Weekly Vulnerabilities Reports > August 22 to 28, 2022

Overview

591 new vulnerabilities reported during this period, including 126 critical vulnerabilities and 252 high severity vulnerabilities. This weekly summary report vulnerabilities in 638 products from 216 vendors including H3C, Redhat, Tenda, Fedoraproject, and Totolink. Vulnerabilities are notably categorized as "Out-of-bounds Write", "SQL Injection", "Cross-site Scripting", "OS Command Injection", and "Improper Authentication".

  • 406 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 151 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 322 reported vulnerabilities are exploitable by an anonymous user.
  • H3C has the most reported vulnerabilities, with 67 reported vulnerabilities.
  • H3C has the most reported critical vulnerabilities, with 33 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

126 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-22 CVE-2022-30547 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

9.9
2022-08-28 CVE-2022-36705 Ingredients Stock Management System Project SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_waste.php.

9.8
2022-08-28 CVE-2022-36706 Ingredients Stock Management System Project SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_stockout.php.

9.8
2022-08-28 CVE-2022-36708 Library Management System Project SQL Injection vulnerability in Library Management System Project Library Management System 1.0

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /student/bookdetails.php.

9.8
2022-08-28 CVE-2022-37055 Dlink Classic Buffer Overflow vulnerability in Dlink Go-Rt-Ac750 Firmware Reva1.01B03/Revb2.00B02

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,

9.8
2022-08-28 CVE-2022-37056 Dlink OS Command Injection vulnerability in Dlink Go-Rt-Ac750 Firmware Reva1.01B03/Revb2.00B02

D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main,

9.8
2022-08-28 CVE-2022-38555 Linksys Out-of-bounds Write vulnerability in Linksys E1200 Firmware 1.0.04

Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.

9.8
2022-08-28 CVE-2022-36755 Dlink Improper Authentication vulnerability in Dlink Dir-845L Firmware

D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php.

9.8
2022-08-28 CVE-2022-36756 Dlink Code Injection vulnerability in Dlink Dir-845L Firmware

DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php.

9.8
2022-08-28 CVE-2022-37053 Trendnet Code Injection vulnerability in Trendnet Tew733Gr Firmware 1.03B01

TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php.

9.8
2022-08-28 CVE-2022-37057 Dlink OS Command Injection vulnerability in Dlink Go-Rt-Ac750 Firmware Reva1.01B03/Revb2.00B02

D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main.

9.8
2022-08-28 CVE-2022-38556 Trendnet Improper Authentication vulnerability in Trendnet Tew733Gr Firmware 1.03B01

Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.

9.8
2022-08-28 CVE-2022-38557 Dlink Improper Authentication vulnerability in Dlink Dir-845L Firmware

D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.

9.8
2022-08-27 CVE-2022-38792 Exotel Project Unspecified vulnerability in Exotel Project Exotel 0.1.6

The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.

9.8
2022-08-27 CVE-2022-3013 Simple Task Managing System Project Unspecified vulnerability in Simple Task Managing System Project Simple Task Managing System 1.0

A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System.

9.8
2022-08-26 CVE-2022-36543 Edoc Doctor Appointment System Project SQL Injection vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php.

9.8
2022-08-26 CVE-2022-36544 Edoc Doctor Appointment System Project SQL Injection vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php.

9.8
2022-08-26 CVE-2022-36545 Edoc Doctor Appointment System Project SQL Injection vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php.

9.8
2022-08-26 CVE-2022-36678 Simple Task Scheduling System Project SQL Injection vulnerability in Simple Task Scheduling System Project Simple Task Scheduling System 1.0

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.

9.8
2022-08-26 CVE-2022-36679 Simple Task Scheduling System Project SQL Injection vulnerability in Simple Task Scheduling System Project Simple Task Scheduling System 1.0

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.

9.8
2022-08-26 CVE-2022-36680 Simple Task Scheduling System Project SQL Injection vulnerability in Simple Task Scheduling System Project Simple Task Scheduling System 1.0

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.

9.8
2022-08-26 CVE-2022-36681 Simple Task Scheduling System Project SQL Injection vulnerability in Simple Task Scheduling System Project Simple Task Scheduling System 1.0

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account.

9.8
2022-08-26 CVE-2022-36682 Simple Task Scheduling System Project SQL Injection vulnerability in Simple Task Scheduling System Project Simple Task Scheduling System 1.0

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student.

9.8
2022-08-26 CVE-2022-36683 Simple Task Scheduling System Project SQL Injection vulnerability in Simple Task Scheduling System Project Simple Task Scheduling System 1.0

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment.

9.8
2022-08-26 CVE-2022-37152 Online Diagnostic LAB Management System Project SQL Injection vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0

An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client"

9.8
2022-08-25 CVE-2022-28747 Gosecure Unspecified vulnerability in Gosecure Titan Inbox Detection & Response

Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution.

9.8
2022-08-25 CVE-2022-31499 Nortekcontrol OS Command Injection vulnerability in Nortekcontrol Emerge E3 Firmware 0.3207E/0.3207P/0.3209C

Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo.

9.8
2022-08-25 CVE-2021-43329 Mumara SQL Injection vulnerability in Mumara Classic 2.9.3

A SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter.

9.8
2022-08-25 CVE-2022-36692 Ingredients Stock Management System Project SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.

9.8
2022-08-25 CVE-2022-36693 Ingredients Stock Management System Project SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_item.

9.8
2022-08-25 CVE-2022-36695 Ingredients Stock Management System Project SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockin.

9.8
2022-08-25 CVE-2022-36696 Ingredients Stock Management System Project SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockout.

9.8
2022-08-25 CVE-2022-36697 Ingredients Stock Management System Project SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_waste.

9.8
2022-08-25 CVE-2022-36715 Library Management System Project SQL Injection vulnerability in Library Management System Project Library Management System 1.0

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/search.php.

9.8
2022-08-25 CVE-2022-36716 Library Management System Project SQL Injection vulnerability in Library Management System Project Library Management System 1.0

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/changestock.php.

9.8
2022-08-25 CVE-2022-36719 Library Management System Project SQL Injection vulnerability in Library Management System Project Library Management System 1.0

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the ok parameter at /admin/history.php.

9.8
2022-08-25 CVE-2022-37158 Iocoder Weak Password Requirements vulnerability in Iocoder Ruoyi-Vue-Pro 3.8.3

RuoYi v3.8.3 has a Weak password vulnerability in the management system.

9.8
2022-08-25 CVE-2022-37159 Claroline Unrestricted Upload of File with Dangerous Type vulnerability in Claroline

Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload.

9.8
2022-08-25 CVE-2022-37085 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the AddWlanMacList function.

9.8
2022-08-25 CVE-2022-37086 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed.

9.8
2022-08-25 CVE-2022-37087 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetMobileAPInfoById.

9.8
2022-08-25 CVE-2022-37088 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAP5GWifiById.

9.8
2022-08-25 CVE-2022-37089 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditMacList.

9.8
2022-08-25 CVE-2022-37090 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID.

9.8
2022-08-25 CVE-2022-37091 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditWlanMacList.

9.8
2022-08-25 CVE-2022-37092 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById.

9.8
2022-08-25 CVE-2022-37093 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function AddMacList.

9.8
2022-08-25 CVE-2022-37094 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G.

9.8
2022-08-25 CVE-2022-37095 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateWanParams.

9.8
2022-08-25 CVE-2022-37096 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EnableIpv6.

9.8
2022-08-25 CVE-2022-37097 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPInfoById.

9.8
2022-08-25 CVE-2022-37098 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateIpv6Params.

9.8
2022-08-25 CVE-2022-37099 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateSnat.

9.8
2022-08-25 CVE-2022-37100 H3C Out-of-bounds Write vulnerability in H3C H200 Firmware H200V100R004

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateMacClone.

9.8
2022-08-25 CVE-2022-37240 Altn Injection vulnerability in Altn Security Gateway for Email Servers 8.5.2

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter.

9.8
2022-08-25 CVE-2022-37242 Altn Injection vulnerability in Altn Security Gateway for Email Servers 8.5.2

MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter.

9.8
2022-08-25 CVE-2022-37798 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer.

9.8
2022-08-25 CVE-2022-37799 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement.

9.8
2022-08-25 CVE-2022-37800 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function fromSetRouteStatic.

9.8
2022-08-25 CVE-2022-37801 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand.

9.8
2022-08-25 CVE-2022-37802 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromNatStaticSetting.

9.8
2022-08-25 CVE-2022-37803 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat.

9.8
2022-08-25 CVE-2022-37804 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo.

9.8
2022-08-25 CVE-2022-37805 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHandle.

9.8
2022-08-25 CVE-2022-37806 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient.

9.8
2022-08-25 CVE-2022-37807 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function formSetClientState.

9.8
2022-08-25 CVE-2022-37808 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the function formWifiWpsOOB.

9.8
2022-08-25 CVE-2022-37809 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the speed_dir parameter in the function formSetSpeedWan.

9.8
2022-08-25 CVE-2022-37810 Tenda OS Command Injection vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.

9.8
2022-08-25 CVE-2022-37811 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in the function formSetPPTPServer.

9.8
2022-08-25 CVE-2022-37812 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the firewallEn parameter in the function formSetFirewallCfg.

9.8
2022-08-25 CVE-2022-37813 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime.

9.8
2022-08-25 CVE-2022-37814 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter.

9.8
2022-08-25 CVE-2022-37815 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex.

9.8
2022-08-25 CVE-2022-37816 Tenda Out-of-bounds Write vulnerability in Tenda Ac1206 Firmware 15.03.06.23

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind.

9.8
2022-08-25 CVE-2022-36511 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function EditApAdvanceInfo.

9.8
2022-08-25 CVE-2022-36513 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function edditactionlist.

9.8
2022-08-25 CVE-2022-36514 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function WanModeSetMultiWan.

9.8
2022-08-25 CVE-2022-36515 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function addactionlist.

9.8
2022-08-25 CVE-2022-36516 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function ap_version_check.

9.8
2022-08-25 CVE-2022-36517 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function debug_wlan_advance.

9.8
2022-08-25 CVE-2022-36518 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function EditWlanMacList.

9.8
2022-08-25 CVE-2022-36519 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function AddWlanMacList.

