | 5.4 |
2022-08-23 | CVE-2022-36350 | Pukiwiki | Cross-site Scripting vulnerability in Pukiwiki Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 5.4 |
2022-08-23 | CVE-2022-2829 | Yetiforce | Unspecified vulnerability in Yetiforce Customer Relationship Management Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | 5.4 |
2022-08-22 | CVE-2021-24911 | Transposh | Unspecified vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. | 5.4 |
2022-08-22 | CVE-2021-24912 | Transposh | Unspecified vulnerability in Transposh Wordpress Translation The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. | 5.4 |
2022-08-22 | CVE-2021-36857 | Wpshopmart | Unspecified vulnerability in Wpshopmart Testimonial Builder Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress. | 5.4 |
2022-08-22 | CVE-2021-3442 | Redhat | Unspecified vulnerability in Redhat Openshift API Management 2.9.1 A flaw was found in the Red Hat OpenShift API Management product. | 5.4 |
2022-08-22 | CVE-2022-2312 | Student Result OR Employee Database Project | Cross-Site Request Forgery (CSRF) vulnerability in Student Result or Employee Database Project Student Result or Employee Database The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. | 5.4 |
2022-08-22 | CVE-2022-2375 | Okapitech | Unspecified vulnerability in Okapitech WP Sticky Button 1.0/1.1/1.2 The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. | 5.4 |
2022-08-22 | CVE-2022-2600 | Auto Hyperlink Urls Project | Unspecified vulnerability in Auto-Hyperlink Urls Project Auto-Hyperlink Urls 5.4.1 The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object. | 5.4 |
2022-08-22 | CVE-2022-2890 | Yetiforce | Unspecified vulnerability in Yetiforce Customer Relationship Management Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | 5.4 |
2022-08-22 | CVE-2022-1340 | Yetiforce | Unspecified vulnerability in Yetiforce Customer Relationship Management Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | 5.4 |
2022-08-26 | CVE-2021-3754 | Redhat | Unspecified vulnerability in Redhat Keycloak and Single Sign-On A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. | 5.3 |
2022-08-26 | CVE-2022-36121 | Ssctech | Unspecified vulnerability in Ssctech Blue Prism Enterprise An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. | 5.3 |
2022-08-25 | CVE-2022-36116 | Ssctech | Unspecified vulnerability in Ssctech Blue Prism An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. | 5.3 |
2022-08-25 | CVE-2022-36118 | Ssctech | Unspecified vulnerability in Ssctech Blue Prism An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. | 5.3 |
2022-08-25 | CVE-2022-23235 | Netapp | Unspecified vulnerability in Netapp Active IQ Unified Manager Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled. | 5.3 |
2022-08-24 | CVE-2021-4040 | Redhat Apache | Out-of-bounds Write vulnerability in multiple products A flaw was found in AMQ Broker. | 5.3 |
2022-08-24 | CVE-2021-4189 | Python Debian Redhat Netapp | Unchecked Return Value vulnerability in multiple products A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. | 5.3 |
2022-08-23 | CVE-2022-35242 | 59Sec | Unspecified vulnerability in 59Sec the Leads Management System: 59Sec Lite 3.4.1 Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress. | 5.3 |
2022-08-23 | CVE-2022-1989 | Codesys | Information Exposure Through Discrepancy vulnerability in Codesys Visualization 4.0.0.0 All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users. | 5.3 |
2022-08-22 | CVE-2022-33932 | Dell | Unspecified vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. | 5.3 |
2022-08-22 | CVE-2022-2552 | Snapcreek | Missing Authorization vulnerability in Snapcreek Duplicator The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. | 5.3 |
2022-08-22 | CVE-2022-2558 | Presstigers | Unspecified vulnerability in Presstigers Simple JOB Board The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations. | 5.3 |
2022-08-22 | CVE-2022-34774 | Tabit | Unspecified vulnerability in Tabit Tabit - Arbitrary account modification. | 5.3 |
2022-08-22 | CVE-2022-32769 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 5.0 |
2022-08-26 | CVE-2021-32570 | Ericsson | Information Exposure Through Log Files vulnerability in Ericsson Network Manager In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. | 4.9 |
2022-08-23 | CVE-2022-35235 | Xplodedthemes | Path Traversal vulnerability in Xplodedthemes Wpide - File Manager & Code Editor Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress. | 4.9 |
2022-08-22 | CVE-2021-29891 | IBM | Unrestricted Upload of File with Dangerous Type vulnerability in IBM products IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. | 4.9 |
2022-08-26 | CVE-2021-3688 | Redhat | Unspecified vulnerability in Redhat Jboss Core Services Httpd 2.4.23/2.4.29/2.4.37 A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). | 4.8 |
2022-08-23 | CVE-2022-2796 | Pimcore | Unspecified vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4. | 4.8 |
2022-08-22 | CVE-2021-36847 | Webba Booking | Unspecified vulnerability in Webba-Booking Webba Booking Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress. | 4.8 |
2022-08-22 | CVE-2022-0446 | Simple Banner Project | Unspecified vulnerability in Simple Banner Project Simple Banner The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-08-22 | CVE-2022-1322 | Rich WEB | Unspecified vulnerability in Rich-Web Coming Soon The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | 4.8 |
