Weekly Vulnerabilities Reports > September 12 to 18, 2022

Overview

549 new vulnerabilities reported during this period, including 81 critical vulnerabilities and 296 high severity vulnerabilities. This weekly summary report vulnerabilities in 568 products from 189 vendors including Google, Huawei, Qualcomm, Siemens, and Debian. Vulnerabilities are notably categorized as "Out-of-bounds Write", "SQL Injection", "Cross-site Scripting", "Out-of-bounds Read", and "Classic Buffer Overflow".

  • 380 reported vulnerabilities are remotely exploitables.
  • 109 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 370 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 78 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

81 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-13 CVE-2022-39206 Onedev Project Unspecified vulnerability in Onedev Project Onedev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban.

9.9
2022-09-18 CVE-2022-40766 Moderncampus SQL Injection vulnerability in Moderncampus Omni CMS 10.2.4

Modern Campus Omni CMS (formerly OU Campus) 10.2.4 allows login-page SQL injection via a '" OR 1 = 1 -- - , <?php' substring.

9.8
2022-09-17 CVE-2022-39217 Ghas TO CSV Project Unspecified vulnerability in Ghas-To-Csv Project Ghas-To-Csv

some-natalie/ghas-to-csv (GitHub Advanced Security to CSV) is a GitHub action which scrapes the GitHub Advanced Security API and shoves it into a CSV.

9.8
2022-09-16 CVE-2022-40300 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Password Manager PRO

Zoho ManageEngine Password Manager Pro through 12120 before 12121, PAM360 through 5550 before 5600, and Access Manager Plus through 4304 before 4305 have multiple SQL injection vulnerabilities.

9.8
2022-09-16 CVE-2022-37258 Stealjs Unspecified vulnerability in Stealjs Steal 2.2.4

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the packageName variable in npm-convert.js.

9.8
2022-09-16 CVE-2022-35939 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

9.8
2022-09-16 CVE-2022-38621 Doufox Unspecified vulnerability in Doufox 0.0.4

Doufox v0.0.4 was discovered to contain a remote code execution (RCE) vulnerability via the edit file page.

9.8
2022-09-16 CVE-2022-3214 Deltaww Unspecified vulnerability in Deltaww Diaenergie

Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials.

9.8
2022-09-16 CVE-2021-40017 Huawei Improper Input Validation vulnerability in Huawei Emui and Harmonyos

The HW_KEYMASTER module lacks the validity check of the key format.

9.8
2022-09-16 CVE-2022-38999 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The AOD module has the improper update of reference count vulnerability.

9.8
2022-09-16 CVE-2022-39000 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The iAware module has a vulnerability in managing malicious apps.Successful exploitation of this vulnerability will cause malicious apps to automatically start upon system startup.

9.8
2022-09-16 CVE-2022-39002 Huawei Double Free vulnerability in Huawei Emui, Harmonyos and Magic UI

Double free vulnerability in the storage module.

9.8
2022-09-16 CVE-2022-39007 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.

9.8
2022-09-16 CVE-2022-39009 Huawei Improper Authentication vulnerability in Huawei Emui and Harmonyos

The WLAN module has a vulnerability in permission verification.

9.8
2022-09-16 CVE-2021-42949 Digitaldruid Improper Authentication vulnerability in Digitaldruid Hoteldruid 3.0.3

The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a predictable session token, allowing attackers to bypass authentication via bruteforce attacks.

9.8
2022-09-16 CVE-2022-38823 Totolink Use of Hard-coded Credentials vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is a hard coded password for root in /etc/shadow.sample.

9.8
2022-09-16 CVE-2022-38826 Totolink OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518

In TOTOLINK T6 V4.1.5cu.709_B20210518, there is an execute arbitrary command in cstecgi.cgi.

9.8
2022-09-16 CVE-2022-38827 Totolink Classic Buffer Overflow vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518

TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to Buffer Overflow via cstecgi.cgi

9.8
2022-09-16 CVE-2022-38828 Totolink OS Command Injection vulnerability in Totolink T6 Firmware 4.1.5Cu.709B20210518

TOTOLINK T6 V4.1.5cu.709_B20210518 is vulnerable to command injection via cstecgi.cgi

9.8
2022-09-16 CVE-2022-38829 Tenda Classic Buffer Overflow vulnerability in Tenda RX9 PRO Firmware 22.03.02.10

Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setMacFilterCfg.