9.8
2022-08-25 CVE-2022-36520 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function DEleteusergroup.

9.8
2022-08-25 CVE-2022-37066 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateDDNS.

9.8
2022-08-25 CVE-2022-37067 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanParamsMulti.

9.8
2022-08-25 CVE-2022-37068 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateMacCloneFinal.

9.8
2022-08-25 CVE-2022-37069 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateSnat.

9.8
2022-08-25 CVE-2022-37070 H3C OS Command Injection vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.

9.8
2022-08-25 CVE-2022-37071 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateOne2One.

9.8
2022-08-25 CVE-2022-37072 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanLinkspyMulti.

9.8
2022-08-25 CVE-2022-37073 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanModeMulti.

9.8
2022-08-25 CVE-2022-2957 Simple AND Nice Shopping Cart Script Project SQL Injection vulnerability in Simple and Nice Shopping Cart Script Project Simple and Nice Shopping Cart Script

A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script.

9.8
2022-08-25 CVE-2022-34960 Mikrotik Link Following vulnerability in Mikrotik Routeros 7.4

The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device.

9.8
2022-08-24 CVE-2022-32839 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved bounds checks.

9.8
2022-08-24 CVE-2022-37181 72Crm Unrestricted Upload of File with Dangerous Type vulnerability in 72Crm Wukong CRM 9.0

72crm 9.0 has an Arbitrary file upload vulnerability.

9.8
2022-08-24 CVE-2021-39815 Google Use After Free vulnerability in Google Android

The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls.

9.8
2022-08-24 CVE-2022-20122 Google Use After Free vulnerability in Google Android

The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls.

9.8
2022-08-24 CVE-2022-38078 Sixapart Code Injection vulnerability in Sixapart Movable Type

Movable Type XMLRPC API provided by Six Apart Ltd.

9.8
2022-08-23 CVE-2022-35115 Icewarp SQL Injection vulnerability in Icewarp Webclient DC2 13.0.2.9

IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.

9.8
2022-08-23 CVE-2022-35726 Yotuwp Improper Authentication vulnerability in Yotuwp Video Gallery

Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress.

9.8
2022-08-23 CVE-2022-37111 Bluecms Project SQL Injection vulnerability in Bluecms Project Bluecms 1.6

BlueCMS 1.6 has SQL injection in line 132 of admin/article.php

9.8
2022-08-23 CVE-2022-37112 Bluecms Project SQL Injection vulnerability in Bluecms Project Bluecms 1.6

BlueCMS 1.6 has SQL injection in line 55 of admin/model.php

9.8
2022-08-23 CVE-2022-37113 Bluecms Project SQL Injection vulnerability in Bluecms Project Bluecms 1.6

Bluecms 1.6 has SQL injection in line 132 of admin/area.php

9.8
2022-08-23 CVE-2022-37223 Jflyfox SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.

9.8
2022-08-23 CVE-2022-37199 Jflyfox SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0

JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.

9.8
2022-08-23 CVE-2021-42627 Dlink Unspecified vulnerability in Dlink products

The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.

9.8
2022-08-23 CVE-2022-35733 Unimo Missing Authentication for Critical Function vulnerability in Unimo products

Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier) allows a remote unauthenticated attacker to execute an arbitrary OS command by sending a specially crafted request to the affected device web interface.

9.8
2022-08-23 CVE-2021-42232 TP Link OS Command Injection vulnerability in Tp-Link Archer A7 Firmware 210519

TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp.

9.8
2022-08-23 CVE-2022-34919 Zengenti Improper Authentication vulnerability in Zengenti Contensis

The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated.

9.8
2022-08-22 CVE-2022-38667 Crowcpp Use After Free vulnerability in Crowcpp Crow

HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used.

9.8
2022-08-22 CVE-2022-2842 GYM Management System Project Unspecified vulnerability in GYM Management System Project GYM Management System

A vulnerability classified as critical has been found in SourceCodester Gym Management System.

9.8
2022-08-22 CVE-2022-35150 Baijiacms Project Unrestricted Upload of File with Dangerous Type vulnerability in Baijiacms Project Baijiacms 41420170105

Baijicms v4 was discovered to contain an arbitrary file upload vulnerability.

9.8
2022-08-22 CVE-2022-35583 Wkhtmltopdf Server-Side Request Forgery (SSRF) vulnerability in Wkhtmltopdf 0.12.6

wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source.

9.8
2022-08-22 CVE-2020-27836 Redhat Incorrect Permission Assignment for Critical Resource vulnerability in Redhat Openshift Container Platform 4.6

A flaw was found in cluster-ingress-operator.

9.8
2022-08-22 CVE-2021-3586 Redhat Insecure Default Initialization of Resource vulnerability in Redhat Openshift Service Mesh and Servicemesh-Operator

A flaw was found in servicemesh-operator.

9.8
2022-08-22 CVE-2022-34149 Miniorange Unspecified vulnerability in Miniorange WP Oauth Server

Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress.

9.8
2022-08-22 CVE-2022-34773 Tabit Injection vulnerability in Tabit

Tabit - HTTP Method manipulation.

9.8
2022-08-22 CVE-2022-34858 Miniorange Unspecified vulnerability in Miniorange Oauth 2.0 Client for SSO

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.

9.8
2022-08-22 CVE-2022-37134 Dlink Improper Validation of Specified Quantity in Input vulnerability in Dlink Dir-816 Firmware 1.10Cnb04

D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi.

9.8
2022-08-22 CVE-2022-2927 Notrinos Unspecified vulnerability in Notrinos Notrinoserp

Weak Password Requirements in GitHub repository notrinos/notrinoserp prior to 0.7.

9.8
2022-08-22 CVE-2022-36198 Phpgurukul SQL Injection vulnerability in PHPgurukul BUS Pass Management System 1.0

Multiple SQL injections detected in Bus Pass Management System 1.0 via buspassms/admin/view-enquiry.php, buspassms/admin/pass-bwdates-reports-details.php, buspassms/admin/changeimage.php, buspassms/admin/search-pass.php, buspassms/admin/edit-category-detail.php, and buspassms/admin/edit-pass-detail.php

9.8
2022-08-22 CVE-2022-26842 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

9.6
2022-08-27 CVE-2019-15167 Tcpdump Out-of-bounds Read vulnerability in Tcpdump

The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.

9.1
2022-08-23 CVE-2022-36261 Taogogo Path Traversal vulnerability in Taogogo Taocms 3.0.2

An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt

9.1
2022-08-22 CVE-2022-28712 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

9.0

252 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-28 CVE-2022-36704 Library Management System Project SQL Injection vulnerability in Library Management System Project Library Management System 1.0

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php.

8.8
2022-08-27 CVE-2022-3012 Fast Food Ordering System Project Unspecified vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0

A vulnerability was found in oretnom23 Fast Food Ordering System.

8.8
2022-08-26 CVE-2022-2915 Sonicwall Out-of-bounds Write vulnerability in Sonicwall products

A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution.

8.8
2022-08-26 CVE-2022-36546 Edoc Doctor Appointment System Project Cross-Site Request Forgery (CSRF) vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php.

8.8
2022-08-26 CVE-2022-36529 Kensite CMS Project SQL Injection vulnerability in Kensite CMS Project Kensite CMS 1.0

Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml.

8.8
2022-08-26 CVE-2022-31773 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Datapower Gateway 10.0.2.0

IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

8.8
2022-08-26 CVE-2022-25625 Broadcom Unspecified vulnerability in Broadcom Symantec Privileged Access Management

A malicious unauthorized PAM user can access the administration configuration data and change the values.

8.8
2022-08-26 CVE-2021-3020 Clusterlabs Improper Privilege Management vulnerability in Clusterlabs Hawk

An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15.

8.8
2022-08-25 CVE-2022-36119 Ssctech Deserialization of Untrusted Data vulnerability in Ssctech Blue Prism

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01.

8.8
2022-08-25 CVE-2022-36720 Library Management System Project SQL Injection vulnerability in Library Management System Project Library Management System 1.0

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/modify1.php.

8.8
2022-08-25 CVE-2022-36721 Library Management System Project SQL Injection vulnerability in Library Management System Project Library Management System 1.0

Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Textbook parameter at /admin/modify.php.

8.8
2022-08-25 CVE-2022-36698 Ingredients Stock Management System Project SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.

8.8
2022-08-25 CVE-2022-36699 Ingredients Stock Management System Project SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/manage_category.php.

8.8
2022-08-25 CVE-2022-36700 Ingredients Stock Management System Project SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/manage_item.php.

8.8
2022-08-25 CVE-2022-36701 Ingredients Stock Management System Project SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/view_item.php.

8.8
2022-08-25 CVE-2022-36703 Ingredients Stock Management System Project SQL Injection vulnerability in Ingredients Stock Management System Project Ingredients Stock Management System 1.0

Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /stocks/manage_stockin.php.

8.8
2022-08-25 CVE-2021-4112 Redhat Unspecified vulnerability in Redhat products

A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape.

8.8
2022-08-25 CVE-2022-20824 Cisco Out-of-bounds Write vulnerability in Cisco products

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device.

8.8
2022-08-25 CVE-2022-20921 Cisco Unspecified vulnerability in Cisco ACI Multi-Site Orchestrator

A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device.

8.8
2022-08-25 CVE-2022-2031 Samba Improper Authentication vulnerability in Samba

A flaw was found in Samba.

8.8
2022-08-25 CVE-2022-32744 Samba Authentication Bypass by Spoofing vulnerability in Samba

A flaw was found in Samba.

8.8
2022-08-25 CVE-2021-25642 Apache Unspecified vulnerability in Apache Hadoop

ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation.

8.8
2022-08-25 CVE-2022-36804 Atlassian Unspecified vulnerability in Atlassian Bitbucket

Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request.

8.8
2022-08-25 CVE-2022-32427 Printerlogic Path Traversal vulnerability in Printerlogic Windows Client 25.0.0.676

PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal.

8.8
2022-08-24 CVE-2022-32893 Apple
Fedoraproject
Debian
Webkitgtk
Wpewebkit
Out-of-bounds Write vulnerability in multiple products

An out-of-bounds write issue was addressed with improved bounds checking.

8.8
2022-08-24 CVE-2022-37178 72Crm SQL Injection vulnerability in 72Crm Wukong CRM 9.0

An issue was discovered in 72crm 9.0.

