Weekly Vulnerabilities Reports > September 12 to 18, 2022
Overview
549 new vulnerabilities reported during this period, including 81 critical vulnerabilities and 296 high severity vulnerabilities. This weekly summary report vulnerabilities in 568 products from 189 vendors including Google, Huawei, Qualcomm, Siemens, and Debian. Vulnerabilities are notably categorized as "Out-of-bounds Write", "SQL Injection", "Cross-site Scripting", "Out-of-bounds Read", and "Classic Buffer Overflow".
- 380 reported vulnerabilities are remotely exploitables.
- 109 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 370 reported vulnerabilities are exploitable by an anonymous user.
- Google has the most reported vulnerabilities, with 78 reported vulnerabilities.
- Google has the most reported critical vulnerabilities, with 11 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
81 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-09-13 | CVE-2022-39206 | Onedev Project | Unspecified vulnerability in Onedev Project Onedev Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. | 9.9 |
2022-09-18 | CVE-2022-40766 | Moderncampus | SQL Injection vulnerability in Moderncampus Omni CMS 10.2.4 Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring. | 9.8 |
2022-09-17 | CVE-2022-39217 | Ghas TO CSV Project | Unspecified vulnerability in Ghas-To-Csv Project Ghas-To-Csv some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV. | 9.8 |
2022-09-16 | CVE-2022-40300 | Zohocorp | SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities. | 9.8 |
2022-09-16 | CVE-2022-37258 | Stealjs | Unspecified vulnerability in Stealjs Steal 2.2.4 Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js. | 9.8 |
2022-09-16 | CVE-2022-35939 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 9.8 | |
2022-09-16 | CVE-2022-38621 | Doufox | Unspecified vulnerability in Doufox 0.0.4 Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page. | 9.8 |
2022-09-16 | CVE-2022-3214 | Deltaww | Unspecified vulnerability in Deltaww Diaenergie Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. | 9.8 |
2022-09-16 | CVE-2021-40017 | Huawei | Improper Input Validation vulnerability in Huawei Emui and Harmonyos The HW_KEYMASTER module lacks the validity check of the key format. | 9.8 |
2022-09-16 | CVE-2022-38999 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The AOD module has the improper update of reference count vulnerability. | 9.8 |
2022-09-16 | CVE-2022-39000 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup. | 9.8 |
2022-09-16 | CVE-2022-39002 | Huawei | Double Free vulnerability in Huawei Emui, Harmonyos and Magic UI Double free vulnerability in the storage module. | 9.8 |
2022-09-16 | CVE-2022-39007 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation. | 9.8 |
2022-09-16 | CVE-2022-39009 | Huawei | Improper Authentication vulnerability in Huawei Emui and Harmonyos The WLAN module has a vulnerability in permission verification. | 9.8 |
2022-09-16 | CVE-2021-42949 | Digitaldruid | Improper Authentication vulnerability in Digitaldruid Hoteldruid 3.0.3 The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks. | 9.8 |
2022-09-16 | CVE-2022-38823 | Totolink | Use of Hard-coded Credentials vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518 In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample. | 9.8 |
2022-09-16 | CVE-2022-38826 | Totolink | OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518 In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi. | 9.8 |
2022-09-16 | CVE-2022-38827 | Totolink | Classic Buffer Overflow vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518 TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi | 9.8 |
2022-09-16 | CVE-2022-38828 | Totolink | OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518 TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi | 9.8 |
2022-09-16 | CVE-2022-38829 | Tenda | Classic Buffer Overflow vulnerability in Tenda RX9 PRO Firmware 22.03.02.10 Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg. | 9.8 |
2022-09-16 | CVE-2022-38830 | Tenda | Classic Buffer Overflow vulnerability in Tenda RX9 PRO Firmware 22.03.02.10 Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status. | 9.8 |
2022-09-16 | CVE-2022-38831 | Tenda | Classic Buffer Overflow vulnerability in Tenda RX9 PRO Firmware 22.03.02.10 Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList | 9.8 |
2022-09-16 | CVE-2022-22105 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music | 9.8 |
2022-09-16 | CVE-2022-25686 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 9.8 |
2022-09-16 | CVE-2022-25688 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 9.8 |
2022-09-16 | CVE-2022-25708 | Qualcomm | Classic Buffer Overflow vulnerability in Qualcomm products Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile | 9.8 |
2022-09-16 | CVE-2022-36536 | Syncovery | Use of Insufficiently Random Values vulnerability in Syncovery An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. | 9.8 |
2022-09-16 | CVE-2022-26959 | Globalnorthstar | SQL Injection vulnerability in Globalnorthstar Northstar Club Management 6.3 There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. | 9.8 |
2022-09-15 | CVE-2022-38325 | Tendacn | Classic Buffer Overflow vulnerability in Tendacn Ac15 Firmware and Ac18 Firmware Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile. | 9.8 |
2022-09-15 | CVE-2022-38326 | Tendacn | Classic Buffer Overflow vulnerability in Tendacn Ac15 Firmware and Ac18 Firmware Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting. | 9.8 |
2022-09-15 | CVE-2022-37264 | Stealjs | Unspecified vulnerability in Stealjs Steal 2.2.4 Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js. | 9.8 |
2022-09-15 | CVE-2022-37861 | Tenhot | Unspecified vulnerability in Tenhot Tws-100 Firmware 4.0201809201424 There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device. | 9.8 |
2022-09-15 | CVE-2022-2471 | Ezviz | Unspecified vulnerability in Ezviz products Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device. | 9.8 |
2022-09-15 | CVE-2022-37257 | Stealjs | Unspecified vulnerability in Stealjs Steal 2.2.4 Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js. | 9.8 |
2022-09-15 | CVE-2022-37266 | Stealjs | Unspecified vulnerability in Stealjs Steal 2.2.4 Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js. | 9.8 |
2022-09-15 | CVE-2022-38352 | Thinkphp | Deserialization of Untrusted Data vulnerability in Thinkphp 6.0.13 ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache. | 9.8 |
2022-09-14 | CVE-2022-38308 | Totolink | OS Command Injection vulnerability in Totolink A7000Ru Firmware 7.4Cu.2313B20191024 TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem. | 9.8 |
2022-09-14 | CVE-2022-35947 | Glpi Project | Unspecified vulnerability in Glpi-Project Glpi GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. | 9.8 |
2022-09-14 | CVE-2022-37661 | Adtran | Unspecified vulnerability in Adtran Sr506N Firmware and Sr510N Firmware SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature. | 9.8 |
2022-09-14 | CVE-2022-36436 | Osuosl | Improper Authentication vulnerability in Osuosl Twisted VNC Authentication Proxy OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session. | 9.8 |
2022-09-14 | CVE-2022-36669 | Hospital Information System Project | SQL Injection vulnerability in Hospital Information System Project Hospital Information System 1.0 Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. | 9.8 |
2022-09-14 | CVE-2022-37138 | Razormist | SQL Injection vulnerability in Razormist Loan Management System 1.0 Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form. | 9.8 |
2022-09-14 | CVE-2022-34831 | Primekey | Improper Certificate Validation vulnerability in Primekey Ejbca An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. | 9.8 |
2022-09-13 | CVE-2022-38768 | Transtek | Unspecified vulnerability in Transtek Mojodat Fixed Asset Management 2.4.6 The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization. | 9.8 |
2022-09-13 | CVE-2022-38771 | Transtek | SQL Injection vulnerability in Transtek Mojodat Fixed Asset Management 2.4.6 The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request. | 9.8 |
2022-09-13 | CVE-2022-35413 | Pentasecurity | Use of Hard-coded Credentials vulnerability in Pentasecurity Wapples WAPPLES through 6.0 has a hardcoded systemi account. | 9.8 |
2022-09-13 | CVE-2022-38637 | Hospital Management System Project | SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0 Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page. | 9.8 |
2022-09-13 | CVE-2022-39815 | Nokia | OS Command Injection vulnerability in Nokia 1350 Optical Management System 14.2 In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. | 9.8 |
2022-09-13 | CVE-2021-0942 | Out-of-bounds Read vulnerability in Google Android The path in this case is a little bit convoluted. | 9.8 | |
2022-09-13 | CVE-2022-20385 | Improper Validation of Specified Quantity in Input vulnerability in Google Android a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array 'policy[type]', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819 | 9.8 | |
2022-09-13 | CVE-2022-20386 | Unspecified vulnerability in Google Android Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328 | 9.8 | |
2022-09-13 | CVE-2022-20387 | Unspecified vulnerability in Google Android Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324 | 9.8 | |
2022-09-13 | CVE-2022-20388 | Unspecified vulnerability in Google Android Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323 | 9.8 | |
2022-09-13 | CVE-2022-20389 | Unspecified vulnerability in Google Android Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004 | 9.8 | |
2022-09-13 | CVE-2022-20390 | Unspecified vulnerability in Google Android Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002 | 9.8 | |
2022-09-13 | CVE-2022-20391 | Unspecified vulnerability in Google Android Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000 | 9.8 | |
2022-09-13 | CVE-2022-39205 | Onedev Project | Unspecified vulnerability in Onedev Project Onedev Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. | 9.8 |
2022-09-13 | CVE-2022-36779 | Proscend Advice | OS Command Injection vulnerability in multiple products PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301 | 9.8 |