9.8
2022-09-16 CVE-2022-38830 Tenda Classic Buffer Overflow vulnerability in Tenda RX9 PRO Firmware 22.03.02.10

Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/setIPv6Status.

9.8
2022-09-16 CVE-2022-38831 Tenda Classic Buffer Overflow vulnerability in Tenda RX9 PRO Firmware 22.03.02.10

Tenda RX9_Pro V22.03.02.10 is vulnerable to Buffer Overflow via httpd/SetNetControlList

9.8
2022-09-16 CVE-2022-22105 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music

9.8
2022-09-16 CVE-2022-25686 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption in video module due to buffer overflow while processing WAV file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

9.8
2022-09-16 CVE-2022-25688 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

9.8
2022-09-16 CVE-2022-25708 Qualcomm Classic Buffer Overflow vulnerability in Qualcomm products

Memory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon Mobile

9.8
2022-09-16 CVE-2022-36536 Syncovery Use of Insufficiently Random Values vulnerability in Syncovery

An issue in the component post_applogin.php of Super Flexible Software GmbH & Co.

9.8
2022-09-16 CVE-2022-26959 Globalnorthstar SQL Injection vulnerability in Globalnorthstar Northstar Club Management 6.3

There are two full (read/write) Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application.

9.8
2022-09-15 CVE-2022-38325 Tendacn Classic Buffer Overflow vulnerability in Tendacn Ac15 Firmware and Ac18 Firmware

Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the filePath parameter at /goform/expandDlnaFile.

9.8
2022-09-15 CVE-2022-38326 Tendacn Classic Buffer Overflow vulnerability in Tendacn Ac15 Firmware and Ac18 Firmware

Tenda AC15 WiFi Router V15.03.05.19_multi and AC18 WiFi Router V15.03.05.19_multi were discovered to contain a buffer overflow via the page parameter at /goform/NatStaticSetting.

9.8
2022-09-15 CVE-2022-37264 Stealjs Unspecified vulnerability in Stealjs Steal 2.2.4

Prototype pollution vulnerability in stealjs steal 2.2.4 via the optionName variable in main.js.

9.8
2022-09-15 CVE-2022-37861 Tenhot Unspecified vulnerability in Tenhot Tws-100 Firmware 4.0201809201424

There is a remote code execution (RCE) vulnerability in Tenhot TWS-100 V4.0-201809201424 router device.

9.8
2022-09-15 CVE-2022-2471 Ezviz Unspecified vulnerability in Ezviz products

Stack-based Buffer Overflow vulnerability in the EZVIZ Motion Detection component as used in camera models CS-CV248, CS-C6N-A0-1C2WFR, CS-DB1C-A0-1E2W2FR, CS-C6N-B0-1G2WF, CS-C3W-A0-3H4WFRL allows a remote attacker to execute remote code on the device.

9.8
2022-09-15 CVE-2022-37257 Stealjs Unspecified vulnerability in Stealjs Steal 2.2.4

Prototype pollution vulnerability in function convertLater in npm-convert.js in stealjs steal 2.2.4 via the requestedVersion variable in npm-convert.js.

9.8
2022-09-15 CVE-2022-37266 Stealjs Unspecified vulnerability in Stealjs Steal 2.2.4

Prototype pollution vulnerability in function extend in babel.js in stealjs steal 2.2.4 via the key variable in babel.js.

9.8
2022-09-15 CVE-2022-38352 Thinkphp Deserialization of Untrusted Data vulnerability in Thinkphp 6.0.13

ThinkPHP v6.0.13 was discovered to contain a deserialization vulnerability via the component League\Flysystem\Cached\Storage\Psr6Cache.

9.8
2022-09-14 CVE-2022-38308 Totolink OS Command Injection vulnerability in Totolink A7000Ru Firmware 7.4Cu.2313B20191024

TOTOLink A700RU V7.4cu.2313_B20191024 was discovered to contain a command injection vulnerability via the lang parameter in the function cstesystem.