8.8
2022-08-24 CVE-2022-2234 Myscada OS Command Injection vulnerability in Myscada Mypro

An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system.

8.8
2022-08-24 CVE-2022-36633 Goteleport OS Command Injection vulnerability in Goteleport Teleport

Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution.

8.8
2022-08-24 CVE-2022-37333 Exceedone SQL Injection vulnerability in Exceedone Exment

SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands.

8.8
2022-08-24 CVE-2022-38132 Linksys OS Command Injection vulnerability in Linksys Mr8300 Firmware 1.0

Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service.

8.8
2022-08-23 CVE-2022-1513 Lenovo OS Command Injection vulnerability in Lenovo Pcmanager

A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.

8.8
2022-08-23 CVE-2022-36288 Wpdownloadmanager Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.

8.8
2022-08-23 CVE-2022-36292 Wpchill Unspecified vulnerability in Wpchill Gallery Photoblocks 1.2.6

Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.

8.8
2022-08-23 CVE-2022-36379 Yookassa Cross-Site Request Forgery (CSRF) vulnerability in Yookassa Yukassa for Woocommerce

Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress.

8.8
2022-08-23 CVE-2022-36389 Wordplus Unspecified vulnerability in Wordplus Better Messages

Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress.

8.8
2022-08-23 CVE-2022-36394 Contest Gallery Unspecified vulnerability in Contest-Gallery Contest Gallery

Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.

8.8
2022-08-22 CVE-2022-29468 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364.

8.8
2022-08-22 CVE-2022-30534 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

8.8
2022-08-22 CVE-2022-30605 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

8.8
2022-08-22 CVE-2022-32282 Wwbn Improper Authentication vulnerability in Wwbn Avideo 11.6

An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

8.8
2022-08-22 CVE-2022-32572 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

8.8
2022-08-22 CVE-2022-33147 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

8.8
2022-08-22 CVE-2022-33148 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

8.8
2022-08-22 CVE-2022-33149 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

8.8
2022-08-22 CVE-2022-34652 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

8.8
2022-08-22 CVE-2021-3590 Theforeman
Redhat
Cleartext Transmission of Sensitive Information vulnerability in multiple products

A flaw was found in Foreman project.

8.8
2022-08-22 CVE-2022-2557 Radiustheme Unspecified vulnerability in Radiustheme Team - Wordpress Team Members Showcase

The Team WordPress plugin before 4.1.2 contains a file which could allow any authenticated users to download arbitrary files from the server via a path traversal vector.

8.8
2022-08-22 CVE-2022-2594 Advancedcustomfields Unrestricted Upload of File with Dangerous Type vulnerability in Advancedcustomfields Advanced Custom Fields

The Advanced Custom Fields WordPress plugin before 5.12.3, Advanced Custom Fields Pro WordPress plugin before 5.12.3 allows unauthenticated users to upload files allowed in a default WP configuration (so PHP is not possible) if there is a frontend form available.

8.8
2022-08-22 CVE-2022-34347 Wpdownloadmanager Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager

Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.

8.8
2022-08-22 CVE-2022-34772 Tabit Weak Password Requirements vulnerability in Tabit

Tabit - password enumeration.

8.8
2022-08-22 CVE-2022-36346 Maxfoundry Unspecified vulnerability in Maxfoundry Maxbuttons

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Max Foundry MaxButtons plugin <= 9.2 at WordPress.

8.8
2022-08-25 CVE-2022-20823 Cisco Out-of-bounds Read vulnerability in Cisco products

A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

8.6
2022-08-24 CVE-2022-34838 ABB Insufficiently Protected Credentials vulnerability in ABB Zenon

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes.

8.4
2022-08-25 CVE-2022-31269 Nortekcontrol Use of Hard-coded Credentials vulnerability in Nortekcontrol Emerge E3 Firmware 0.3207E/0.3207P/0.3209C

Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors.

8.2
2022-08-25 CVE-2021-3929 Qemu
Fedoraproject
Use After Free vulnerability in multiple products

A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU.

8.2
2022-08-24 CVE-2022-34836 ABB Path Traversal vulnerability in ABB Zenon

Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries.

8.2
2022-08-26 CVE-2021-3414 Redhat Improper Preservation of Permissions vulnerability in Redhat Satellite 6.7

A flaw was found in satellite.

8.1
2022-08-26 CVE-2021-40285 Htmly Path Traversal vulnerability in Htmly 2.8.1

htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \views\backup.html.php.

8.1
2022-08-26 CVE-2022-29850 Lexmark Exposure of Resource to Wrong Sphere vulnerability in Lexmark products

Various Lexmark products through 2022-04-27 allow an attacker who has already compromised an affected Lexmark device to maintain persistence across reboots.

8.1
2022-08-26 CVE-2022-36120 Ssctech Unspecified vulnerability in Ssctech Blue Prism Enterprise

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01.

8.1
2022-08-25 CVE-2021-43766 Odyssey Project Improper Certificate Validation vulnerability in Odyssey Project Odyssey 1.1

Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption.

8.1
2022-08-25 CVE-2022-32745 Samba Use of Uninitialized Resource vulnerability in Samba

A flaw was found in Samba.

8.1
2022-08-24 CVE-2021-4125 Redhat Deserialization of Untrusted Data vulnerability in Redhat Openshift

It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed.

8.1
2022-08-25 CVE-2022-2997 Snipeitapp Unspecified vulnerability in Snipeitapp Snipe-It

Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.

8.0
2022-08-22 CVE-2021-36852 Thimpress Unspecified vulnerability in Thimpress WP Hotel Booking

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress.

8.0
2022-08-28 CVE-2022-3016 VIM
Fedoraproject
Use After Free in GitHub repository vim/vim prior to 9.0.0286.
7.8
2022-08-26 CVE-2021-20260 Theforeman Insufficiently Protected Credentials vulnerability in Theforeman Foreman

A flaw was found in the Foreman project.

7.8
2022-08-26 CVE-2022-30984 Rubrik Classic Buffer Overflow vulnerability in Rubrik CDM 7.0.1

A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent.

7.8
2022-08-25 CVE-2020-27796 UPX Project Out-of-bounds Read vulnerability in UPX Project UPX 4.0.0

A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

7.8
2022-08-25 CVE-2020-27799 UPX Project Out-of-bounds Read vulnerability in UPX Project UPX 4.0.0

A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.

7.8
2022-08-25 CVE-2020-27800 UPX Project Out-of-bounds Read vulnerability in UPX Project UPX 4.0.0

A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.

7.8
2022-08-25 CVE-2020-27801 UPX Project Out-of-bounds Read vulnerability in UPX Project UPX 4.0.0

A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.

7.8
2022-08-25 CVE-2022-2982 VIM
Fedoraproject
Use After Free in GitHub repository vim/vim prior to 9.0.0260.
7.8
2022-08-25 CVE-2022-0135 Virglrenderer Project
Redhat
Debian
An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer).
7.8
2022-08-25 CVE-2022-2463 Rockwellautomation Unspecified vulnerability in Rockwellautomation Isagraf Workbench 6.0/6.6.9

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability.

7.8
2022-08-25 CVE-2022-2464 Rockwellautomation Unspecified vulnerability in Rockwellautomation Isagraf Workbench 6.0/6.6.9

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability.

7.8
2022-08-25 CVE-2022-2465 Rockwellautomation Unspecified vulnerability in Rockwellautomation Isagraf Workbench 6.0/6.6.9

Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability.

7.8
2022-08-25 CVE-2022-36455 Totolink OS Command Injection vulnerability in Totolink A3600R Firmware 4.1.2Cu.5182B20201102

TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.

7.8
2022-08-25 CVE-2022-37077 Totolink Out-of-bounds Write vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter.

7.8
2022-08-25 CVE-2022-37078 Totolink Out-of-bounds Write vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg.

7.8
2022-08-25 CVE-2022-37079 Totolink OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.

7.8
2022-08-25 CVE-2022-37080 Totolink Out-of-bounds Write vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg.

7.8
2022-08-25 CVE-2022-37081 Totolink OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg.

7.8
2022-08-25 CVE-2022-37082 Totolink OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost.

7.8
2022-08-25 CVE-2022-37083 Totolink OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg.

7.8
2022-08-25 CVE-2022-37084 Totolink Out-of-bounds Write vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function.

7.8
2022-08-25 CVE-2022-37817 Tenda Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind.

7.8
2022-08-25 CVE-2022-37818 Tenda Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand.

7.8
2022-08-25 CVE-2022-37819 Tenda Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime.

7.8
2022-08-25 CVE-2022-37820 Tenda Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ddnsEn parameter in the function formSetSysToolDDNS.

7.8
2022-08-25 CVE-2022-37821 Tenda Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ProvinceCode parameter in the function formSetProvince.

7.8
2022-08-25 CVE-2022-37822 Tenda Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic.

7.8
2022-08-25 CVE-2022-37823 Tenda Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetVirtualSer.

7.8
2022-08-25 CVE-2022-37824 Tenda Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.1

Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic.

7.8
2022-08-25 CVE-2022-36456 Totolink OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.532B20210610

TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.

7.8
2022-08-25 CVE-2022-36458 Totolink OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.

7.8
2022-08-25 CVE-2022-36459 Totolink OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost.

7.8
2022-08-25 CVE-2022-36460 Totolink OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.

7.8
2022-08-25 CVE-2022-36461 Totolink OS Command Injection vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.

7.8
2022-08-25 CVE-2022-36462 Totolink Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.

7.8
2022-08-25 CVE-2022-36463 Totolink Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg.

7.8
2022-08-25 CVE-2022-36464 Totolink Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules.

7.8
2022-08-25 CVE-2022-36465 Totolink Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the pppoeUser parameter.

7.8
2022-08-25 CVE-2022-36466 Totolink Out-of-bounds Write vulnerability in Totolink A3700R Firmware 9.1.2U.6134B20201202

TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg.

7.8
2022-08-25 CVE-2022-36467 H3C Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function EditMacList.d.

7.8
2022-08-25 CVE-2022-36468 H3C Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed.

7.8
2022-08-25 CVE-2022-36469 H3C Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById.

7.8
2022-08-25 CVE-2022-36470 H3C Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAP5GWifiById.

7.8
2022-08-25 CVE-2022-36471 H3C Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetMacAccessMode.