2022-09-13 | CVE-2022-38537 | Archerydms | SQL Injection vulnerability in Archerydms Archery Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface. | 9.8 |
2022-09-13 | CVE-2022-38538 | Archerydms | SQL Injection vulnerability in Archerydms Archery Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module. | 9.8 |
2022-09-13 | CVE-2022-38539 | Archerydms | SQL Injection vulnerability in Archerydms Archery Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply. | 9.8 |
2022-09-13 | CVE-2022-38540 | Archerydms | SQL Injection vulnerability in Archerydms Archery Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface. | 9.8 |
2022-09-13 | CVE-2022-38541 | Archerydms | SQL Injection vulnerability in Archerydms Archery 1.8.3/1.8.4/1.8.5 Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface. | 9.8 |
2022-09-13 | CVE-2022-38542 | Archerydms | SQL Injection vulnerability in Archerydms Archery Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface. | 9.8 |
2022-09-13 | CVE-2022-37011 | Mendix | Unspecified vulnerability in Mendix Saml A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0). | 9.8 |
2022-09-12 | CVE-2022-38297 | Ucms Project | Reliance on Cookies without Validation and Integrity Checking vulnerability in Ucms Project Ucms 1.6 UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning. | 9.8 |
2022-09-12 | CVE-2022-38292 | Slims | Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.4.2 SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php. | 9.8 |
2022-09-12 | CVE-2022-38296 | Cuppacms | Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager. | 9.8 |
2022-09-12 | CVE-2022-1700 | Forcepoint | XXE vulnerability in Forcepoint products Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022. | 9.8 |
2022-09-12 | CVE-2022-37300 | Schneider Electric | Unspecified vulnerability in Schneider-Electric products A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus. | 9.8 |
2022-09-12 | CVE-2022-37860 | TP Link | OS Command Injection vulnerability in Tp-Link M7350 Firmware 190531 The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability. | 9.8 |
2022-09-12 | CVE-2022-37767 | Pebbletemplates | Incorrect Authorization vulnerability in Pebbletemplates Pebble Templates 3.1.5 Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. | 9.8 |
2022-09-12 | CVE-2022-37794 | Library Management System Project | SQL Injection vulnerability in Library Management System Project Library Management System 1.0 In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection. | 9.8 |
2022-09-16 | CVE-2022-35937 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 9.1 | |
2022-09-16 | CVE-2022-35938 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 9.1 | |
2022-09-16 | CVE-2021-40019 | Huawei | Out-of-bounds Read vulnerability in Huawei Emui and Magic UI Out-of-bounds heap read vulnerability in the HW_KEYMASTER module. | 9.1 |
2022-09-16 | CVE-2022-39003 | Huawei | Classic Buffer Overflow vulnerability in Huawei Emui and Magic UI Buffer overflow vulnerability in the video framework. | 9.1 |
2022-09-16 | CVE-2022-39008 | Huawei | Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos The NFC module has bundle serialization/deserialization vulnerabilities. | 9.1 |
2022-09-15 | CVE-2022-38789 | Airties | Authorization Bypass Through User-Controlled Key vulnerability in Airties products An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. | 9.1 |
2022-09-14 | CVE-2022-2900 | Parse URL Project | Server-Side Request Forgery (SSRF) vulnerability in Parse-Url Project Parse-Url Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0. | 9.1 |
2022-09-14 | CVE-2020-19586 | Yellowfinbi | Cross-site Scripting vulnerability in Yellowfinbi Business Intelligence 7.3 Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI. | 9.0 |
296 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-09-16 | CVE-2022-40337 | Aspiresoftware | Unspecified vulnerability in Aspiresoftware Open Aviation Strategic Engineering System 8.8.0.2 OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu. | 8.8 |
2022-09-16 | CVE-2022-38808 | Yimihome | SQL Injection vulnerability in Yimihome Ywoa 6.1 ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface. | 8.8 |
2022-09-16 | CVE-2022-38843 | Espocrm | Unrestricted Upload of File with Dangerous Type vulnerability in Espocrm 7.1.8 EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server. | 8.8 |
2022-09-16 | CVE-2022-1194 | Mobileeventsmanager | Unspecified vulnerability in Mobileeventsmanager Mobile Events Manager The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability. | 8.8 |
2022-09-16 | CVE-2022-36532 | Bolt | Unspecified vulnerability in Bolt CMS Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution. | 8.8 |
2022-09-16 | CVE-2022-36534 | Syncovery | Unspecified vulnerability in Syncovery Super Flexible Software GmbH & Co. | 8.8 |
2022-09-15 | CVE-2022-37201 | Jflyfox | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is vulnerable to SQL Injection. | 8.8 |
2022-09-15 | CVE-2022-37207 | Jflyfox | SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0 JFinal CMS 5.1.0 is affected by: SQL Injection. | 8.8 |
2022-09-15 | CVE-2022-3221 | Ikus Soft | Unspecified vulnerability in Ikus-Soft Rdiffweb Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3. | 8.8 |
2022-09-14 | CVE-2022-38301 | Onedev Project | Path Traversal vulnerability in Onedev Project Onedev 7.4.14 Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib. | 8.8 |
2022-09-14 | CVE-2022-3216 | Nintendo | Uncontrolled Recursion vulnerability in Nintendo Game BOY Color Firmware A vulnerability has been found in Nintendo Game Boy Color and classified as problematic. | 8.8 |
2022-09-14 | CVE-2022-36667 | Garage Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Garage Management System Project Garage Management System 1.0 Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function. | 8.8 |
2022-09-13 | CVE-2022-37190 | Cuppacms | Unspecified vulnerability in Cuppacms 1.0 CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). | 8.8 |
2022-09-13 | CVE-2022-38305 | Aerocms Project | Unrestricted Upload of File with Dangerous Type vulnerability in Aerocms Project Aerocms 0.0.1 AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php. | 8.8 |
2022-09-13 | CVE-2022-34102 | Crestron | Unspecified vulnerability in Crestron Airmedia 4.3.1.39 Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt. | 8.8 |
2022-09-13 | CVE-2022-35582 | Pentasecurity | Use of Hard-coded Credentials vulnerability in Pentasecurity Wapples 4.0.0/5.0.0.0/5.0.12.0 Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control. | 8.8 |
2022-09-13 | CVE-2022-39817 | Nokia | SQL Injection vulnerability in Nokia 1350 Optical Management System 14.2 In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs. | 8.8 |
2022-09-13 | CVE-2022-39819 | Nokia | OS Command Injection vulnerability in Nokia 1350 Optical Management System 14.2 In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs. | 8.8 |
2022-09-13 | CVE-2022-40622 | Wavlink | Improper Authentication vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325 The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens. | 8.8 |
2022-09-13 | CVE-2022-40623 | Wavlink | Cross-Site Request Forgery (CSRF) vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325 The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution. | 8.8 |
2022-09-13 | CVE-2022-32555 | Unisys | Cross-Site Request Forgery (CSRF) vulnerability in Unisys Data Exchange Management Studio 6.0.Ic1/7.0 Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. | 8.8 |
2022-09-13 | CVE-2022-34100 | Crestron | Unspecified vulnerability in Crestron Airmedia 4.3.1.39 A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation. | 8.8 |
2022-09-13 | CVE-2022-39203 | Matrix | Unspecified vulnerability in Matrix IRC Bridge matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. | 8.8 |
2022-09-13 | CVE-2022-36103 | Siderolabs | Incorrect Authorization vulnerability in Siderolabs Talos Linux Talos Linux is a Linux distribution built for Kubernetes deployments. | 8.8 |
2022-09-13 | CVE-2022-3179 | Ikus Soft | Unspecified vulnerability in Ikus-Soft Rdiffweb Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2. | 8.8 |
2022-09-13 | CVE-2022-38139 | Rdstation | Unspecified vulnerability in Rdstation RD Station Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress. | 8.8 |
2022-09-13 | CVE-2022-38616 | Bpcbt | SQL Injection vulnerability in Bpcbt Smartvista Front-End 2.2.22 SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf. | 8.8 |
2022-09-12 | CVE-2022-38298 | Appsmith | Server-Side Request Forgery (SSRF) vulnerability in Appsmith 1.7.11 Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint. | 8.8 |
2022-09-12 | CVE-2021-44426 | Anydesk | Unrestricted Upload of File with Dangerous Type vulnerability in Anydesk An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5. | 8.8 |
2022-09-12 | CVE-2022-29490 | Hitachienergy | Unspecified vulnerability in Hitachienergy Microscada X Sys600 Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role. | 8.8 |
2022-09-13 | CVE-2022-36782 | PAL ES | Unspecified vulnerability in Pal-Es Palgate Pal Electronics Systems - Pal Gate Authorization Errors. | 8.6 |
2022-09-16 | CVE-2022-28758 | Zoom | Unspecified vulnerability in Zoom On-Premise Meeting Connector MMR 4.6.239.20200613/4.6.365.20210703/4.8.102.20220310 Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. | 8.2 |
2022-09-15 | CVE-2022-29240 | Scylladb | Unspecified vulnerability in Scylladb Scylla Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. | 8.1 |
2022-09-14 | CVE-2022-36113 | Rust Lang | Unspecified vulnerability in Rust-Lang Cargo Cargo is a package manager for the rust programming language. | 8.1 |
2022-09-14 | CVE-2022-40674 | Libexpat Project Debian Fedoraproject | Use After Free vulnerability in multiple products libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c. | 8.1 |
2022-09-12 | CVE-2022-36173 | Freshworks | Improper Certificate Validation vulnerability in Freshworks Freshservice Agent and Freshservice Probe FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service. | 8.1 |
2022-09-12 | CVE-2022-36174 | Freshworks | Improper Validation of Integrity Check Value vulnerability in Freshworks Freshservice Agent FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0. | 8.1 |
2022-09-16 | CVE-2022-38844 | Espocrm | Improper Neutralization of Formula Elements in a CSV File vulnerability in Espocrm 7.1.8 CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. | 8.0 |