9.8
2022-09-14 CVE-2022-35947 Glpi Project Unspecified vulnerability in Glpi-Project Glpi

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.

9.8
2022-09-14 CVE-2022-37661 Adtran Unspecified vulnerability in Adtran Sr506N Firmware and Sr510N Firmware

SmartRG SR506n 2.5.15 and SR510n 2.6.13 routers are vulnerable to Remote Code Execution (RCE) via the ping host feature.

9.8
2022-09-14 CVE-2022-36436 Osuosl Improper Authentication vulnerability in Osuosl Twisted VNC Authentication Proxy

OSU Open Source Lab VNCAuthProxy through 1.1.1 is affected by an vncap/vnc/protocol.py VNCServerAuthenticator authentication-bypass vulnerability that could allow a malicious actor to gain unauthorized access to a VNC session or to disconnect a legitimate user from a VNC session.

9.8
2022-09-14 CVE-2022-36669 Hospital Information System Project SQL Injection vulnerability in Hospital Information System Project Hospital Information System 1.0

Hospital Information System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

9.8
2022-09-14 CVE-2022-37138 Razormist SQL Injection vulnerability in Razormist Loan Management System 1.0

Loan Management System 1.0 is vulnerable to SQL Injection at the login page, which allows unauthorized users to login as Administrator after injecting username form.

9.8
2022-09-14 CVE-2022-34831 Primekey Improper Certificate Validation vulnerability in Primekey Ejbca

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization.

9.8
2022-09-13 CVE-2022-38768 Transtek Unspecified vulnerability in Transtek Mojodat Fixed Asset Management 2.4.6

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to bypass authorization.

9.8
2022-09-13 CVE-2022-38771 Transtek SQL Injection vulnerability in Transtek Mojodat Fixed Asset Management 2.4.6

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to send SCRIPT tags as injected input to the API request.

9.8
2022-09-13 CVE-2022-35413 Pentasecurity Use of Hard-coded Credentials vulnerability in Pentasecurity Wapples

WAPPLES through 6.0 has a hardcoded systemi account.

9.8
2022-09-13 CVE-2022-38637 Hospital Management System Project SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0

Hospital Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the Username and Password parameters on the Login page.

9.8
2022-09-13 CVE-2022-39815 Nokia OS Command Injection vulnerability in Nokia 1350 Optical Management System 14.2

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs.

9.8
2022-09-13 CVE-2021-0942 Google Out-of-bounds Read vulnerability in Google Android

The path in this case is a little bit convoluted.

9.8
2022-09-13 CVE-2022-20385 Google Improper Validation of Specified Quantity in Input vulnerability in Google Android

a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array 'policy[type]', which OOB access happens.Product: AndroidVersions: Android SoCAndroid ID: A-238379819

9.8
2022-09-13 CVE-2022-20386 Google Unspecified vulnerability in Google Android

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227328

9.8
2022-09-13 CVE-2022-20387 Google Unspecified vulnerability in Google Android

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227324

9.8
2022-09-13 CVE-2022-20388 Google Unspecified vulnerability in Google Android

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238227323

9.8
2022-09-13 CVE-2022-20389 Google Unspecified vulnerability in Google Android

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257004

9.8
2022-09-13 CVE-2022-20390 Google Unspecified vulnerability in Google Android

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257002

9.8
2022-09-13 CVE-2022-20391 Google Unspecified vulnerability in Google Android

Summary:Product: AndroidVersions: Android SoCAndroid ID: A-238257000

9.8
2022-09-13 CVE-2022-39205 Onedev Project Unspecified vulnerability in Onedev Project Onedev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban.