7.8
2022-08-25 CVE-2022-36472 H3C Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetMobileAPInfoById.

7.8
2022-08-25 CVE-2022-36473 H3C Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G.

7.8
2022-08-25 CVE-2022-36474 H3C Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function WlanWpsSet.

7.8
2022-08-25 CVE-2022-36475 H3C Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddMacList.

7.8
2022-08-25 CVE-2022-36477 H3C Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddWlanMacList.

7.8
2022-08-25 CVE-2022-36478 H3C Out-of-bounds Write vulnerability in H3C B5 Mini Firmware B5Miniv100R005

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Edit_BasicSSID.

7.8
2022-08-25 CVE-2022-36479 Totolink OS Command Injection vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost.

7.8
2022-08-25 CVE-2022-36480 Totolink Out-of-bounds Write vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg.

7.8
2022-08-25 CVE-2022-36481 Totolink OS Command Injection vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg.

7.8
2022-08-25 CVE-2022-36482 Totolink Out-of-bounds Write vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg.

7.8
2022-08-25 CVE-2022-36483 Totolink Out-of-bounds Write vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser parameter.

7.8
2022-08-25 CVE-2022-36484 Totolink Out-of-bounds Write vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg.

7.8
2022-08-25 CVE-2022-36485 Totolink OS Command Injection vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.

7.8
2022-08-25 CVE-2022-36486 Totolink OS Command Injection vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.

7.8
2022-08-25 CVE-2022-36487 Totolink OS Command Injection vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.

7.8
2022-08-25 CVE-2022-36488 Totolink Out-of-bounds Write vulnerability in Totolink N350Rt Firmware 9.3.5U.6139B20201216

TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules.

7.8
2022-08-25 CVE-2022-36489 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EnableIpv6.

7.8
2022-08-25 CVE-2022-36490 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditMacList.

7.8
2022-08-25 CVE-2022-36491 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateIpv6Params.

7.8
2022-08-25 CVE-2022-36492 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddMacList.

7.8
2022-08-25 CVE-2022-36493 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById.

7.8
2022-08-25 CVE-2022-36494 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function edditactionlist.

7.8
2022-08-25 CVE-2022-36495 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function addactionlist.

7.8
2022-08-25 CVE-2022-36496 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMobileAPInfoById.

7.8
2022-08-25 CVE-2022-36497 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G.

7.8
2022-08-25 CVE-2022-36498 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed.

7.8
2022-08-25 CVE-2022-36499 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function DEleteusergroup.

7.8
2022-08-25 CVE-2022-36500 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditWlanMacList.

7.8
2022-08-25 CVE-2022-36501 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateSnat.

7.8
2022-08-25 CVE-2022-36502 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateWanParams.

7.8
2022-08-25 CVE-2022-36503 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateMacClone.

7.8
2022-08-25 CVE-2022-36504 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID.

7.8
2022-08-25 CVE-2022-36505 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EDitusergroup.

7.8
2022-08-25 CVE-2022-36506 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMacAccessMode.

7.8
2022-08-25 CVE-2022-36507 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddWlanMacList.

7.8
2022-08-25 CVE-2022-36508 H3C Out-of-bounds Write vulnerability in H3C Magic Nx18 Plus Firmware Nx18Pv100R003

H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPInfoById.

7.8
2022-08-25 CVE-2022-36509 H3C OS Command Injection vulnerability in H3C Gr3200 Firmware Minigr1B0V100R014

H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.

7.8
2022-08-25 CVE-2022-36510 H3C OS Command Injection vulnerability in H3C Gr2200 Firmware Minigr1A0V100R014

H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.

7.8
2022-08-25 CVE-2022-37074 H3C Out-of-bounds Write vulnerability in H3C Gr-1200W Firmware

H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switch_debug_info_set.

7.8
2022-08-25 CVE-2022-37075 Totolink Out-of-bounds Write vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022

TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg.

7.8
2022-08-25 CVE-2022-37076 Totolink OS Command Injection vulnerability in Totolink A7000R Firmware 9.1.0U.6115B20201022

TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.

7.8
2022-08-24 CVE-2022-32810 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

7.8
2022-08-24 CVE-2022-32811 Apple Improper Locking vulnerability in Apple mac OS X and Macos

A memory corruption vulnerability was addressed with improved locking.

7.8
2022-08-24 CVE-2022-32812 Apple Unspecified vulnerability in Apple mac OS X and Macos

The issue was addressed with improved memory handling.

7.8
2022-08-24 CVE-2022-32813 Apple Unspecified vulnerability in Apple products

The issue was addressed with improved memory handling.

7.8
2022-08-24 CVE-2022-32837 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

7.8
2022-08-24 CVE-2022-32840 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

7.8
2022-08-24 CVE-2022-32894 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

7.8
2022-08-24 CVE-2021-3999 GNU
Debian
Netapp
A flaw was found in glibc.
7.8
2022-08-24 CVE-2021-4028 Linux
Suse
A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free.
7.8
2022-08-24 CVE-2021-4037 Linux
Debian
A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group.
7.8
2022-08-24 CVE-2021-4041 Redhat Improper Encoding or Escaping of Output vulnerability in Redhat Ansible Runner

A flaw was found in ansible-runner.

7.8
2022-08-24 CVE-2022-2978 Linux
Debian
A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy.
7.8
2022-08-23 CVE-2020-35511 Libpng
Debian
A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.
7.8
2022-08-23 CVE-2022-2938 Linux
Redhat
Fedoraproject
Netapp
A flaw was found in the Linux kernel's implementation of Pressure Stall Information.
7.8
2022-08-23 CVE-2022-31676 Vmware
Debian
Fedoraproject
Netapp
Improper Privilege Management vulnerability in multiple products

VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability.

7.8
2022-08-23 CVE-2022-2946 VIM
Fedoraproject
Debian
Use After Free in GitHub repository vim/vim prior to 9.0.0246.
7.8
2022-08-23 CVE-2021-23177 Libarchive
Fedoraproject
Redhat
Debian
An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link.
7.8
2022-08-23 CVE-2021-31566 Libarchive
Fedoraproject
Redhat
Debian
Splunk
An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive.
7.8
2022-08-22 CVE-2022-25942 Hdfgroup Unspecified vulnerability in Hdfgroup Hdf5 1.10.4

An out-of-bounds read vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4.

7.8
2022-08-22 CVE-2022-25972 Hdfgroup Unspecified vulnerability in Hdfgroup Hdf5 1.10.4

An out-of-bounds write vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4.

7.8
2022-08-22 CVE-2022-26061 Hdfgroup Out-of-bounds Write vulnerability in Hdfgroup Hdf5 1.10.4

A heap-based buffer overflow vulnerability exists in the gif2h5 functionality of HDF5 Group libhdf5 1.10.4.

7.8
2022-08-22 CVE-2022-38171 Xpdfreader
Freedesktop
Integer Overflow or Wraparound vulnerability in multiple products

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc).

7.8
2022-08-22 CVE-2022-2930 Octoprint Unspecified vulnerability in Octoprint

Unverified Password Change in GitHub repository octoprint/octoprint prior to 1.8.3.

7.8
2022-08-28 CVE-2022-38562 Tenda Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)

Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools.

7.5
2022-08-28 CVE-2022-38563 Tenda Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)

Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools.

7.5
2022-08-28 CVE-2022-38564 Tenda Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)

Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem.

7.5
2022-08-28 CVE-2022-38565 Tenda Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)

Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest.

7.5
2022-08-28 CVE-2022-38566 Tenda Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)

Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest.

7.5
2022-08-28 CVE-2022-38567 Tenda Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo.

7.5
2022-08-28 CVE-2022-38568 Tenda Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)

Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools.

7.5
2022-08-28 CVE-2022-38569 Tenda Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd.

7.5
2022-08-28 CVE-2022-38570 Tenda Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)

Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd.

7.5
2022-08-28 CVE-2022-38571 Tenda Out-of-bounds Write vulnerability in Tenda M3 Firmware 1.0.0.12(4856)

Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem.

7.5
2022-08-27 CVE-2022-38794 Zaver Project Path Traversal vulnerability in Zaver Project Zaver

Zaver through 2020-12-15 allows directory traversal via the GET /..

7.5
2022-08-26 CVE-2022-36537 Zkoss Unspecified vulnerability in Zkoss ZK Framework

ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.

7.5
2022-08-26 CVE-2022-0084 Redhat Allocation of Resources Without Limits or Throttling vulnerability in Redhat products

A flaw was found in XNIO, specifically in the notifyReadClosed method.

7.5
2022-08-26 CVE-2022-0217 Prosody XML Entity Expansion vulnerability in Prosody

It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data.

7.5
2022-08-26 CVE-2021-3632 Redhat Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On

A flaw was found in Keycloak.

7.5
2022-08-26 CVE-2021-3703 Redhat Unspecified vulnerability in Redhat Openshift Serverless 1.0/1.16.0

It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0.

7.5
2022-08-26 CVE-2021-3859 Redhat
Netapp
A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2.
7.5
2022-08-26 CVE-2022-36521 Cskefu Missing Authentication for Critical Function vulnerability in Cskefu 7.0.1

Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts.

7.5
2022-08-26 CVE-2022-37151 Online Diagnostic LAB Management System Project Unspecified vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0

There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0.

7.5
2022-08-26 CVE-2022-35192 Dlink Classic Buffer Overflow vulnerability in Dlink Dsl-3782 Firmware 1.01

D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp.

7.5
2022-08-25 CVE-2021-42521 VTK NULL Pointer Dereference vulnerability in VTK

There is a NULL pointer dereference vulnerability in VTK before 9.2.5, and it lies in IO/Infovis/vtkXMLTreeReader.cxx.

7.5
2022-08-25 CVE-2021-42522 Gnome Memory Leak vulnerability in Gnome Anjuta 2.0.0

There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c.

7.5
2022-08-25 CVE-2021-42523 Colord Project Memory Leak vulnerability in Colord Project Colord 1.4.4/1.4.5

There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately.

7.5
2022-08-25 CVE-2022-2255 Modwsgi
Debian
Insufficient Verification of Data Authenticity vulnerability in multiple products

A vulnerability was found in mod_wsgi.

7.5
2022-08-25 CVE-2022-22728 Apache
Fedoraproject
Debian
A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads.
7.5
2022-08-24 CVE-2022-32793 Apple
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Multiple out-of-bounds write issues were addressed with improved bounds checking.