2022-09-16 | CVE-2022-2798 | Wpaffiliatemanager | Unspecified vulnerability in Wpaffiliatemanager Affiliates Manager The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data | 8.0 |
2022-09-14 | CVE-2022-37140 | Techvill | Unrestricted Upload of File with Dangerous Type vulnerability in Techvill Paymoney 3.3 PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). | 8.0 |
2022-09-18 | CVE-2022-3235 | VIM Fedoraproject Debian | Use After Free in GitHub repository vim/vim prior to 9.0.0490. | 7.8 |
2022-09-17 | CVE-2022-3234 | VIM Fedoraproject Debian | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | 7.8 |
2022-09-16 | CVE-2022-2332 | Honeywell | Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell Softmaster 4.51 A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment. | 7.8 |
2022-09-16 | CVE-2022-2333 | Honeywell | Uncontrolled Search Path Element vulnerability in Honeywell Softmaster 4.51 If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions. | 7.8 |
2022-09-16 | CVE-2022-38611 | Watchdog | Unspecified vulnerability in Watchdog Anti-Virus 1.4.158 Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary. | 7.8 |
2022-09-16 | CVE-2022-38415 | Adobe | Out-of-bounds Write vulnerability in Adobe Indesign Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. | 7.8 |
2022-09-16 | CVE-2022-38417 | Adobe | Out-of-bounds Read vulnerability in Adobe Indesign Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. | 7.8 |
2022-09-16 | CVE-2022-3176 | Linux Debian | Use After Free vulnerability in multiple products There exists a use-after-free in io_uring in the Linux kernel. | 7.8 |
2022-09-16 | CVE-2022-22066 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
2022-09-16 | CVE-2022-22074 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 |
2022-09-16 | CVE-2022-22081 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption in audio module due to integer overflow in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables | 7.8 |
2022-09-16 | CVE-2022-22089 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Memory corruption in audio while playing record due to improper list handling in two threads in Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables | 7.8 |
2022-09-16 | CVE-2022-22092 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 |
2022-09-16 | CVE-2022-22095 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption in synx driver due to use-after-free condition in the synx driver due to accessing object handles without acquiring lock in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 |
2022-09-16 | CVE-2022-25652 | Qualcomm | Improper Authentication vulnerability in Qualcomm products Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking | 7.8 |
2022-09-16 | CVE-2022-25656 | Qualcomm | Integer Overflow or Wraparound vulnerability in Qualcomm products Possible integer overflow and memory corruption due to improper validation of buffer size sent to write to console when computing the payload size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.8 |
2022-09-16 | CVE-2022-25693 | Qualcomm | Use After Free vulnerability in Qualcomm products Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile | 7.8 |
2022-09-16 | CVE-2020-23550 | Irfanview | Out-of-bounds Write vulnerability in Irfanview 4.54 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82. | 7.8 |
2022-09-16 | CVE-2020-23551 | Irfanview | Out-of-bounds Write vulnerability in Irfanview 4.54 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30. | 7.8 |
2022-09-16 | CVE-2020-23552 | Irfanview | Out-of-bounds Write vulnerability in Irfanview 4.54 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62. | 7.8 |
2022-09-16 | CVE-2020-23553 | Irfanview | Out-of-bounds Write vulnerability in Irfanview 4.54 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33. | 7.8 |
2022-09-16 | CVE-2020-23554 | Irfanview | Out-of-bounds Write vulnerability in Irfanview 4.54 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20. | 7.8 |
2022-09-16 | CVE-2020-23555 | Irfanview | Out-of-bounds Write vulnerability in Irfanview 4.54 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e. | 7.8 |
2022-09-16 | CVE-2020-23556 | Irfanview | Out-of-bounds Write vulnerability in Irfanview 4.54 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28. | 7.8 |
2022-09-16 | CVE-2020-23557 | Irfanview | Out-of-bounds Write vulnerability in Irfanview 4.54 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d. | 7.8 |
2022-09-16 | CVE-2020-23558 | Irfanview | Out-of-bounds Write vulnerability in Irfanview 4.54 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b. | 7.8 |
2022-09-16 | CVE-2020-23559 | Irfanview | Out-of-bounds Write vulnerability in Irfanview 4.54 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f. | 7.8 |
2022-09-16 | CVE-2020-23560 | Irfanview | Out-of-bounds Write vulnerability in Irfanview 4.54 IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab. | 7.8 |
2022-09-16 | CVE-2022-35415 | NI | Improper Input Validation vulnerability in NI Configuration Manager An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 |
2022-09-15 | CVE-2022-40636 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40637 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40638 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40639 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40640 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40641 | Ansys | Out-of-bounds Write vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40642 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40643 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40644 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40645 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40646 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40647 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40648 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40649 | Ansys | Access of Uninitialized Pointer vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40650 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40651 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40652 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40653 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40654 | Ansys | Unspecified vulnerability in Ansys Spaceclaim 2022 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1. | 7.8 |
2022-09-15 | CVE-2022-40655 | Nikon | Out-of-bounds Write vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. | 7.8 |
2022-09-15 | CVE-2022-40656 | Nikon | Unspecified vulnerability in Nikon Nis-Elements Viewer 13.2.0.21165 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 13.2.0.21165. | 7.8 |
2022-09-15 | CVE-2022-40657 | Nikon | Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. | 7.8 |
2022-09-15 | CVE-2022-40658 | Nikon | Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. | 7.8 |
2022-09-15 | CVE-2022-40659 | Nikon | Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. | 7.8 |
2022-09-15 | CVE-2022-40660 | Nikon | Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. | 7.8 |
2022-09-15 | CVE-2022-40661 | Nikon | Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. | 7.8 |
2022-09-15 | CVE-2022-40662 | Nikon | Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. | 7.8 |
2022-09-15 | CVE-2022-40663 | Nikon | Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. | 7.8 |
2022-09-15 | CVE-2022-38862 | Mplayerhq | Out-of-bounds Write vulnerability in Mplayerhq Mencoder and Mplayer Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639. | 7.8 |
2022-09-14 | CVE-2022-2977 | Linux | Use After Free vulnerability in Linux Kernel A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. | 7.8 |
2022-09-14 | CVE-2022-20364 | Out-of-bounds Write vulnerability in Google Android In sysmmu_unmap of TBD, there is a possible out of bounds write due to a missing bounds check. | 7.8 | |
2022-09-14 | CVE-2022-40673 | Kdiskmark Project Fedoraproject | Missing Authorization vulnerability in multiple products KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache. | 7.8 |
2022-09-13 | CVE-2022-31322 | Pentasecurity | Use of Hard-coded Credentials vulnerability in Pentasecurity Wapples 5.0.12.0/6.0.0/V6.0.R3.4.10 Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables. | 7.8 |
2022-09-13 | CVE-2022-34101 | Crestron | Uncontrolled Search Path Element vulnerability in Crestron Airmedia 4.3.1.39 A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack. | 7.8 |
2022-09-13 | CVE-2022-38633 | Genymobile | Uncontrolled Search Path Element vulnerability in Genymobile Genymotion Desktop 3.2.1 Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary. | 7.8 |
2022-09-13 | CVE-2022-34356 | IBM | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges. | 7.8 |
2022-09-13 | CVE-2022-36768 | IBM | Unspecified vulnerability in IBM AIX and Vios IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges. | 7.8 |
2022-09-13 | CVE-2022-38306 | Lief Project | Out-of-bounds Write vulnerability in Lief-Project Lief LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc. | 7.8 |
2022-09-13 | CVE-2022-38495 | Lief Project | Out-of-bounds Write vulnerability in Lief-Project Lief LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c. | 7.8 |
2022-09-13 | CVE-2021-0871 | Integer Overflow or Wraparound vulnerability in Google Android In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. | 7.8 | |
2022-09-13 | CVE-2021-0943 | Out-of-bounds Write vulnerability in Google Android In MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation. | 7.8 | |
2022-09-13 | CVE-2022-20392 | Improper Input Validation vulnerability in Google Android In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. | 7.8 | |
2022-09-13 | CVE-2022-20395 | Path Traversal vulnerability in Google Android In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error. | 7.8 | |
2022-09-13 | CVE-2022-20398 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 13.0 In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass. | 7.8 | |
2022-09-13 | CVE-2022-2962 | Qemu | Improper Synchronization vulnerability in Qemu A DMA reentrancy issue was found in the Tulip device emulation in QEMU. | 7.8 |
2022-09-13 | CVE-2022-35292 | SAP | Unspecified vulnerability in SAP Business ONE 10.0 In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges. | 7.8 |