9.8
2022-09-13 CVE-2022-36779 Proscend
Advice
OS Command Injection vulnerability in multiple products

PROSCEND - PROSCEND / ADVICE .Ltd - G/5G Industrial Cellular Router (with GPS)4 Unauthenticated OS Command Injection Proscend M330-w / M33-W5 / M350-5G / M350-W5G / M350-6 / M350-W6 / M301-G / M301-GW ADVICE ICR 111WG / https://www.proscend.com/en/category/industrial-Cellular-Router/industrial-Cellular-Router.html https://cdn.shopify.com/s/files/1/0036/9413/3297/files/ADVICE_Industrial_4G_LTE_Cellular_Router_ICR111WG.pdf?v=1620814301

9.8
2022-09-13 CVE-2022-38537 Archerydms SQL Injection vulnerability in Archerydms Archery

Archery v1.4.5 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_file, end_file, start_time, and stop_time parameters in the binlog2sql interface.

9.8
2022-09-13 CVE-2022-38538 Archerydms SQL Injection vulnerability in Archerydms Archery

Archery v1.7.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the checksum parameter in the report module.

9.8
2022-09-13 CVE-2022-38539 Archerydms SQL Injection vulnerability in Archerydms Archery

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply.

9.8
2022-09-13 CVE-2022-38540 Archerydms SQL Injection vulnerability in Archerydms Archery

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the create_kill_session interface.

9.8
2022-09-13 CVE-2022-38541 Archerydms SQL Injection vulnerability in Archerydms Archery 1.8.3/1.8.4/1.8.5

Archery v1.8.3 to v1.8.5 was discovered to contain multiple SQL injection vulnerabilities via the start_time and stop_time parameters in the my2sql interface.

9.8
2022-09-13 CVE-2022-38542 Archerydms SQL Injection vulnerability in Archerydms Archery

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the kill_session interface.

9.8
2022-09-13 CVE-2022-37011 Mendix Unspecified vulnerability in Mendix Saml

A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions < V1.17.0), Mendix SAML (Mendix 8 compatible) (All versions < V2.3.0), Mendix SAML (Mendix 9 compatible, New Track) (All versions < V3.3.1), Mendix SAML (Mendix 9 compatible, Upgrade Track) (All versions < V3.3.0).

9.8
2022-09-12 CVE-2022-38297 Ucms Project Reliance on Cookies without Validation and Integrity Checking vulnerability in Ucms Project Ucms 1.6

UCMS v1.6.0 contains an authentication bypass vulnerability which is exploited via cookie poisoning.

9.8
2022-09-12 CVE-2022-38292 Slims Server-Side Request Forgery (SSRF) vulnerability in Slims Senayan Library Management System 9.4.2

SLiMS Senayan Library Management System v9.4.2 was discovered to contain multiple Server-Side Request Forgeries via the components /bibliography/marcsru.php and /bibliography/z3950sru.php.

9.8
2022-09-12 CVE-2022-38296 Cuppacms Unrestricted Upload of File with Dangerous Type vulnerability in Cuppacms 1.0

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager.

9.8
2022-09-12 CVE-2022-1700 Forcepoint XXE vulnerability in Forcepoint products

Improper Restriction of XML External Entity Reference ('XXE') vulnerability in the Policy Engine of Forcepoint Data Loss Prevention (DLP), which is also leveraged by Forcepoint One Endpoint (F1E), Web Security Content Gateway, Email Security with DLP enabled, and Cloud Security Gateway prior to June 20, 2022.

9.8
2022-09-12 CVE-2022-37300 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-640: Weak Password Recovery Mechanism for Forgotten Password vulnerability exists that could cause unauthorized access in read and write mode to the controller when communicating over Modbus.

9.8
2022-09-12 CVE-2022-37860 TP Link OS Command Injection vulnerability in Tp-Link M7350 Firmware 190531

The web configuration interface of the TP-Link M7350 V3 with firmware version 190531 is affected by a pre-authentication command injection vulnerability.

9.8
2022-09-12 CVE-2022-37767 Pebbletemplates Incorrect Authorization vulnerability in Pebbletemplates Pebble Templates 3.1.5

Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok.

9.8
2022-09-12 CVE-2022-37794 Library Management System Project SQL Injection vulnerability in Library Management System Project Library Management System 1.0

In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection.