7.5
2022-08-24 CVE-2021-3998 GNU
Netapp
A flaw was found in glibc.
7.5
2022-08-24 CVE-2021-43309 Litejs Unspecified vulnerability in Litejs Uri-Template-Lite

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method

7.5
2022-08-24 CVE-2021-4213 Dogtagpki
Redhat
Debian
Memory Leak vulnerability in multiple products

A flaw was found in JSS, where it did not properly free up all memory.

7.5
2022-08-24 CVE-2021-0891 Google Improper Privilege Management vulnerability in Google Android

An unprivileged app can trigger PowerVR driver to return an uninitialized heap memory causing information disclosure.Product: AndroidVersions: Android SoCAndroid ID: A-236849490

7.5
2022-08-24 CVE-2021-0946 Google Missing Initialization of Resource vulnerability in Google Android

The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameInt on the heap, fills the contents of the buffer via PMR_PDumpSymbolicAddr, and then copies the buffer to userspace.

7.5
2022-08-24 CVE-2021-0947 Google Missing Initialization of Resource vulnerability in Google Android

The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt on the heap, fills the contents of the buffer via TLServerDiscoverStreamsKM, and then copies the buffer to userspace.

7.5
2022-08-24 CVE-2022-27812 Stormshield Unspecified vulnerability in Stormshield Network Security

Flooding SNS firewall versions 3.7.0 to 3.7.29, 3.11.0 to 3.11.17, 4.2.0 to 4.2.10, and 4.3.0 to 4.3.6 with specific forged traffic, can lead to SNS DoS.

7.5
2022-08-24 CVE-2022-24375 Node Opcua Project Resource Exhaustion vulnerability in Node-Opcua Project Node-Opcua

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.

7.5
2022-08-24 CVE-2022-25903 Opcua Project Out-of-bounds Write vulnerability in Opcua Project Opcua

The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.

7.5
2022-08-23 CVE-2021-20298 Openexr
Debian
Out-of-bounds Write vulnerability in multiple products

A flaw was found in OpenEXR's B44Compressor.

7.5
2022-08-23 CVE-2021-20304 Openexr Unspecified vulnerability in Openexr

A flaw was found in OpenEXR's hufDecode functionality.

7.5
2022-08-23 CVE-2021-3690 Redhat Memory Leak vulnerability in Redhat products

A flaw was found in Undertow.

7.5
2022-08-23 CVE-2021-3839 Dpdk
Fedoraproject
Redhat
Out-of-bounds Write vulnerability in multiple products

A flaw was found in the vhost library in DPDK.

7.5
2022-08-23 CVE-2021-3905 Openvswitch
Redhat
Canonical
Fedoraproject
Memory Leak vulnerability in multiple products

A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing.

7.5
2022-08-23 CVE-2022-28882 F Secure Infinite Loop vulnerability in F-Secure products

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files.

7.5
2022-08-23 CVE-2022-28883 F Secure Unspecified vulnerability in F-Secure products

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes.

7.5
2022-08-23 CVE-2022-21208 Node Opcua Project Improper Validation of Specified Quantity in Input vulnerability in Node-Opcua Project Node-Opcua

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions.

7.5
2022-08-23 CVE-2022-24298 Freeopcua Project Allocation of Resources Without Limits or Throttling vulnerability in Freeopcua Project Freeopcua

All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.

7.5
2022-08-23 CVE-2022-24381 Asneg Allocation of Resources Without Limits or Throttling vulnerability in Asneg OPC UA Stack

All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions.

7.5
2022-08-23 CVE-2022-25231 Node Opcua Project Allocation of Resources Without Limits or Throttling vulnerability in Node-Opcua Project Node-Opcua

The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.

7.5
2022-08-23 CVE-2022-25302 OPC UA Stack Project Unspecified vulnerability in OPC UA Stack Project OPC UA Stack

All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h.

7.5
2022-08-23 CVE-2022-25304 Asyncua Project
Opcua Project
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions.

7.5
2022-08-23 CVE-2022-25761 Open62541
Fedoraproject
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions.

7.5
2022-08-23 CVE-2022-25888 Opcua Project Allocation of Resources Without Limits or Throttling vulnerability in Opcua Project Opcua

The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions.

7.5
2022-08-23 CVE-2022-33916 Opcfoundation Unspecified vulnerability in Opcfoundation UA .Net Standard Stack 1.04.368

OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.

7.5
2022-08-22 CVE-2022-38668 Crowcpp Use of Uninitialized Resource vulnerability in Crowcpp Crow 1.0+4

HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive uninitialized data from stack memory when fulfilling a request for a static file smaller than 16 KB.

7.5
2022-08-22 CVE-2022-1930 Ethereum Unspecified vulnerability in Ethereum Eth-Account

An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method

7.5
2022-08-22 CVE-2022-32777 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

7.5
2022-08-22 CVE-2022-32778 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

7.5
2022-08-22 CVE-2021-3513 Redhat Information Exposure Through an Error Message vulnerability in Redhat Keycloak

A flaw was found in keycloak where a brute force attack is possible even when the permanent lockout feature is enabled.

7.5
2022-08-22 CVE-2022-2362 Wpdownloadmanager Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager

The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.

7.5
2022-08-22 CVE-2022-2544 Wpmanageninja Unspecified vulnerability in Wpmanageninja Ninja JOB Board 1.0.0/1.2.2/1.3.1

The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes.

7.5
2022-08-22 CVE-2022-2551 Snapcreek Unspecified vulnerability in Snapcreek Duplicator

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.

7.5
2022-08-22 CVE-2022-34770 Tabit Authorization Bypass Through User-Controlled Key vulnerability in Tabit

Tabit - sensitive information disclosure.

7.5
2022-08-22 CVE-2022-34775 Tabit Authorization Bypass Through User-Controlled Key vulnerability in Tabit

Tabit - Excessive data exposure.

7.5
2022-08-22 CVE-2022-34776 Tabit Information Exposure vulnerability in Tabit

Tabit - giftcard stealth.

7.5
2022-08-22 CVE-2022-37133 Dlink Improper Resource Shutdown or Release vulnerability in Dlink Dir-816 Firmware 1.10Cnb04

D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot.

7.5
2022-08-26 CVE-2021-3563 Openstack
Debian
Redhat
Incorrect Authorization vulnerability in multiple products

A flaw was found in openstack-keystone.

7.4
2022-08-23 CVE-2021-28861 Python
Fedoraproject
Open Redirect vulnerability in multiple products

Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no protection against multiple (/) at the beginning of URI path which may leads to information disclosure.

7.4
2022-08-26 CVE-2022-36226 Siteservercms Project Missing Authorization vulnerability in Siteservercms Project Siteservercms

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.

7.2
2022-08-23 CVE-2022-36285 Uploading SVG Webp AND ICO Files Project Unspecified vulnerability in Uploading Svg, Webp and ICO Files Project Uploading Svg, Webp and ICO Files 1.0.1

Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.

7.2
2022-08-23 CVE-2022-35203 Trendnet Improper Authentication vulnerability in Trendnet Tv-Ip572Pi Firmware 1.0

An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information.

7.2
2022-08-23 CVE-2022-34486 Pukiwiki Path Traversal vulnerability in Pukiwiki

Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attacker with an administrative privilege to execute a malicious script via unspecified vectors.

7.2
2022-08-22 CVE-2021-37289 Planex Incorrect Default Permissions vulnerability in Planex Mzk-Dp150N Firmware 1.42/1.43

Insecure Permissions in administration interface in Planex MZK-DP150N 1.42 and 1.43 allows attackers to execute system command as root via etc_ro/web/syscmd.asp.

7.2
2022-08-22 CVE-2022-25811 Transposh Unspecified vulnerability in Transposh Wordpress Translation

The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection

7.2
2022-08-22 CVE-2022-25812 Transposh Unspecified vulnerability in Transposh Wordpress Translation

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE

7.2
2022-08-22 CVE-2022-2593 Deliciousbrains Unspecified vulnerability in Deliciousbrains Better Search Replace

The Better Search Replace WordPress plugin before 1.4.1 does not properly sanitise and escape table data before inserting it into a SQL query, which could allow high privilege users to perform SQL Injection attacks

7.2
2022-08-22 CVE-2022-33900 Sandhillsdev Deserialization of Untrusted Data vulnerability in Sandhillsdev Easy Digital Downloads

PHP Object Injection vulnerability in Easy Digital Downloads plugin <= 3.0.1 at WordPress.

7.2
2022-08-25 CVE-2022-36115 Ssctech Unspecified vulnerability in Ssctech Blue Prism

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01.

7.1
2022-08-24 CVE-2021-4204 Linux
Debian
Redhat
Netapp
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation.

7.1
2022-08-22 CVE-2021-3481 QT Out-of-bounds Read vulnerability in QT

A flaw was found in Qt.

7.1
2022-08-26 CVE-2021-3864 Linux
Debian
Redhat
A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants.
7.0
2022-08-25 CVE-2022-2959 Linux Improper Locking vulnerability in Linux Kernel

A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring().

7.0

205 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-23 CVE-2021-20316 Samba
Debian
Redhat
Race Condition vulnerability in multiple products

A flaw was found in the way Samba handled file/directory metadata.

6.8
2022-08-23 CVE-2021-3827 Redhat Improper Authentication vulnerability in Redhat Keycloak and Single Sign-On

A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed.

6.8
2022-08-26 CVE-2022-34301 Kidan
Redhat
Microsoft
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01.
6.7
2022-08-26 CVE-2022-34302 Horizondatasys
Redhat
Microsoft
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01.
6.7
2022-08-26 CVE-2022-34303 Eurosoft UK
Redhat
Microsoft
A flaw was found in Eurosoft bootloaders before 2022-06-01.
6.7
2022-08-26 CVE-2021-35939 RPM
Redhat
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created.
6.7
2022-08-25 CVE-2021-35938 RPM
Fedoraproject
Redhat
Link Following vulnerability in multiple products

A symbolic link issue was found in rpm.

6.7
2022-08-25 CVE-2022-20865 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

6.7
2022-08-25 CVE-2022-2991 Linux Out-of-bounds Write vulnerability in Linux Kernel

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem.