2022-08-22 | CVE-2022-2361 | Quadlayers | Unspecified vulnerability in Quadlayers WP Social Chat The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks. | 4.8 |
2022-08-22 | CVE-2022-2407 | Puvox | Cross-site Scripting vulnerability in Puvox WP PHPmyadmin The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-08-26 | CVE-2022-0207 | Ovirt Redhat | A race condition was found in vdsm. | 4.7 |
2022-08-22 | CVE-2021-3521 | RPM | Unspecified vulnerability in RPM There is a flaw in RPM's signature functionality. | 4.7 |
2022-08-22 | CVE-2022-35656 | Pega | Cross-Site Request Forgery (CSRF) vulnerability in Pega Platform Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. | 4.5 |
2022-08-26 | CVE-2022-0168 | Linux Redhat | A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. | 4.4 |
2022-08-26 | CVE-2022-0216 | Qemu Fedoraproject | A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. | 4.4 |
2022-08-26 | CVE-2021-3735 | Qemu Debian | Improper Locking vulnerability in multiple products A deadlock issue was found in the AHCI controller device of QEMU. | 4.4 |
2022-08-24 | CVE-2021-4159 | Linux Redhat Debian | A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. | 4.4 |
2022-08-27 | CVE-2022-2787 | Debian | Improper Preservation of Permissions vulnerability in Debian Linux and Schroot Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. | 4.3 |
2022-08-26 | CVE-2021-3856 | Redhat | Path Traversal vulnerability in Redhat Keycloak ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. | 4.3 |
2022-08-25 | CVE-2022-32742 | Samba | Unspecified vulnerability in Samba A flaw was found in Samba. | 4.3 |
2022-08-25 | CVE-2022-36358 | Seoscout | Unspecified vulnerability in Seoscout SEO Scout Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings. | 4.3 |
2022-08-24 | CVE-2018-14519 | Getkirby | Cross-Site Request Forgery (CSRF) vulnerability in Getkirby Kirby 2.5.12 An issue was discovered in Kirby 2.5.12. | 4.3 |
2022-08-24 | CVE-2022-32857 | Apple | Unspecified vulnerability in Apple products This issue was addressed by using HTTPS when sending information over the network. | 4.3 |
2022-08-24 | CVE-2021-4122 | Cryptsetup Project | Insufficient Verification of Data Authenticity vulnerability in Cryptsetup Project Cryptsetup It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. | 4.3 |
2022-08-23 | CVE-2021-3763 | Redhat | Incorrect Authorization vulnerability in Redhat AMQ Broker 7.8.0/7.8.1/7.8.2 A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. | 4.3 |
2022-08-23 | CVE-2022-2965 | Notrinos | Unspecified vulnerability in Notrinos Notrinoserp Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7. | 4.3 |
2022-08-22 | CVE-2022-1251 | Inkthemes | Cross-Site Request Forgery (CSRF) vulnerability in Inkthemes ASK ME The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request. | 4.3 |
2022-08-22 | CVE-2022-2172 | Linkworth | Unspecified vulnerability in Linkworth The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack. | 4.3 |
2022-08-22 | CVE-2022-2198 | 2Code | Unspecified vulnerability in 2Code Wpqa Builder 5.2 The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced. | 4.3 |
2022-08-22 | CVE-2022-2275 | WP Edit Menu Project | Unspecified vulnerability in WP Edit Menu Project WP Edit Menu The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack | 4.3 |
2022-08-22 | CVE-2022-2276 | WP Edit Menu Project | Missing Authorization vulnerability in WP Edit Menu Project WP Edit Menu The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog | 4.3 |
2022-08-22 | CVE-2022-2377 | Wpwax | Missing Authorization vulnerability in Wpwax Directorist The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog | 4.3 |
2022-08-22 | CVE-2022-2382 | Shapedplugin | Missing Authorization vulnerability in Shapedplugin Product Slider for Woocommerce The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. | 4.3 |
2022-08-22 | CVE-2022-2389 | Funnelkit | Missing Authorization vulnerability in Funnelkit Automations The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations | 4.3 |
2022-08-22 | CVE-2022-32768 | Wwbn | Unspecified vulnerability in Wwbn Avideo 11.6 Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. | 4.2 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-08-22 | CVE-2022-34771 | Tabit | Unspecified vulnerability in Tabit Tabit - arbitrary SMS send on Tabits behalf. | 3.5 |
2022-08-26 | CVE-2021-3574 | Imagemagick Fedoraproject | Memory Leak vulnerability in multiple products A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. | 3.3 |
2022-08-26 | CVE-2021-3644 | Redhat | Unspecified vulnerability in Redhat Descision Manager and Wildfly A flaw was found in wildfly-core in all versions. | 3.3 |
2022-08-24 | CVE-2021-4217 | Unzip Project Fedoraproject Redhat | NULL Pointer Dereference vulnerability in multiple products A flaw was found in unzip. | 3.3 |
2022-08-22 | CVE-2022-31237 | Dell | Improper Preservation of Permissions vulnerability in Dell EMC Powerscale Onefs Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. | 3.3 |
2022-08-25 | CVE-2022-36117 | Ssctech | Unspecified vulnerability in Ssctech Blue Prism An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. | 3.1 |
2022-08-26 | CVE-2022-36168 | Wuzhicms | Path Traversal vulnerability in Wuzhicms 4.1.0 A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. | 2.7 |
2022-08-22 | CVE-2022-2841 | Crowdstrike | Unspecified vulnerability in Crowdstrike Falcon 6.31.14505.0/6.42.15610/6.44.15806 A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806. | 2.7 |