9.8
2022-09-16 CVE-2022-35937 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

9.1
2022-09-16 CVE-2022-35938 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

9.1
2022-09-16 CVE-2021-40019 Huawei Out-of-bounds Read vulnerability in Huawei Emui and Magic UI

Out-of-bounds heap read vulnerability in the HW_KEYMASTER module.

9.1
2022-09-16 CVE-2022-39003 Huawei Classic Buffer Overflow vulnerability in Huawei Emui and Magic UI

Buffer overflow vulnerability in the video framework.

9.1
2022-09-16 CVE-2022-39008 Huawei Deserialization of Untrusted Data vulnerability in Huawei Emui and Harmonyos

The NFC module has bundle serialization/deserialization vulnerabilities.

9.1
2022-09-15 CVE-2022-38789 Airties Authorization Bypass Through User-Controlled Key vulnerability in Airties products

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04.

9.1
2022-09-14 CVE-2022-2900 Parse URL Project Server-Side Request Forgery (SSRF) vulnerability in Parse-Url Project Parse-Url

Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.

9.1
2022-09-14 CVE-2020-19586 Yellowfinbi Cross-site Scripting vulnerability in Yellowfinbi Business Intelligence 7.3

Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to escalate privilege via MIAdminStyles.i4 Admin UI.

9.0

296 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-16 CVE-2022-40337 Aspiresoftware Unspecified vulnerability in Aspiresoftware Open Aviation Strategic Engineering System 8.8.0.2

OASES (aka Open Aviation Strategic Engineering System) 8.8.0.2 allows attackers to execute arbitrary code via the Open Print Folder menu.

8.8
2022-09-16 CVE-2022-38808 Yimihome SQL Injection vulnerability in Yimihome Ywoa 6.1

ywoa v6.1 is vulnerable to SQL Injection via backend/oa/visual/exportExcel.do interface.

8.8
2022-09-16 CVE-2022-38843 Espocrm Unrestricted Upload of File with Dangerous Type vulnerability in Espocrm 7.1.8

EspoCRM version 7.1.8 is vulnerable to Unrestricted File Upload allowing attackers to upload malicious file with any extension to the server.

8.8
2022-09-16 CVE-2022-1194 Mobileeventsmanager Unspecified vulnerability in Mobileeventsmanager Mobile Events Manager

The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability.

8.8
2022-09-16 CVE-2022-36532 Bolt Unspecified vulnerability in Bolt CMS

Bolt CMS contains a vulnerability in version 5.1.12 and below that allows an authenticated user with the ROLE_EDITOR privileges to upload and rename a malicious file to achieve remote code execution.

8.8
2022-09-16 CVE-2022-36534 Syncovery Unspecified vulnerability in Syncovery

Super Flexible Software GmbH & Co.

8.8
2022-09-15 CVE-2022-37201 Jflyfox SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0

JFinal CMS 5.1.0 is vulnerable to SQL Injection.

8.8
2022-09-15 CVE-2022-37207 Jflyfox SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0

JFinal CMS 5.1.0 is affected by: SQL Injection.

8.8
2022-09-15 CVE-2022-3221 Ikus Soft Unspecified vulnerability in Ikus-Soft Rdiffweb

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.3.

8.8
2022-09-14 CVE-2022-38301 Onedev Project Path Traversal vulnerability in Onedev Project Onedev 7.4.14

Onedev v7.4.14 contains a path traversal vulnerability which allows attackers to access restricted files and directories via uploading a crafted JAR file into the directory /opt/onedev/lib.

8.8
2022-09-14 CVE-2022-3216 Nintendo Uncontrolled Recursion vulnerability in Nintendo Game BOY Color Firmware

A vulnerability has been found in Nintendo Game Boy Color and classified as problematic.

8.8
2022-09-14 CVE-2022-36667 Garage Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Garage Management System Project Garage Management System 1.0

Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file upload function.

8.8
2022-09-13 CVE-2022-37190 Cuppacms Unspecified vulnerability in Cuppacms 1.0

CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE).

8.8
2022-09-13 CVE-2022-38305 Aerocms Project Unrestricted Upload of File with Dangerous Type vulnerability in Aerocms Project Aerocms 0.0.1

AeroCMS v0.0.1 was discovered to contain an arbitrary file upload vulnerability via the component /admin/profile.php.