6.7
2022-08-24 CVE-2021-4178 Redhat Deserialization of Untrusted Data vulnerability in Redhat products

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above.

6.7
2022-08-23 CVE-2021-3701 Redhat Incorrect Default Permissions vulnerability in Redhat Ansible Runner 2.0.0

A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations.

6.6
2022-08-28 CVE-2022-3017 Froxlor Unspecified vulnerability in Froxlor

Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.

6.5
2022-08-26 CVE-2022-36542 Edoc Doctor Appointment System Project Unspecified vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1

An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data.

6.5
2022-08-26 CVE-2022-36522 Mikrotik Reachable Assertion vulnerability in Mikrotik Routeros

Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch.

6.5
2022-08-26 CVE-2021-39394 MM Wiki Project Cross-Site Request Forgery (CSRF) vulnerability in Mm-Wiki Project Mm-Wiki 0.2.1

mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information.

6.5
2022-08-25 CVE-2022-37316 RSA Unspecified vulnerability in RSA Archer

Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system.

6.5
2022-08-25 CVE-2021-3979 Redhat
Fedoraproject
Improper Authentication vulnerability in multiple products

A key length flaw was found in Red Hat Ceph Storage.

6.5
2022-08-25 CVE-2022-23715 Elastic Information Exposure Through Log Files vulnerability in Elastic Cloud Enterprise

A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster.

6.5
2022-08-24 CVE-2021-4209 GNU
Redhat
Netapp
NULL Pointer Dereference vulnerability in multiple products

A NULL pointer dereference flaw was found in GnuTLS.

6.5
2022-08-23 CVE-2021-3975 Redhat
Canonical
Fedoraproject
Debian
Netapp
A use-after-free flaw was found in libvirt.
6.5
2022-08-23 CVE-2022-37428 Powerdns
Fedoraproject
Incomplete Cleanup vulnerability in multiple products

PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.

6.5
2022-08-23 CVE-2022-38663 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins GIT

Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.

6.5
2022-08-23 CVE-2022-38665 Jenkins Insufficiently Protected Credentials vulnerability in Jenkins Collabnet

Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

6.5
2022-08-23 CVE-2021-3670 Samba
Redhat
Fedoraproject
MaxQueryDuration not honoured in Samba AD DC LDAP
6.5
2022-08-23 CVE-2022-33142 Wordplus Unspecified vulnerability in Wordplus Better Messages

Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress.

6.5
2022-08-23 CVE-2022-34868 Yookassa Unspecified vulnerability in Yookassa Yukassa for Woocommerce

Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress.

6.5
2022-08-23 CVE-2020-35992 Fiserv Insufficiently Protected Credentials vulnerability in Fiserv Prologue 20201216

Fiserv Prologue through 2020-12-16 does not properly protect the database password.

6.5
2022-08-23 CVE-2022-35191 Dlink Improper Resource Shutdown or Release vulnerability in Dlink Dsl-3782 Firmware 1.01

D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request.

6.5
2022-08-22 CVE-2022-28710 Wwbn Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo 11.6

An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

6.5
2022-08-22 CVE-2022-32761 Wwbn Externally Controlled Reference to a Resource in Another Sphere vulnerability in Wwbn Avideo 11.6

An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

6.5
2022-08-22 CVE-2022-32480 Dell Insecure Default Initialization of Resource vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability.

6.5
2022-08-22 CVE-2022-25810 Transposh Unspecified vulnerability in Transposh Wordpress Translation

The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset” under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user.

6.5
2022-08-22 CVE-2022-2388 WOW Company Unspecified vulnerability in Wow-Company WP Coder

The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack

6.5
2022-08-22 CVE-2022-2392 Lana Unspecified vulnerability in Lana Downloads Manager

The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.

6.5
2022-08-22 CVE-2022-2555 Yotpo Reviews FOR Woocommerce Project Unspecified vulnerability in Yotpo Reviews for Woocommerce Project Yotpo Reviews for Woocommerce 2.0.4

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack.

6.5
2022-08-25 CVE-2021-35937 RPM
Redhat
Fedoraproject
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products

A race condition vulnerability was found in rpm.

6.4
2022-08-24 CVE-2022-36945 Mazda Authentication Bypass by Capture-replay vulnerability in Mazda Firmware 2020

The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack.

6.4
2022-08-24 CVE-2022-37305 Honda Authentication Bypass by Capture-replay vulnerability in Honda Firmware

The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack.

6.4
2022-08-24 CVE-2022-37418 Nissan
KIA
Hyundai
Authentication Bypass by Capture-replay vulnerability in multiple products

The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack.

6.4
2022-08-23 CVE-2021-3702 Redhat Race Condition vulnerability in Redhat Ansible Runner 2.0.0

A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir.

6.3
2022-08-27 CVE-2022-3014 Simple Task Managing System Project Unspecified vulnerability in Simple Task Managing System Project Simple Task Managing System 1.0

A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System.

6.1
2022-08-27 CVE-2022-3015 Fast Food Ordering System Project Unspecified vulnerability in Fast Food Ordering System Project Fast Food Ordering System 1.0

A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System.

6.1
2022-08-26 CVE-2022-36547 Edoc Doctor Appointment System Project Cross-site Scripting vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php.

6.1
2022-08-26 CVE-2021-3427 Deluge Torrent Unspecified vulnerability in Deluge-Torrent Deluge

The Deluge Web-UI is vulnerable to XSS through a crafted torrent file.

6.1
2022-08-26 CVE-2021-39393 MM Wiki Project Cross-site Scripting vulnerability in Mm-Wiki Project Mm-Wiki 0.2.1

mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor.

6.1
2022-08-25 CVE-2022-31798 Nortekcontrol Session Fixation vulnerability in Nortekcontrol Emerge E3 Firmware 0.3207E/0.3207P

Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together.

6.1
2022-08-25 CVE-2022-37318 RSA Cross-site Scripting vulnerability in RSA Archer

Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability.

6.1
2022-08-25 CVE-2021-3914 Redhat Cross-site Scripting vulnerability in Redhat products

It was found that the smallrye health metrics UI component did not properly sanitize some user inputs.

6.1
2022-08-25 CVE-2022-37952 GE Cross-site Scripting vulnerability in GE Workstationst

A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser.

6.1
2022-08-25 CVE-2022-37953 GE Unspecified vulnerability in GE Workstationst

An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session.

6.1
2022-08-25 CVE-2022-37161 Claroline Cross-site Scripting vulnerability in Claroline

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.

6.1
2022-08-24 CVE-2022-34837 ABB Insufficiently Protected Credentials vulnerability in ABB Zenon

Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon.

6.1
2022-08-24 CVE-2022-37153 Articatech Cross-site Scripting vulnerability in Articatech Artica Proxy 4.30.000000

An issue was discovered in Artica Proxy 4.30.000000.

6.1
2022-08-23 CVE-2022-38172 Servicenow Cross-site Scripting vulnerability in Servicenow Sandiego

ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.

6.1
2022-08-23 CVE-2022-38463 Servicenow Cross-site Scripting vulnerability in Servicenow Sandiego

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.

6.1
2022-08-23 CVE-2022-29476 8Degreethemes Unspecified vulnerability in 8Degreethemes Notification BAR

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress.

6.1
2022-08-23 CVE-2022-35278 Apache
Netapp
Cross-site Scripting vulnerability in multiple products

In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.

6.1
2022-08-23 CVE-2022-2956 Noxen Project Cross-site Scripting vulnerability in Noxen Project Noxen

A vulnerability classified as problematic has been found in ConsoleTVs Noxen.

6.1
2022-08-23 CVE-2022-27637 Pukiwiki Cross-site Scripting vulnerability in Pukiwiki 1.5.1/1.5.2/1.5.3

Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors.

6.1
2022-08-23 CVE-2019-25075 Gravitee Cross-site Scripting vulnerability in Gravitee API Management

HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.

6.1
2022-08-22 CVE-2022-30690 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

6.1
2022-08-22 CVE-2022-32770 Wwbn Cross-site Scripting vulnerability in Wwbn Avideo 11.6

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

6.1
2022-08-22 CVE-2022-32771 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

6.1
2022-08-22 CVE-2022-32772 Wwbn Cross-site Scripting vulnerability in Wwbn Avideo 11.6

A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

6.1
2022-08-22 CVE-2022-28598 Frappe Cross-site Scripting vulnerability in Frappe Erpnext 12.29.0

Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users.

6.1
2022-08-22 CVE-2021-24910 Transposh Unspecified vulnerability in Transposh Wordpress Translation

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

6.1
2022-08-22 CVE-2021-3639 Uninett Unspecified vulnerability in Uninett MOD Auth Mellon

A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly.

6.1
2022-08-22 CVE-2022-1932 Rezgo Unspecified vulnerability in Rezgo Online Booking

The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file

6.1
2022-08-22 CVE-2022-2383 Slickremix Unspecified vulnerability in Slickremix Feed Them Social

The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

6.1
2022-08-22 CVE-2022-2532 Slickremix Unspecified vulnerability in Slickremix Feed Them Social

The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

6.1
2022-08-22 CVE-2022-34857 Smartypantsplugins Cross-site Scripting vulnerability in Smartypantsplugins SP Project & Document Manager

Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager plugin <= 4.59 at WordPress

6.1
2022-08-22 CVE-2022-35654 Pega Cross-site Scripting vulnerability in Pega Platform 8.6

Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.

6.1
2022-08-22 CVE-2022-35655 Pega Cross-site Scripting vulnerability in Pega Platform

Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting.

6.1
2022-08-22 CVE-2022-2932 BDG Unspecified vulnerability in BDG Mobiledoc KIT

Cross-site Scripting (XSS) - Reflected in GitHub repository bustle/mobiledoc-kit prior to 0.14.2.

6.1
2022-08-22 CVE-2022-36251 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Clinic'S Patient Management System 1.0

Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients.php.

6.1
2022-08-24 CVE-2021-4158 Qemu
Redhat
A NULL pointer dereference issue was found in the ACPI code of QEMU.
6.0
2022-08-25 CVE-2021-43767 Postgresql Improper Certificate Validation vulnerability in Postgresql

Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries.

5.9
2022-08-23 CVE-2021-3714 Linux
Redhat
A flaw was found in the Linux kernels memory deduplication mechanism.
5.9
2022-08-27 CVE-2022-38791 Mariadb
Fedoraproject
Improper Locking vulnerability in multiple products

In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.