2022-09-13 | CVE-2022-3170 | Linux | Out-of-bounds Read vulnerability in Linux Kernel 6.0 An out-of-bounds access issue was found in the Linux kernel sound subsystem. | 7.8 |
2022-09-13 | CVE-2022-38466 | Siemens | Incorrect Default Permissions vulnerability in Siemens Coreshield One-Way Gateway A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2). | 7.8 |
2022-09-13 | CVE-2022-39137 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39138 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39139 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39140 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39141 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39142 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39143 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39144 | Siemens | Out-of-bounds Write vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39145 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39146 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39147 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39148 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39149 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39150 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39151 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39152 | Siemens | Out-of-bounds Write vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39153 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39154 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39155 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-13 | CVE-2022-39156 | Siemens | Unspecified vulnerability in Siemens Parasolid and Simcenter Femap A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). | 7.8 |
2022-09-12 | CVE-2022-2979 | Omron | Use After Free vulnerability in Omron Cx-Programmer Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution. | 7.8 |
2022-09-12 | CVE-2022-31226 | Dell | Out-of-bounds Write vulnerability in Dell products Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability. | 7.8 |
2022-09-12 | CVE-2022-3178 | Gpac | Out-of-bounds Read vulnerability in Gpac Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV. | 7.8 |
2022-09-18 | CVE-2022-40769 | Profanity Project | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Profanity Project Profanity profanity through 1.60 has only four billion possible RNG initializations. | 7.5 |
2022-09-16 | CVE-2022-35991 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35992 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35993 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35994 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35995 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35996 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35997 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35998 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35999 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36000 | NULL Pointer Dereference vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36001 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36002 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36003 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36004 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36005 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36011 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36012 | Reachable Assertion vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36013 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36014 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36015 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36016 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36017 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36027 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35979 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35981 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35982 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35983 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35984 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35985 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35986 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35987 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35988 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35989 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35990 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36018 | Reachable Assertion vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36019 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-36026 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-3217 | Visam | Unspecified vulnerability in Visam Vbase 11.7.0.2 When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages. | 7.5 |
2022-09-16 | CVE-2022-40757 | Samsung | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen. | 7.5 |
2022-09-16 | CVE-2022-40758 | Samsung | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen. | 7.5 |
2022-09-16 | CVE-2022-40759 | Samsung | NULL Pointer Dereference vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation. | 7.5 |
2022-09-16 | CVE-2022-40760 | Samsung | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize. | 7.5 |
2022-09-16 | CVE-2022-40761 | Samsung | Improper Validation of Specified Quantity in Input vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc. | 7.5 |
2022-09-16 | CVE-2022-40762 | Samsung | Allocation of Resources Without Limits or Throttling vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len. | 7.5 |
2022-09-16 | CVE-2022-35964 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35965 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35966 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35967 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35968 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35969 | Reachable Assertion vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35970 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35971 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35972 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35973 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35974 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35934 | Reachable Assertion vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35935 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35940 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35941 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35952 | Reachable Assertion vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35959 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35960 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-35963 | Unspecified vulnerability in Google Tensorflow TensorFlow is an open source platform for machine learning. | 7.5 | |
2022-09-16 | CVE-2022-39063 | Open5Gs | Unspecified vulnerability in Open5Gs When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response. | 7.5 |
2022-09-16 | CVE-2020-36600 | Huawei | Out-of-bounds Write vulnerability in Huawei Emui and Magic UI Out-of-bounds write vulnerability in the power consumption module. | 7.5 |
2022-09-16 | CVE-2020-36601 | Huawei | Out-of-bounds Write vulnerability in Huawei Emui and Magic UI Out-of-bounds write vulnerability in the kernel modules. | 7.5 |
2022-09-16 | CVE-2021-40023 | Huawei | Unspecified vulnerability in Huawei Emui 12.0.0 Configuration defects in the secure OS module. | 7.5 |
2022-09-16 | CVE-2021-40024 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Implementation of the WLAN module interfaces has the information disclosure vulnerability. | 7.5 |
2022-09-16 | CVE-2021-46836 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos Implementation of the WLAN module interfaces has the information disclosure vulnerability. | 7.5 |
2022-09-16 | CVE-2022-38978 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The secure OS module has configuration defects. | 7.5 |
2022-09-16 | CVE-2022-38979 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The secure OS module has configuration defects. | 7.5 |
2022-09-16 | CVE-2022-38987 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The secure OS module has configuration defects. | 7.5 |
2022-09-16 | CVE-2022-38988 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The secure OS module has configuration defects. | 7.5 |
2022-09-16 | CVE-2022-38989 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The secure OS module has configuration defects. | 7.5 |
2022-09-16 | CVE-2022-38990 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The secure OS module has configuration defects. | 7.5 |
2022-09-16 | CVE-2022-38991 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The secure OS module has configuration defects. | 7.5 |
2022-09-16 | CVE-2022-38992 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The secure OS module has configuration defects. | 7.5 |
2022-09-16 | CVE-2022-38993 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The secure OS module has configuration defects. | 7.5 |
2022-09-16 | CVE-2022-38994 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The secure OS module has configuration defects. | 7.5 |
2022-09-16 | CVE-2022-38995 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The secure OS module has configuration defects. | 7.5 |
2022-09-16 | CVE-2022-38996 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The secure OS module has configuration defects. | 7.5 |
2022-09-16 | CVE-2022-38997 | Huawei | Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI The secure OS module has configuration defects. | 7.5 |
2022-09-16 | CVE-2022-39001 | Huawei | Path Traversal vulnerability in Huawei Emui, Harmonyos and Magic UI The number identification module has a path traversal vulnerability. | 7.5 |
2022-09-16 | CVE-2022-39004 | Huawei | Memory Leak vulnerability in Huawei Emui, Harmonyos and Magic UI The MPTCP module has the memory leak vulnerability. | 7.5 |
2022-09-16 | CVE-2022-39005 | Huawei | Memory Leak vulnerability in Huawei Emui, Harmonyos and Magic UI The MPTCP module has the memory leak vulnerability. | 7.5 |
2022-09-16 | CVE-2022-39010 | Huawei | Unspecified vulnerability in Huawei Emui and Harmonyos The HwChrService module has a vulnerability in permission control. | 7.5 |