8.8
2022-09-13 CVE-2022-34102 Crestron Unspecified vulnerability in Crestron Airmedia 4.3.1.39

Insufficient access control vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can pause the uninstallation of an executable to gain a SYSTEM level command prompt.

8.8
2022-09-13 CVE-2022-35582 Pentasecurity Use of Hard-coded Credentials vulnerability in Pentasecurity Wapples 4.0.0/5.0.0.0/5.0.12.0

Penta Security Systems Inc WAPPLES 4.0.*, 5.0.0.*, 5.0.12.* are vulnerable to Incorrect Access Control.

8.8
2022-09-13 CVE-2022-39817 Nokia SQL Injection vulnerability in Nokia 1350 Optical Management System 14.2

In NOKIA 1350 OMS R14.2, multiple SQL Injection vulnerabilities occurs.

8.8
2022-09-13 CVE-2022-39819 Nokia OS Command Injection vulnerability in Nokia 1350 Optical Management System 14.2

In NOKIA 1350 OMS R14.2, multiple OS Command Injection vulnerabilities occurs.

8.8
2022-09-13 CVE-2022-40622 Wavlink Improper Authentication vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses to hold sessions and does not not use session tokens.

8.8
2022-09-13 CVE-2022-40623 Wavlink Cross-Site Request Forgery (CSRF) vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325

The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 does not utilize anti-CSRF tokens, which, when combined with other issues (such as CVE-2022-35518), can lead to remote, unauthenticated command execution.

8.8
2022-09-13 CVE-2022-32555 Unisys Cross-Site Request Forgery (CSRF) vulnerability in Unisys Data Exchange Management Studio 6.0.Ic1/7.0

Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request.

8.8
2022-09-13 CVE-2022-34100 Crestron Unspecified vulnerability in Crestron Airmedia 4.3.1.39

A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a low-privileged user can gain a SYSTEM level command prompt by pre-staging a file structure prior to the installation of a trusted service executable and change permissions on that file structure during a repair operation.

8.8
2022-09-13 CVE-2022-39203 Matrix Unspecified vulnerability in Matrix IRC Bridge

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix.

8.8
2022-09-13 CVE-2022-36103 Siderolabs Incorrect Authorization vulnerability in Siderolabs Talos Linux

Talos Linux is a Linux distribution built for Kubernetes deployments.

8.8
2022-09-13 CVE-2022-3179 Ikus Soft Unspecified vulnerability in Ikus-Soft Rdiffweb

Weak Password Requirements in GitHub repository ikus060/rdiffweb prior to 2.4.2.

8.8
2022-09-13 CVE-2022-38139 Rdstation Unspecified vulnerability in Rdstation RD Station

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in RD Station plugin <= 5.2.0 at WordPress.

8.8
2022-09-13 CVE-2022-38616 Bpcbt SQL Injection vulnerability in Bpcbt Smartvista Front-End 2.2.22

SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /feegroups/tgrt_group.jsf.

8.8
2022-09-12 CVE-2022-38298 Appsmith Server-Side Request Forgery (SSRF) vulnerability in Appsmith 1.7.11

Appsmith v1.7.11 was discovered to allow attackers to execute an authenticated Server-Side Request Forgery (SSRF) via redirecting incoming requests to the AWS internal metadata endpoint.

8.8
2022-09-12 CVE-2021-44426 Anydesk Unrestricted Upload of File with Dangerous Type vulnerability in Anydesk

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.5.

8.8
2022-09-12 CVE-2022-29490 Hitachienergy Unspecified vulnerability in Hitachienergy Microscada X Sys600

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy MicroSCADA X SYS600 allows an authenticated user to execute any MicroSCADA internal scripts irrespective of the authenticated user's role.

8.8
2022-09-13 CVE-2022-36782 PAL ES Unspecified vulnerability in Pal-Es Palgate

Pal Electronics Systems - Pal Gate Authorization Errors.

8.6
2022-09-16 CVE-2022-28758 Zoom Unspecified vulnerability in Zoom On-Premise Meeting Connector MMR 4.6.239.20200613/4.6.365.20210703/4.8.102.20220310

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability.