5.5
2022-08-26 CVE-2022-0171 Linux
Redhat
Debian
Improper Cross-boundary Removal of Sensitive Data vulnerability in multiple products

A flaw was found in the Linux kernel.

5.5
2022-08-26 CVE-2022-0175 Virglrenderer Project
Redhat
A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer).
5.5
2022-08-26 CVE-2021-3585 Openstack Cleartext Storage of Sensitive Information vulnerability in Openstack Tripleo Heat Templates

A flaw was found in openstack-tripleo-heat-templates.

5.5
2022-08-26 CVE-2021-3669 Linux
IBM
Debian
Fedoraproject
Redhat
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

A flaw was found in the Linux kernel.

5.5
2022-08-26 CVE-2021-4216 Artifex Divide By Zero vulnerability in Artifex Mupdf

A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c.

5.5
2022-08-26 CVE-2022-38533 GNU
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.

5.5
2022-08-25 CVE-2020-27797 UPX Project Release of Invalid Pointer or Reference vulnerability in UPX Project UPX 4.0.0

An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

5.5
2022-08-25 CVE-2020-27798 UPX Project Release of Invalid Pointer or Reference vulnerability in UPX Project UPX 4.0.0

An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

5.5
2022-08-25 CVE-2020-27802 UPX Project Divide By Zero vulnerability in UPX Project UPX 4.0.0

An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.

5.5
2022-08-25 CVE-2021-20224 Imagemagick Integer Overflow or Wraparound vulnerability in Imagemagick

An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c.

5.5
2022-08-25 CVE-2021-23159 SOX Project Unspecified vulnerability in SOX Project SOX 14.4.27

A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file.

5.5
2022-08-25 CVE-2021-23172 SOX Project Unspecified vulnerability in SOX Project SOX 14.4.27

A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file.

5.5
2022-08-25 CVE-2021-23210 SOX Project Unspecified vulnerability in SOX Project SOX 14.4.27

A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file.

5.5
2022-08-25 CVE-2021-33844 SOX Project Unspecified vulnerability in SOX Project SOX 14.4.27

A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file.

5.5
2022-08-25 CVE-2022-2980 VIM
Fedoraproject
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.
5.5
2022-08-25 CVE-2021-4022 Rizin Use After Free vulnerability in Rizin

A vulnerability was found in rizin.

5.5
2022-08-25 CVE-2022-37292 Tenda Out-of-bounds Write vulnerability in Tenda Ax12 Firmware 22.03.01.21Cn

Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow.

5.5
2022-08-24 CVE-2022-32834 Apple Unspecified vulnerability in Apple mac OS X and Macos

An access issue was addressed with improvements to the sandbox.

5.5
2022-08-24 CVE-2022-32838 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved state management.

5.5
2022-08-24 CVE-2021-4142 Candlepinproject Unspecified vulnerability in Candlepinproject Candlepin

The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw.

5.5
2022-08-24 CVE-2021-4155 Linux Incorrect Calculation of Buffer Size vulnerability in Linux Kernel

A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size.

5.5
2022-08-24 CVE-2021-4214 Libpng
Debian
Netapp
A heap overflow flaw was found in libpngs' pngimage.c program.
5.5
2022-08-24 CVE-2021-4218 Linux Improper Initialization vulnerability in Linux Kernel

A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters.

5.5
2022-08-24 CVE-2022-2569 Arcinformatique Unspecified vulnerability in Arcinformatique Pcvue 12.0.26/15/15.2.2

The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users

5.5
2022-08-24 CVE-2021-0698 Google Use of Uninitialized Resource vulnerability in Google Android

In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel heap content due to uninitialized data.

5.5
2022-08-24 CVE-2021-0887 Google Use of Uninitialized Resource vulnerability in Google Android

In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data.

5.5
2022-08-24 CVE-2022-33172 Bund Unspecified vulnerability in Bund De.Fac2 1.34

de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC.

5.5
2022-08-23 CVE-2021-3917 Redhat Incorrect Default Permissions vulnerability in Redhat Coreos-Installer

A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions.

5.5
2022-08-23 CVE-2021-3995 Kernel
Fedoraproject
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem.
5.5
2022-08-23 CVE-2021-3996 Kernel
Fedoraproject
A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem.
5.5
2022-08-23 CVE-2021-3997 Systemd Project
Fedoraproject
Redhat
Uncontrolled Recursion vulnerability in multiple products

A flaw was found in systemd.

5.5
2022-08-23 CVE-2021-3736 Linux Memory Leak vulnerability in Linux Kernel

A flaw was found in the Linux kernel.

5.5
2022-08-23 CVE-2021-3759 Linux
Debian
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores.

5.5
2022-08-23 CVE-2021-3764 Linux Memory Leak vulnerability in Linux Kernel

A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service.

5.5
2022-08-23 CVE-2021-3798 Opencryptoki Project Unspecified vulnerability in Opencryptoki Project Opencryptoki

A flaw was found in openCryptoki.

5.5
2022-08-23 CVE-2021-3800 Gnome
Debian
Netapp
A flaw was found in glib before version 2.63.6.
5.5
2022-08-22 CVE-2022-2923 VIM
Fedoraproject
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.
5.5
2022-08-22 CVE-2022-31238 Dell Information Exposure vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability.

5.5
2022-08-22 CVE-2021-3659 Linux
Fedoraproject
Redhat
NULL Pointer Dereference vulnerability in multiple products

A NULL pointer dereference flaw was found in the Linux kernel’s IEEE 802.15.4 wireless networking subsystem in the way the user closes the LR-WPAN connection.

5.5
2022-08-22 CVE-2022-2873 Linux
Fedoraproject
Redhat
Netapp
Debian
Incorrect Calculation of Buffer Size vulnerability in multiple products

An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data.

5.5
2022-08-26 CVE-2022-36548 Edoc Doctor Appointment System Project Cross-site Scripting vulnerability in Edoc-Doctor-Appointment-System Project Edoc-Doctor-Appointment-System 1.0.1

Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php.

5.4
2022-08-26 CVE-2022-0225 Redhat Cross-site Scripting vulnerability in Redhat Keycloak and Single Sign-On

A flaw was found in Keycloak.

5.4
2022-08-26 CVE-2022-35714 IBM Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6.1.1/7.6.1.2

IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting.

5.4
2022-08-26 CVE-2022-37150 Online Diagnostic LAB Management System Project Cross-site Scripting vulnerability in Online Diagnostic LAB Management System Project Online Diagnostic LAB Management System 1.0

An issue was discovered in Online Diagnostic Lab Management System 1.0.

5.4
2022-08-25 CVE-2022-37317 RSA Cross-site Scripting vulnerability in RSA Archer

Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability.

5.4
2022-08-25 CVE-2022-36527 Jflyfox Cross-site Scripting vulnerability in Jflyfox Jfinal CMS 5.1.0

Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.

5.4
2022-08-25 CVE-2022-32746 Samba Use After Free vulnerability in Samba

A flaw was found in the Samba AD LDAP server.

5.4
2022-08-25 CVE-2022-37160 Claroline Cross-site Scripting vulnerability in Claroline

Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user.

5.4
2022-08-25 CVE-2022-37162 Claroline Cross-site Scripting vulnerability in Claroline

Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS).

5.4
2022-08-25 CVE-2022-37238 Altn Cross-site Scripting vulnerability in Altn Security Gateway for Email Servers 8.5.2

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter.

5.4
2022-08-25 CVE-2022-37239 Altn Cross-site Scripting vulnerability in Altn Security Gateway for Email Servers 8.5.2

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint.

5.4
2022-08-25 CVE-2022-37241 Altn Cross-site Scripting vulnerability in Altn Security Gateway for Email Servers 8.5.2

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint.

5.4
2022-08-25 CVE-2022-37243 Altn Cross-site Scripting vulnerability in Altn Security Gateway for Email Servers 8.5.2

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint.

5.4
2022-08-25 CVE-2022-37244 Altn Cross-site Scripting vulnerability in Altn Security Gateway for Email Servers 8.5.2

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter.

5.4
2022-08-25 CVE-2022-37245 Altn Cross-site Scripting vulnerability in Altn Security Gateway for Email Servers 8.5.2

MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint.

5.4
2022-08-24 CVE-2018-14520 Getkirby Cross-site Scripting vulnerability in Getkirby Kirby 2.5.12

An issue was discovered in Kirby 2.5.12.

5.4
2022-08-24 CVE-2022-38080 Exceedone Cross-site Scripting vulnerability in Exceedone Exment

Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.

5.4
2022-08-24 CVE-2022-38089 Exceedone Cross-site Scripting vulnerability in Exceedone Exment

Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.

5.4
2022-08-23 CVE-2022-38664 Jenkins Cross-site Scripting vulnerability in Jenkins JOB Configuration History

Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.

5.4
2022-08-23 CVE-2020-35509 Redhat Improper Certificate Validation vulnerability in Redhat Keycloak 11.0.3/12.0.0

A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0.

5.4
2022-08-23 CVE-2022-34648 Uploading SVG Webp AND ICO Files Project Unspecified vulnerability in Uploading Svg, Webp and ICO Files Project Uploading Svg, Webp and ICO Files 1.0.1

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.

5.4
2022-08-23 CVE-2022-34658 Wpdownloadmanager Unspecified vulnerability in Wpdownloadmanager Wordpress Download Manager

Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.

5.4
2022-08-23 CVE-2022-36282 Search Exclude Project Unspecified vulnerability in Search Exclude Project Search Exclude

Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress.

5.4
2022-08-23 CVE-2022-36341 AS Create Pinterest Pinboard Pages Project Unspecified vulnerability in AS - Create Pinterest Pinboard Pages Project AS - Create Pinterest Pinboard Pages

Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS – Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress.

5.4
2022-08-23 CVE-2022-36347 Thealpinepress Unspecified vulnerability in Thealpinepress Alpine Phototile for Pinterest

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine PhotoTile for Pinterest plugin <= 1.3.1 at WordPress.

5.4
2022-08-23 CVE-2022-36405 Amcharts Cross-site Scripting vulnerability in Amcharts Amcharts: Charts and Maps

Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress.

5.4
2022-08-23 CVE-2022-36350 Pukiwiki Cross-site Scripting vulnerability in Pukiwiki

Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors.