2022-09-16 | CVE-2022-40149 | Jettison Project Debian | Out-of-bounds Write vulnerability in multiple products Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). | 7.5 |
2022-09-16 | CVE-2022-40150 | Jettison Project Debian | Uncontrolled Recursion vulnerability in multiple products Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). | 7.5 |
2022-09-16 | CVE-2022-40151 | Xstream Project | Out-of-bounds Write vulnerability in Xstream Project Xstream Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS). | 7.5 |
2022-09-16 | CVE-2022-40152 | Xstream Project Fasterxml | Out-of-bounds Write vulnerability in multiple products Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled. | 7.5 |
2022-09-16 | CVE-2022-22091 | Qualcomm | Unspecified vulnerability in Qualcomm products Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.5 |
2022-09-16 | CVE-2022-25669 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 |
2022-09-16 | CVE-2022-25670 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 |
2022-09-16 | CVE-2022-25690 | Qualcomm | Improper Validation of Array Index vulnerability in Qualcomm products Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 7.5 |
2022-09-16 | CVE-2022-25706 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.5 |
2022-09-15 | CVE-2022-36074 | Nextcloud | Incorrect Authorization vulnerability in Nextcloud Enterprise Server and Nextcloud Server Nextcloud server is an open source personal cloud product. | 7.5 |
2022-09-15 | CVE-2022-39213 | Pandatix | Unspecified vulnerability in Pandatix Go-Cvss 0.2.0/0.3.0 go-cvss is a Go module to manipulate Common Vulnerability Scoring System (CVSS). | 7.5 |
2022-09-15 | CVE-2022-37260 | Stealjs | Unspecified vulnerability in Stealjs Steal 2.2.4 A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js. | 7.5 |
2022-09-15 | CVE-2022-37262 | Stealjs | Unspecified vulnerability in Stealjs Steal 2.2.4 A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js. | 7.5 |
2022-09-15 | CVE-2022-3001 | Milesight | Improper Input Validation vulnerability in Milesight Video Management Systems Firmware 40.7.0.79 This vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface. | 7.5 |
2022-09-14 | CVE-2022-29492 | Hitachienergy | Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. | 7.5 |
2022-09-14 | CVE-2022-29922 | Hitachienergy | Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600. | 7.5 |
2022-09-14 | CVE-2022-2277 | Hitachienergy | Improper Validation of Specified Quantity in Input vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. | 7.5 |
2022-09-14 | CVE-2021-38924 | IBM | Information Exposure Through an Error Message vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 7.5 |
2022-09-14 | CVE-2022-3212 | Axum Core Project | Allocation of Resources Without Limits or Throttling vulnerability in Axum-Core Project Axum-Core <bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body. | 7.5 |
2022-09-13 | CVE-2022-38769 | Transtek | Unspecified vulnerability in Transtek Mojodat Fixed Asset Management 2.4.6 The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request. | 7.5 |
2022-09-13 | CVE-2022-39821 | Nokia | Information Exposure Through Log Files vulnerability in Nokia 1350 Optical Management System 14.2 In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs. | 7.5 |
2022-09-13 | CVE-2022-40621 | Wavlink | Authentication Bypass by Capture-replay vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325 Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack. | 7.5 |
2022-09-13 | CVE-2022-39208 | Onedev Project | Unspecified vulnerability in Onedev Project Onedev Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. | 7.5 |
2022-09-13 | CVE-2022-32190 | Golang | Path Traversal vulnerability in Golang GO 1.19.0 JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. | 7.5 |
2022-09-13 | CVE-2022-36104 | Typo3 | Unspecified vulnerability in Typo3 TYPO3 is an open source PHP based web content management system released under the GNU GPL. | 7.5 |
2022-09-13 | CVE-2022-39801 | SAP | Unspecified vulnerability in SAP Access Control 12 SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad. | 7.5 |
2022-09-13 | CVE-2022-3029 | Nlnetlabs | Unspecified vulnerability in Nlnetlabs Routinator In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit. | 7.5 |
2022-09-13 | CVE-2022-38100 | Contechealth | Unspecified vulnerability in Contechealth Cms8000 Firmware The CMS800 device fails while attempting to parse malformed network data sent by a threat actor. | 7.5 |
2022-09-13 | CVE-2022-1278 | Redhat | Insecure Default Initialization of Resource vulnerability in Redhat products A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. | 7.5 |
2022-09-13 | CVE-2022-3174 | Ikus Soft | Missing Encryption of Sensitive Data vulnerability in Ikus-Soft Rdiffweb Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2. | 7.5 |
2022-09-12 | CVE-2022-35572 | Linksys | Missing Authentication for Critical Function vulnerability in Linksys E5350 Firmware 1.0.00.037 On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID. | 7.5 |
2022-09-12 | CVE-2022-37797 | Lighttpd Debian | NULL Pointer Dereference vulnerability in multiple products In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received. | 7.5 |
2022-09-12 | CVE-2022-37734 | Graphql Java Project | Unspecified vulnerability in Graphql-Java Project Graphql-Java graphql-java before19.0 is vulnerable to Denial of Service. | 7.5 |
2022-09-12 | CVE-2022-37835 | Torguard | Insecure Storage of Sensitive Information vulnerability in Torguard VPN 4.8 Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges. | 7.5 |
2022-09-12 | CVE-2022-36255 | Inventorymanagementsystem Project | SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0 A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". | 7.5 |
2022-09-12 | CVE-2022-36256 | Inventorymanagementsystem Project | SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0 A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode". | 7.5 |
2022-09-12 | CVE-2022-36257 | Inventorymanagementsystem Project | SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0 A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc. | 7.5 |
2022-09-12 | CVE-2022-36258 | Inventorymanagementsystem Project | SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0 A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt". | 7.5 |
2022-09-12 | CVE-2022-36259 | Inventorymanagementsystem Project | SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0 A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc. | 7.5 |
2022-09-16 | CVE-2022-35193 | Testlink | SQL Injection vulnerability in Testlink 1.9.20 TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php. | 7.2 |
2022-09-16 | CVE-2022-35195 | Testlink | Unspecified vulnerability in Testlink 1.9.20 TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php | 7.2 |
2022-09-16 | CVE-2022-38877 | Garage Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Garage Management System Project Garage Management System 1.0 Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1. | 7.2 |
2022-09-16 | CVE-2022-38878 | School Activity Updates With SMS Notification Project | SQL Injection vulnerability in School Activity Updates With SMS Notification Project School Activity Updates With SMS Notification 1.0 School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=. | 7.2 |
2022-09-16 | CVE-2022-38832 | School Activity Updates With SMS Notification Project | SQL Injection vulnerability in School Activity Updates With SMS Notification Project School Activity Updates With SMS Notification 1.0 School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=. | 7.2 |
2022-09-16 | CVE-2022-38833 | School Activity Updates With SMS Notification Project | SQL Injection vulnerability in School Activity Updates With SMS Notification Project School Activity Updates With SMS Notification 1.0 School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=. | 7.2 |
2022-09-15 | CVE-2022-38534 | Totolink | OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374 TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function. | 7.2 |
2022-09-15 | CVE-2022-38535 | Totolink | OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374 TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function. | 7.2 |
2022-09-15 | CVE-2022-38594 | Church Management System Project | SQL Injection vulnerability in Church Management System Project Church Management System 1.0 Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php. | 7.2 |
2022-09-15 | CVE-2022-38595 | Church Management System Project | SQL Injection vulnerability in Church Management System Project Church Management System 1.0 Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php. | 7.2 |
2022-09-15 | CVE-2022-38323 | Event Management System Project | Unrestricted Upload of File with Dangerous Type vulnerability in Event Management System Project Event Management System 1.0 Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php. | 7.2 |
2022-09-13 | CVE-2022-40634 | Craftercms | Improper Control of Dynamically-Managed Code Resources vulnerability in Craftercms Crafter CMS Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI. | 7.2 |
2022-09-13 | CVE-2022-40635 | Craftercms | Improper Control of Dynamically-Managed Code Resources vulnerability in Craftercms Crafter CMS Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. | 7.2 |
2022-09-12 | CVE-2022-38302 | Online Leave Management System Project | SQL Injection vulnerability in Online Leave Management System Project Online Leave Management System 1.0 Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_department.php. | 7.2 |
2022-09-12 | CVE-2022-38303 | Online Leave Management System Project | SQL Injection vulnerability in Online Leave Management System Project Online Leave Management System 1.0 Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php. | 7.2 |
2022-09-12 | CVE-2022-38304 | Online Leave Management System Project | SQL Injection vulnerability in Online Leave Management System Project Online Leave Management System 1.0 Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_leave_type.php. | 7.2 |
2022-09-12 | CVE-2022-38605 | Church Management System Project | SQL Injection vulnerability in Church Management System Project Church Management System 1.0 Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php. | 7.2 |
2022-09-12 | CVE-2022-38606 | Garage Management System Project | SQL Injection vulnerability in Garage Management System Project Garage Management System 1.0 Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php. | 7.2 |
2022-09-12 | CVE-2022-38610 | Garage Management System Project | SQL Injection vulnerability in Garage Management System Project Garage Management System 1.0 Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php. | 7.2 |
2022-09-12 | CVE-2022-36102 | Shopware | Improper Preservation of Permissions vulnerability in Shopware Shopware is an open source e-commerce software. | 7.2 |
2022-09-14 | CVE-2022-3202 | Linux Netapp | A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. | 7.1 |
2022-09-13 | CVE-2022-2989 | Podman Project Redhat | An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | 7.1 |
2022-09-13 | CVE-2022-2990 | Buildah Project Redhat | An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | 7.1 |
2022-09-12 | CVE-2022-34108 | MSI | Unspecified vulnerability in MSI Micro-Star International Feature Navigator 1.0.1808.0901 An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file. | 7.1 |
2022-09-12 | CVE-2022-34109 | MSI | Unspecified vulnerability in MSI Micro-Star International Feature Navigator 1.0.1808.0901 An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size. | 7.1 |
2022-09-16 | CVE-2022-22093 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach IRQs from virtual interrupt sources in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.0 |
2022-09-16 | CVE-2022-22094 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.0 |
2022-09-16 | CVE-2022-25696 | Qualcomm | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.0 |
2022-09-13 | CVE-2021-0697 | Use After Free vulnerability in Google Android In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition. | 7.0 | |
2022-09-13 | CVE-2022-3182 | Devolutions | Unspecified vulnerability in Devolutions Remote Desktop Manager Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock. | 7.0 |
167 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-09-13 | CVE-2022-36385 | Contechealth | Unspecified vulnerability in Contechealth Cms8000 Firmware A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. | 6.8 |
2022-09-16 | CVE-2022-25654 | Qualcomm | Out-of-bounds Write vulnerability in Qualcomm products Memory corruption in kernel due to improper input validation while processing ION commands in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | 6.7 |
2022-09-14 | CVE-2022-20231 | Out-of-bounds Write vulnerability in Google Android In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation. | 6.7 | |
2022-09-16 | CVE-2022-34002 | Pdssoftware | Path Traversal vulnerability in Pdssoftware PDS Vista 7 The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application. | 6.5 |
2022-09-15 | CVE-2022-39209 | Github Fedoraproject | Algorithmic Complexity vulnerability in multiple products cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. | 6.5 |
2022-09-15 | CVE-2022-1798 | Kubevirt | Path Traversal vulnerability in Kubevirt A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107. | 6.5 |
2022-09-15 | CVE-2022-40736 | Axiosys | Unspecified vulnerability in Axiosys Bento4 1.6.0639 An issue was discovered in Bento4 1.6.0-639. | 6.5 |
2022-09-15 | CVE-2022-40737 | Axiosys | Out-of-bounds Read vulnerability in Axiosys Bento4 An issue was discovered in Bento4 through 1.6.0-639. | 6.5 |
2022-09-15 | CVE-2022-40738 | Axiosys | NULL Pointer Dereference vulnerability in Axiosys Bento4 An issue was discovered in Bento4 through 1.6.0-639. | 6.5 |
2022-09-14 | CVE-2022-40734 | Unisharp | Path Traversal vulnerability in Unisharp Laravel Filemanager UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F.. | 6.5 |
2022-09-14 | CVE-2020-36603 | Hoyoverse | Unspecified vulnerability in Hoyoverse Mhyprot2 1.0.0.0 The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. | 6.5 |
2022-09-14 | CVE-2022-40438 | Axiosys | Classic Buffer Overflow vulnerability in Axiosys Bento4 1.6.0639 Buffer overflow vulnerability in function AP4_MemoryByteStream::WritePartial in mp42aac in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file. | 6.5 |
2022-09-14 | CVE-2022-40439 | Axiosys | Memory Leak vulnerability in Axiosys Bento4 1.6.0639 An memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file. | 6.5 |
2022-09-14 | CVE-2022-35946 | Glpi Project | SQL Injection vulnerability in Glpi-Project Glpi GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. | 6.5 |
2022-09-14 | CVE-2022-36114 | Rust Lang | Unspecified vulnerability in Rust-Lang Cargo Cargo is a package manager for the rust programming language. | 6.5 |
2022-09-13 | CVE-2022-37191 | Cuppacms | Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0 The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. | 6.5 |
2022-09-13 | CVE-2022-31324 | Pentasecurity | Download of Code Without Integrity Check vulnerability in Pentasecurity Wapples An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request. | 6.5 |
2022-09-13 | CVE-2022-22483 | IBM | Improper Privilege Management vulnerability in IBM DB2 IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. | 6.5 |
2022-09-13 | CVE-2022-35637 | IBM | Unspecified vulnerability in IBM DB2 10.5/11.1/11.5 IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. | 6.5 |
2022-09-13 | CVE-2022-39816 | Nokia | Insufficiently Protected Credentials vulnerability in Nokia 1350 Optical Management System 14.2 In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page. | 6.5 |
2022-09-13 | CVE-2022-38342 | Safe | XXE vulnerability in Safe FME Server Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks. | 6.5 |
2022-09-12 | CVE-2021-44425 | Anydesk | Unspecified vulnerability in Anydesk An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3. | 6.5 |
2022-09-13 | CVE-2022-39202 | Matrix | Improper Privilege Management vulnerability in Matrix IRC Bridge matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. | 6.3 |
2022-09-16 | CVE-2020-25491 | 6Kare | Cross-site Scripting vulnerability in 6Kare Emakin 5.0.341.0 6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page. | 6.1 |
2022-09-16 | CVE-2022-37775 | Genesys | Cross-site Scripting vulnerability in Genesys Pureconnect Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter. | 6.1 |
2022-09-16 | CVE-2022-38845 | Espocrm | Cross-site Scripting vulnerability in Espocrm 7.1.8 Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user. | 6.1 |
2022-09-16 | CVE-2022-3223 | Diagrams | Unspecified vulnerability in Diagrams Drawio Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1. | 6.1 |
2022-09-16 | CVE-2022-2654 | Radiustheme | Unspecified vulnerability in Radiustheme products The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting | 6.1 |
2022-09-16 | CVE-2022-2655 | Radiustheme | Unspecified vulnerability in Radiustheme Classified Listing The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-09-16 | CVE-2022-2669 | WP Taxonomy Import Project | Unspecified vulnerability in WP Taxonomy Import Project WP Taxonomy Import The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting | 6.1 |
2022-09-15 | CVE-2022-29649 | Qsmart Next Project | Cross-site Scripting vulnerability in Qsmart Next Project Qsmart Next 4.1.2 Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability. | 6.1 |
2022-09-15 | CVE-2022-3224 | Parse URL Project | Unspecified vulnerability in Parse-Url Project Parse-Url Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0. | 6.1 |
2022-09-15 | CVE-2022-31735 | Osstech | Open Redirect vulnerability in Osstech Openam OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601). | 6.1 |
2022-09-14 | CVE-2022-37724 | Apple | Cross-site Scripting vulnerability in Apple Webobjects Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. | 6.1 |
2022-09-14 | CVE-2022-40365 | Gocron Project | Cross-site Scripting vulnerability in Gocron Project Gocron 1.5.3 Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue. | 6.1 |
2022-09-14 | CVE-2022-35945 | Glpi Project | Cross-site Scripting vulnerability in Glpi-Project Glpi GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. | 6.1 |
2022-09-14 | CVE-2022-38796 | Feehi | Injection vulnerability in Feehi CMS 2.1.1 A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header. | 6.1 |
2022-09-14 | CVE-2022-40626 | Zabbix Fedoraproject | Cross-site Scripting vulnerability in multiple products An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend. | 6.1 |
2022-09-13 | CVE-2022-39814 | Nokia | Open Redirect vulnerability in Nokia 1350 Optical Management System 14.2 In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter. | 6.1 |
2022-09-13 | CVE-2022-3205 | Redhat | Cross-site Scripting vulnerability in Redhat Ansible Automation Platform 1.2/2.0 Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection | 6.1 |
2022-09-13 | CVE-2022-36108 | Typo3 | Unspecified vulnerability in Typo3 TYPO3 is an open source PHP based web content management system released under the GNU GPL. | 6.1 |
2022-09-13 | CVE-2022-36020 | Typo3 | Unspecified vulnerability in Typo3 Html Sanitizer The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. | 6.1 |
2022-09-13 | CVE-2022-35298 | SAP | Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.50 SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | 6.1 |
2022-09-13 | CVE-2022-39799 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Abap An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack. | 6.1 |
2022-09-13 | CVE-2022-38069 | Contechealth | Use of Hard-coded Credentials vulnerability in Contechealth Cms8000 Firmware Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device. | 6.1 |
2022-09-12 | CVE-2022-38291 | Slims | Cross-site Scripting vulnerability in Slims Senayan Library Management System 9.4.2 SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function. | 6.1 |
2022-09-12 | CVE-2022-38295 | Cuppacms | Cross-site Scripting vulnerability in Cuppacms 1.0 Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups. | 6.1 |
2022-09-12 | CVE-2022-38972 | ARK WEB | Cross-site Scripting vulnerability in Ark-Web A-Form Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script. | 6.1 |
2022-09-16 | CVE-2022-39006 | Huawei | Race Condition vulnerability in Huawei Emui, Harmonyos and Magic UI The MPTCP module has the race condition vulnerability. | 5.9 |