5.4
2022-08-23 CVE-2022-2829 Yetiforce Unspecified vulnerability in Yetiforce Customer Relationship Management

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

5.4
2022-08-22 CVE-2021-24911 Transposh Unspecified vulnerability in Transposh Wordpress Translation

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin.

5.4
2022-08-22 CVE-2021-24912 Transposh Unspecified vulnerability in Transposh Wordpress Translation

The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation.

5.4
2022-08-22 CVE-2021-36857 Wpshopmart Unspecified vulnerability in Wpshopmart Testimonial Builder

Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress.

5.4
2022-08-22 CVE-2021-3442 Redhat Unspecified vulnerability in Redhat Openshift API Management 2.9.1

A flaw was found in the Red Hat OpenShift API Management product.

5.4
2022-08-22 CVE-2022-2312 Student Result OR Employee Database Project Cross-Site Request Forgery (CSRF) vulnerability in Student Result or Employee Database Project Student Result or Employee Database

The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks.

5.4
2022-08-22 CVE-2022-2375 Okapitech Unspecified vulnerability in Okapitech WP Sticky Button 1.0/1.1/1.2

The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them.

5.4
2022-08-22 CVE-2022-2600 Auto Hyperlink Urls Project Unspecified vulnerability in Auto-Hyperlink Urls Project Auto-Hyperlink Urls 5.4.1

The Auto-hyperlink URLs WordPress plugin through 5.4.1 does not set rel="noopener noreferer" on generated links, which can lead to Tab Nabbing by giving the target site access to the source tab through the window.opener DOM object.

5.4
2022-08-22 CVE-2022-2890 Yetiforce Unspecified vulnerability in Yetiforce Customer Relationship Management

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

5.4
2022-08-22 CVE-2022-1340 Yetiforce Unspecified vulnerability in Yetiforce Customer Relationship Management

Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.

5.4
2022-08-26 CVE-2021-3754 Redhat Unspecified vulnerability in Redhat Keycloak and Single Sign-On

A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user.

5.3
2022-08-26 CVE-2022-36121 Ssctech Unspecified vulnerability in Ssctech Blue Prism Enterprise

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01.

5.3
2022-08-25 CVE-2022-36116 Ssctech Unspecified vulnerability in Ssctech Blue Prism

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01.

5.3
2022-08-25 CVE-2022-36118 Ssctech Unspecified vulnerability in Ssctech Blue Prism

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01.

5.3
2022-08-25 CVE-2022-23235 Netapp Unspecified vulnerability in Netapp Active IQ Unified Manager

Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.

5.3
2022-08-24 CVE-2021-4040 Redhat
Apache
Out-of-bounds Write vulnerability in multiple products

A flaw was found in AMQ Broker.

5.3
2022-08-24 CVE-2021-4189 Python
Debian
Redhat
Netapp
Unchecked Return Value vulnerability in multiple products

A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode.

5.3
2022-08-23 CVE-2022-35242 59Sec Unspecified vulnerability in 59Sec the Leads Management System: 59Sec Lite 3.4.1

Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress.

5.3
2022-08-23 CVE-2022-1989 Codesys Information Exposure Through Discrepancy vulnerability in Codesys Visualization 4.0.0.0

All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.

5.3
2022-08-22 CVE-2022-33932 Dell Unspecified vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability.

5.3
2022-08-22 CVE-2022-2552 Snapcreek Missing Authorization vulnerability in Snapcreek Duplicator

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.

5.3
2022-08-22 CVE-2022-2558 Presstigers Unspecified vulnerability in Presstigers Simple JOB Board

The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations.

5.3
2022-08-22 CVE-2022-34774 Tabit Unspecified vulnerability in Tabit

Tabit - Arbitrary account modification.

5.3
2022-08-22 CVE-2022-32769 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

5.0
2022-08-26 CVE-2021-32570 Ericsson Information Exposure Through Log Files vulnerability in Ericsson Network Manager

In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files.

4.9
2022-08-23 CVE-2022-35235 Xplodedthemes Path Traversal vulnerability in Xplodedthemes Wpide - File Manager & Code Editor

Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.

4.9
2022-08-22 CVE-2021-29891 IBM Unrestricted Upload of File with Dangerous Type vulnerability in IBM products

IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services.

4.9
2022-08-26 CVE-2021-3688 Redhat Unspecified vulnerability in Redhat Jboss Core Services Httpd 2.4.23/2.4.29/2.4.37

A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s).

4.8
2022-08-23 CVE-2022-2796 Pimcore Unspecified vulnerability in Pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4.

4.8
2022-08-22 CVE-2021-36847 Webba Booking Unspecified vulnerability in Webba-Booking Webba Booking

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WebbaPlugins Webba Booking plugin <= 4.2.21 at WordPress.

4.8
2022-08-22 CVE-2022-0446 Simple Banner Project Unspecified vulnerability in Simple Banner Project Simple Banner

The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner Text" Settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-08-22 CVE-2022-1322 Rich WEB Unspecified vulnerability in Rich-Web Coming Soon

The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

4.8
2022-08-22 CVE-2022-2361 Quadlayers Unspecified vulnerability in Quadlayers WP Social Chat

The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks.

4.8
2022-08-22 CVE-2022-2407 Puvox Cross-site Scripting vulnerability in Puvox WP PHPmyadmin

The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-08-26 CVE-2022-0207 Ovirt
Redhat
A race condition was found in vdsm.
4.7
2022-08-22 CVE-2021-3521 RPM Unspecified vulnerability in RPM

There is a flaw in RPM's signature functionality.

4.7
2022-08-22 CVE-2022-35656 Pega Cross-Site Request Forgery (CSRF) vulnerability in Pega Platform

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly.

4.5
2022-08-26 CVE-2022-0168 Linux
Redhat
A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function.
4.4
2022-08-26 CVE-2022-0216 Qemu
Fedoraproject
A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU.
4.4
2022-08-26 CVE-2021-3735 Qemu
Debian
Improper Locking vulnerability in multiple products

A deadlock issue was found in the AHCI controller device of QEMU.

4.4
2022-08-24 CVE-2021-4159 Linux
Redhat
Debian
A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.
4.4
2022-08-27 CVE-2022-2787 Debian Improper Preservation of Permissions vulnerability in Debian Linux and Schroot

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.

4.3
2022-08-26 CVE-2021-3856 Redhat Path Traversal vulnerability in Redhat Keycloak

ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader.

4.3
2022-08-25 CVE-2022-32742 Samba Unspecified vulnerability in Samba

A flaw was found in Samba.

4.3
2022-08-25 CVE-2022-36358 Seoscout Unspecified vulnerability in Seoscout SEO Scout

Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings.

4.3
2022-08-24 CVE-2018-14519 Getkirby Cross-Site Request Forgery (CSRF) vulnerability in Getkirby Kirby 2.5.12

An issue was discovered in Kirby 2.5.12.

4.3
2022-08-24 CVE-2022-32857 Apple Unspecified vulnerability in Apple products

This issue was addressed by using HTTPS when sending information over the network.

4.3
2022-08-24 CVE-2021-4122 Cryptsetup Project Insufficient Verification of Data Authenticity vulnerability in Cryptsetup Project Cryptsetup

It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device.

4.3
2022-08-23 CVE-2021-3763 Redhat Incorrect Authorization vulnerability in Redhat AMQ Broker 7.8.0/7.8.1/7.8.2

A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console.

4.3
2022-08-23 CVE-2022-2965 Notrinos Unspecified vulnerability in Notrinos Notrinoserp

Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7.

4.3
2022-08-22 CVE-2022-1251 Inkthemes Cross-Site Request Forgery (CSRF) vulnerability in Inkthemes ASK ME

The Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.

4.3
2022-08-22 CVE-2022-2172 Linkworth Unspecified vulnerability in Linkworth

The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack.

4.3
2022-08-22 CVE-2022-2198 2Code Unspecified vulnerability in 2Code Wpqa Builder 5.2

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced.

4.3
2022-08-22 CVE-2022-2275 WP Edit Menu Project Unspecified vulnerability in WP Edit Menu Project WP Edit Menu

The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack

4.3
2022-08-22 CVE-2022-2276 WP Edit Menu Project Missing Authorization vulnerability in WP Edit Menu Project WP Edit Menu

The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog

4.3
2022-08-22 CVE-2022-2377 Wpwax Missing Authorization vulnerability in Wpwax Directorist

The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog

4.3
2022-08-22 CVE-2022-2382 Shapedplugin Missing Authorization vulnerability in Shapedplugin Product Slider for Woocommerce

The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them.

4.3
2022-08-22 CVE-2022-2389 Funnelkit Missing Authorization vulnerability in Funnelkit Automations

The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations

4.3
2022-08-22 CVE-2022-32768 Wwbn Unspecified vulnerability in Wwbn Avideo 11.6

Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364.

4.2

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-08-22 CVE-2022-34771 Tabit Unspecified vulnerability in Tabit

Tabit - arbitrary SMS send on Tabits behalf.

3.5
2022-08-26 CVE-2021-3574 Imagemagick
Fedoraproject
Memory Leak vulnerability in multiple products

A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.

3.3
2022-08-26 CVE-2021-3644 Redhat Unspecified vulnerability in Redhat Descision Manager and Wildfly

A flaw was found in wildfly-core in all versions.

3.3
2022-08-24 CVE-2021-4217 Unzip Project
Fedoraproject
Redhat
NULL Pointer Dereference vulnerability in multiple products

A flaw was found in unzip.

3.3
2022-08-22 CVE-2022-31237 Dell Improper Preservation of Permissions vulnerability in Dell EMC Powerscale Onefs

Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ.

3.3
2022-08-25 CVE-2022-36117 Ssctech Unspecified vulnerability in Ssctech Blue Prism

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01.

3.1
2022-08-26 CVE-2022-36168 Wuzhicms Path Traversal vulnerability in Wuzhicms 4.1.0

A directory traversal vulnerability was discovered in Wuzhicms 4.1.0.

2.7
2022-08-22 CVE-2022-2841 Crowdstrike Unspecified vulnerability in Crowdstrike Falcon 6.31.14505.0/6.42.15610/6.44.15806

A vulnerability was found in CrowdStrike Falcon 6.31.14505.0/6.42.15610/6.44.15806.

2.7