2022-09-16 | CVE-2022-38846 | Espocrm | Cleartext Transmission of Sensitive Information vulnerability in Espocrm 7.1.8 EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP). | 5.9 |
2022-09-15 | CVE-2022-40306 | Ecisolutions | Unspecified vulnerability in Ecisolutions Printanista Managed Print Service 20220627 The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) before 5.5.2 (July 2023) performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS) by requesting that form repeatedly. | 5.9 |
2022-09-15 | CVE-2022-39215 | Tauri | Link Following vulnerability in Tauri Tauri is a framework for building binaries for all major desktop platforms. | 5.8 |
2022-09-14 | CVE-2022-36112 | Glpi Project | Unspecified vulnerability in Glpi-Project Glpi GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. | 5.8 |
2022-09-16 | CVE-2022-3225 | Budibase | Unspecified vulnerability in Budibase Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20. | 5.7 |
2022-09-13 | CVE-2022-3027 | Contechealth | Unspecified vulnerability in Contechealth Cms8000 Firmware The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point. | 5.7 |
2022-09-18 | CVE-2022-40774 | Axiosys | NULL Pointer Dereference vulnerability in Axiosys Bento4 An issue was discovered in Bento4 through 1.6.0-639. | 5.5 |
2022-09-18 | CVE-2022-40775 | Axiosys | NULL Pointer Dereference vulnerability in Axiosys Bento4 An issue was discovered in Bento4 through 1.6.0-639. | 5.5 |
2022-09-18 | CVE-2022-40768 | Linux Fedoraproject Debian | Use of Uninitialized Resource vulnerability in multiple products drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case. | 5.5 |
2022-09-17 | CVE-2022-39210 | Nextcloud | Path Traversal vulnerability in Nextcloud Nextcloud android is the official Android client for the Nextcloud home server platform. | 5.5 |
2022-09-16 | CVE-2022-40755 | Jasper Project | Reachable Assertion vulnerability in Jasper Project Jasper 3.0.6 JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c. | 5.5 |
2022-09-16 | CVE-2022-28855 | Adobe | Unspecified vulnerability in Adobe Indesign Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. | 5.5 |
2022-09-16 | CVE-2022-36402 | Linux | Integer Overflow or Wraparound vulnerability in Linux Kernel An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. | 5.5 |
2022-09-16 | CVE-2022-25653 | Qualcomm | Out-of-bounds Read vulnerability in Qualcomm products Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 5.5 |
2022-09-15 | CVE-2022-38334 | Xpdfreader | Uncontrolled Recursion vulnerability in Xpdfreader Xpdf XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc. | 5.5 |
2022-09-15 | CVE-2022-38600 | Mplayerhq | Memory Leak vulnerability in Mplayerhq Mplayer Svnr3837413.0.1 Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c. | 5.5 |
2022-09-15 | CVE-2022-38850 | Mplayerhq Debian | Divide By Zero vulnerability in multiple products The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c. | 5.5 |
2022-09-15 | CVE-2022-38851 | Mplayerhq Debian | Out-of-bounds Read vulnerability in multiple products Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c. | 5.5 |
2022-09-15 | CVE-2022-38890 | F5 | Out-of-bounds Read vulnerability in F5 NJS 0.7.7 Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h | 5.5 |
2022-09-15 | CVE-2022-38853 | Mplayerhq | Out-of-bounds Write vulnerability in Mplayerhq Mencoder and Mplayer Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c. | 5.5 |
2022-09-15 | CVE-2022-38855 | Mplayerhq Debian | Out-of-bounds Write vulnerability in multiple products Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c. | 5.5 |
2022-09-15 | CVE-2022-38856 | Mplayerhq | Out-of-bounds Write vulnerability in Mplayerhq Mencoder and Mplayer Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. | 5.5 |
2022-09-15 | CVE-2022-38858 | Mplayerhq Debian | Out-of-bounds Write vulnerability in multiple products Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c. | 5.5 |
2022-09-15 | CVE-2022-38860 | Mplayerhq Debian | Divide By Zero vulnerability in multiple products Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder. | 5.5 |
2022-09-15 | CVE-2022-38861 | Mplayerhq Debian | Out-of-bounds Write vulnerability in multiple products The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c. | 5.5 |
2022-09-15 | CVE-2022-38863 | Mplayerhq Debian | Out-of-bounds Write vulnerability in multiple products Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer. | 5.5 |
2022-09-15 | CVE-2022-38864 | Mplayerhq Debian | Out-of-bounds Write vulnerability in multiple products Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c. | 5.5 |
2022-09-15 | CVE-2022-38865 | Mplayerhq Debian | Divide By Zero vulnerability in multiple products Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c. | 5.5 |
2022-09-15 | CVE-2022-38866 | Mplayerhq Debian | Out-of-bounds Write vulnerability in multiple products Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c . | 5.5 |
2022-09-15 | CVE-2022-2472 | Ezviz | Unspecified vulnerability in Ezviz Cs-C6N-A0-1C2Wfr Firmware 5.3.0 Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password. | 5.5 |
2022-09-15 | CVE-2022-3222 | Gpac | Unspecified vulnerability in Gpac Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV. | 5.5 |
2022-09-14 | CVE-2022-40476 | Linux | NULL Pointer Dereference vulnerability in Linux Kernel A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62. | 5.5 |
2022-09-14 | CVE-2022-36056 | Sigstore | Unspecified vulnerability in Sigstore Cosign Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure. | 5.5 |
2022-09-14 | CVE-2022-0029 | Paloaltonetworks | Link Following vulnerability in Paloaltonetworks Cortex XDR Agent An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file. | 5.5 |
2022-09-13 | CVE-2022-38307 | Lief Project | NULL Pointer Dereference vulnerability in Lief-Project Lief LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp. | 5.5 |
2022-09-13 | CVE-2022-38496 | Lief Project | Reachable Assertion vulnerability in Lief-Project Lief LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp. | 5.5 |
2022-09-13 | CVE-2022-38497 | Lief Project | NULL Pointer Dereference vulnerability in Lief-Project Lief LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69. | 5.5 |
2022-09-13 | CVE-2022-20393 | Integer Underflow (Wrap or Wraparound) vulnerability in Google Android 11.0/12.0/12.1 In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. | 5.5 | |
2022-09-13 | CVE-2022-20396 | Insufficient Verification of Data Authenticity vulnerability in Google Android 12.1/13.0 In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass. | 5.5 | |
2022-09-13 | CVE-2022-20399 | Incorrect Permission Assignment for Critical Resource vulnerability in Google Android In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value. | 5.5 | |
2022-09-13 | CVE-2022-1602 | HP | Unspecified vulnerability in HP Thinpro 7.2 A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8). | 5.5 |
2022-09-13 | CVE-2022-3190 | Wireshark Fedoraproject | Infinite Loop vulnerability in multiple products Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file | 5.5 |
2022-09-13 | CVE-2022-37302 | Schneider Electric | Unspecified vulnerability in Schneider-Electric Ecostruxure Control Expert 15.1 A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened. | 5.5 |
2022-09-12 | CVE-2022-34110 | MSI | Unspecified vulnerability in MSI Micro-Star International Feature Navigator 1.0.1808.0901 An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size. | 5.5 |
2022-09-18 | CVE-2022-25873 | Vuetifyjs | Cross-site Scripting vulnerability in Vuetifyjs Vuetify The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component. | 5.4 |
2022-09-17 | CVE-2022-3231 | Librenms | Unspecified vulnerability in Librenms Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0. | 5.4 |
2022-09-16 | CVE-2022-35194 | Testlink | Cross-site Scripting vulnerability in Testlink 1.9.20 TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php. | 5.4 |
2022-09-16 | CVE-2022-37247 | Craftcms | Cross-site Scripting vulnerability in Craftcms Craft CMS 4.2.0.1 Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page. | 5.4 |
2022-09-16 | CVE-2022-37251 | Craftcms | Cross-site Scripting vulnerability in Craftcms Craft CMS 4.2.0.1 Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts. | 5.4 |
2022-09-16 | CVE-2022-30677 | Adobe | Unspecified vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2022-09-16 | CVE-2022-30678 | Adobe | Unspecified vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2022-09-16 | CVE-2022-30680 | Adobe | Unspecified vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2022-09-16 | CVE-2022-30681 | Adobe | Unspecified vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. | 5.4 |
2022-09-16 | CVE-2021-42597 | Storage Unit Rental Management System Project | Cross-site Scripting vulnerability in Storage Unit Rental Management System Project Storage Unit Rental Management System 1.0 A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form. | 5.4 |
2022-09-16 | CVE-2022-37248 | Craftcms | Cross-site Scripting vulnerability in Craftcms Craft CMS 4.2.0.1 Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php. | 5.4 |
2022-09-16 | CVE-2022-37250 | Craftcms | Cross-site Scripting vulnerability in Craftcms Craft CMS 4.2.0.1 Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount. | 5.4 |
2022-09-16 | CVE-2022-36533 | Syncovery | Cross-site Scripting vulnerability in Syncovery Super Flexible Software GmbH & Co. | 5.4 |
2022-09-15 | CVE-2022-38814 | Fiberhome | Cross-site Scripting vulnerability in Fiberhome An5506-02-B Firmware Rp2521 A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field. | 5.4 |
2022-09-15 | CVE-2022-3211 | Pimcore | Unspecified vulnerability in Pimcore Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6. | 5.4 |
2022-09-15 | CVE-2018-25047 | Smarty Debian | Cross-site Scripting vulnerability in multiple products In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. | 5.4 |
2022-09-14 | CVE-2022-31187 | Glpi Project | Unspecified vulnerability in Glpi-Project Glpi GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. | 5.4 |
2022-09-14 | CVE-2022-36668 | Garage Management System Project | Cross-site Scripting vulnerability in Garage Management System Project Garage Management System 1.0 Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. | 5.4 |
2022-09-14 | CVE-2022-37137 | Techvill | Cross-site Scripting vulnerability in Techvill Paymoney 3.3 PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. | 5.4 |
2022-09-14 | CVE-2022-37139 | Razormist | Cross-site Scripting vulnerability in Razormist Loan Management System 1.0 Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability. | 5.4 |
2022-09-14 | CVE-2020-19587 | Idera | Cross-site Scripting vulnerability in Idera Yellowfin Business Intelligence 7.3 Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI. | 5.4 |
2022-09-13 | CVE-2021-36568 | Moodle Fedoraproject | Cross-site Scripting vulnerability in multiple products In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). | 5.4 |
2022-09-13 | CVE-2022-31861 | Thingsboard | Cross-site Scripting vulnerability in Thingsboard Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs. | 5.4 |
2022-09-13 | CVE-2022-34336 | IBM | Cross-site Scripting vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 5.4 |
2022-09-13 | CVE-2022-39207 | Onedev Project | Incorrect Permission Assignment for Critical Resource vulnerability in Onedev Project Onedev Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. | 5.4 |
2022-09-13 | CVE-2022-36106 | Typo3 | Unspecified vulnerability in Typo3 TYPO3 is an open source PHP based web content management system released under the GNU GPL. | 5.4 |
2022-09-13 | CVE-2022-36107 | Typo3 | Unspecified vulnerability in Typo3 TYPO3 is an open source PHP based web content management system released under the GNU GPL. | 5.4 |
2022-09-13 | CVE-2022-35294 | SAP | Unspecified vulnerability in SAP Netweaver Application Server Abap An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack. | 5.4 |
2022-09-13 | CVE-2022-36778 | Synel | Cross-site Scripting vulnerability in Synel Eharmony 8.0.2.3 insert HTML / js code inside input how to get to the vulnerable input : Workers > worker nickname > inject in this input the code. | 5.4 |
2022-09-12 | CVE-2022-36254 | Hotel Management System Project | Cross-site Scripting vulnerability in Hotel Management System Project Hotel Management System 1.0 Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname". | 5.4 |
2022-09-12 | CVE-2022-37796 | Oretnom23 | Cross-site Scripting vulnerability in Oretnom23 Simple Online Book Store System 1.0 In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS). | 5.4 |
2022-09-17 | CVE-2022-39960 | Netic | Missing Authorization vulnerability in Netic Group Export 1.0.1 The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks. | 5.3 |
2022-09-17 | CVE-2022-39212 | Nextcloud | Unspecified vulnerability in Nextcloud Talk Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform. | 5.3 |
2022-09-16 | CVE-2022-39211 | Nextcloud | Unspecified vulnerability in Nextcloud Server Nextcloud server is an open source personal cloud platform. | 5.3 |
2022-09-16 | CVE-2022-37709 | Tesla | Authentication Bypass by Spoofing vulnerability in Tesla Model 3 Firmware and Tesla Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing. | 5.3 |
2022-09-16 | CVE-2022-30683 | Adobe | Unspecified vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend . | 5.3 |
2022-09-16 | CVE-2022-2877 | CM WP | Unspecified vulnerability in Cm-Wp Titan Anti-Spam & Security The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. | 5.3 |
2022-09-14 | CVE-2022-31143 | Glpi Project | Unspecified vulnerability in Glpi-Project Glpi GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. | 5.3 |
2022-09-13 | CVE-2022-38770 | Transtek | Unspecified vulnerability in Transtek Mojodat Fixed Asset Management 2.4.6 The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request. | 5.3 |
2022-09-13 | CVE-2022-22330 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Control Desk IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. | 5.3 |
2022-09-13 | CVE-2022-36105 | Typo3 | Unspecified vulnerability in Typo3 TYPO3 is an open source PHP based web content management system released under the GNU GPL. | 5.3 |
2022-09-13 | CVE-2022-39014 | SAP | Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 430 Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted. | 5.3 |
2022-09-13 | CVE-2022-36780 | Avdorcis | Missing Authentication for Critical Function vulnerability in Avdorcis Crystal Quality Avdor CIS - crystal quality Credentials Management Errors. | 5.3 |
2022-09-13 | CVE-2022-3175 | Ikus Soft | Improper Handling of Exceptional Conditions vulnerability in Ikus-Soft Rdiffweb Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2. | 5.3 |
2022-09-12 | CVE-2022-36101 | Shopware | Unspecified vulnerability in Shopware Shopware is an open source e-commerce software. | 5.3 |
2022-09-12 | CVE-2022-39200 | Matrix | Unspecified vulnerability in Matrix Dendrite Dendrite is a Matrix homeserver written in Go. | 5.3 |
2022-09-13 | CVE-2022-32244 | SAP | Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430 Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable. | 5.2 |
2022-09-12 | CVE-2022-31220 | Dell | Unchecked Return Value vulnerability in Dell products Dell BIOS versions contain an Unchecked Return Value vulnerability. | 5.1 |
2022-09-12 | CVE-2022-31225 | Dell | Unchecked Return Value vulnerability in Dell products Dell BIOS versions contain an Unchecked Return Value vulnerability. | 5.1 |
2022-09-16 | CVE-2022-2863 | Wpvivid | Unspecified vulnerability in Wpvivid Migration, Backup, Staging The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack | 4.9 |
2022-09-13 | CVE-2022-35295 | SAP | Unspecified vulnerability in SAP Host Agent 7.22 In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves. | 4.9 |
2022-09-16 | CVE-2021-41731 | News247 News Magazine CMS Project | Cross-site Scripting vulnerability in News247 News Magazine (Cms) Project News247 News Magazine (Cms) 1.0 Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field | 4.8 |
2022-09-16 | CVE-2022-2351 | Wpexperts | Unspecified vulnerability in Wpexperts Post Smtp The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed. | 4.8 |
2022-09-16 | CVE-2022-2575 | Woobewoo | Unspecified vulnerability in Woobewoo WBW Currency Switcher for Woocommerce The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-09-16 | CVE-2022-2635 | Autoptimize | Unspecified vulnerability in Autoptimize The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-09-16 | CVE-2022-2737 | WP Staging | Cross-site Scripting vulnerability in Wp-Staging WP Staging The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 |
2022-09-16 | CVE-2022-2799 | Wpaffiliatemanager | Unspecified vulnerability in Wpaffiliatemanager Affiliates Manager The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-09-16 | CVE-2022-2887 | Acnam | Unspecified vulnerability in Acnam WP Server Health Stats The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
2022-09-15 | CVE-2022-27561 | Hcltech | Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0/12.0.1.1 There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf). | 4.8 |
2022-09-15 | CVE-2021-44076 | Crushftp | Cross-site Scripting vulnerability in Crushftp An issue was discovered in CrushFTP 9. | 4.8 |
2022-09-14 | CVE-2022-1778 | Hitachienergy | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachienergy Microscada X Sys600 Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600. | 4.4 |
2022-09-13 | CVE-2022-38453 | Contechealth | Unspecified vulnerability in Contechealth Cms8000 Firmware Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings. | 4.4 |
2022-09-12 | CVE-2022-31222 | Dell | Missing Release of Resource after Effective Lifetime vulnerability in Dell products Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability. | 4.4 |
2022-09-17 | CVE-2022-3232 | Ikus Soft | Unspecified vulnerability in Ikus-Soft Rdiffweb Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5. | 4.3 |
2022-09-17 | CVE-2022-3173 | Snipeitapp | Unspecified vulnerability in Snipeitapp Snipe-It Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10. | 4.3 |
2022-09-16 | CVE-2022-29489 | Sucuri | Unspecified vulnerability in Sucuri Security Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation. | 4.3 |
2022-09-16 | CVE-2022-2912 | Craw Data Project | Server-Side Request Forgery (SSRF) vulnerability in Craw-Data Project Craw-Data The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF). | 4.3 |
2022-09-16 | CVE-2022-2913 | Login NO Captcha Recaptcha Project | Unspecified vulnerability in Login NO Captcha Recaptcha Project Login NO Captcha Recaptcha The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen. | 4.3 |
2022-09-15 | CVE-2022-36075 | Nextcloud | Improper Privilege Management vulnerability in Nextcloud Files Access Control Nextcloud files access control is a nextcloud app to manage access control for files. | 4.3 |
2022-09-15 | CVE-2022-38788 | Nokia | Unspecified vulnerability in Nokia Fastmile 5G Receiver Firmware 1.2104.00.0281 An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281. | 4.3 |
2022-09-13 | CVE-2022-22329 | IBM | Unspecified vulnerability in IBM Control Desk IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
2022-09-13 | CVE-2022-38329 | Shopxian | Cross-Site Request Forgery (CSRF) vulnerability in Shopxian CMS 3.0.0 An issue was discovered in Shopxian CMS 3.0.0. | 4.3 |
2022-09-12 | CVE-2022-38299 | Appsmith | Unspecified vulnerability in Appsmith 1.7.11 An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint. | 4.3 |
2022-09-12 | CVE-2022-38135 | Photospace Gallery Project | Unspecified vulnerability in Photospace Gallery Project Photospace Gallery 2.3.5 Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings. | 4.3 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2022-09-16 | CVE-2021-42948 | Digitaldruid | Cleartext Transmission of Sensitive Information vulnerability in Digitaldruid Hoteldruid HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's. | 3.7 |
2022-09-13 | CVE-2022-37703 | Amanda | Path Traversal vulnerability in Amanda 3.5.1 In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary. | 3.3 |
2022-09-12 | CVE-2022-31224 | Dell | Unspecified vulnerability in Dell products Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability. | 2.4 |
2022-09-12 | CVE-2022-31221 | Dell | Information Exposure vulnerability in Dell products Dell BIOS versions contain an Information Exposure vulnerability. | 2.3 |
2022-09-12 | CVE-2022-31223 | Dell | Unspecified vulnerability in Dell products Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability. | 2.3 |