8.2
2022-09-15 CVE-2022-29240 Scylladb Unspecified vulnerability in Scylladb Scylla

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB.

8.1
2022-09-14 CVE-2022-36113 Rust Lang Unspecified vulnerability in Rust-Lang Cargo

Cargo is a package manager for the rust programming language.

8.1
2022-09-14 CVE-2022-40674 Libexpat Project
Debian
Fedoraproject
Use After Free vulnerability in multiple products

libexpat before 2.4.9 has a use-after-free in the doContent function in xmlparse.c.

8.1
2022-09-12 CVE-2022-36173 Freshworks Improper Certificate Validation vulnerability in Freshworks Freshservice Agent and Freshservice Probe

FreshService macOS Agent < 4.4.0 and FreshServce Linux Agent < 3.4.0 are vulnerable to TLS Man-in-The-Middle via the FreshAgent client and scheduled update service.

8.1
2022-09-12 CVE-2022-36174 Freshworks Improper Validation of Integrity Check Value vulnerability in Freshworks Freshservice Agent

FreshService Windows Agent < 2.11.0 and FreshService macOS Agent < 4.2.0 and FreshService Linux Agent < 3.3.0.

8.1
2022-09-16 CVE-2022-38844 Espocrm Improper Neutralization of Formula Elements in a CSV File vulnerability in Espocrm 7.1.8

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands.

8.0
2022-09-16 CVE-2022-2798 Wpaffiliatemanager Unspecified vulnerability in Wpaffiliatemanager Affiliates Manager

The Affiliates Manager WordPress plugin before 2.9.14 does not validate and sanitise the affiliate data, which could allow users registering as affiliate to perform CSV injection attacks against an admin exporting the data

8.0
2022-09-14 CVE-2022-37140 Techvill Unrestricted Upload of File with Dangerous Type vulnerability in Techvill Paymoney 3.3

PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE).

8.0
2022-09-18 CVE-2022-3235 VIM
Fedoraproject
Debian
Use After Free in GitHub repository vim/vim prior to 9.0.0490.
7.8
2022-09-17 CVE-2022-3234 VIM
Fedoraproject
Debian
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483.
7.8
2022-09-16 CVE-2022-2332 Honeywell Incorrect Permission Assignment for Critical Resource vulnerability in Honeywell Softmaster 4.51

A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.51, due to insecure permission assignment.

7.8
2022-09-16 CVE-2022-2333 Honeywell Uncontrolled Search Path Element vulnerability in Honeywell Softmaster 4.51

If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4.51 application’s context and permissions.

7.8
2022-09-16 CVE-2022-38611 Watchdog Unspecified vulnerability in Watchdog Anti-Virus 1.4.158

Incorrect access control in Watchdog Anti-Virus v1.4.158 allows attackers to perform a DLL hijacking attack and execute arbitrary code via a crafted binary.

7.8
2022-09-16 CVE-2022-38415 Adobe Out-of-bounds Write vulnerability in Adobe Indesign

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-09-16 CVE-2022-38417 Adobe Out-of-bounds Read vulnerability in Adobe Indesign

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

7.8
2022-09-16 CVE-2022-3176 Linux
Debian
Use After Free vulnerability in multiple products

There exists a use-after-free in io_uring in the Linux kernel.

7.8
2022-09-16 CVE-2022-22066 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Memory corruption occurs while processing command received from HLOS due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.8
2022-09-16 CVE-2022-22074 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.8
2022-09-16 CVE-2022-22081 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Memory corruption in audio module due to integer overflow in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables

7.8
2022-09-16 CVE-2022-22089 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Memory corruption in audio while playing record due to improper list handling in two threads in Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wearables

7.8
2022-09-16 CVE-2022-22092 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption in kernel due to use after free issue in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.8
2022-09-16 CVE-2022-22095 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption in synx driver due to use-after-free condition in the synx driver due to accessing object handles without acquiring lock in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.8
2022-09-16 CVE-2022-25652 Qualcomm Improper Authentication vulnerability in Qualcomm products

Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure and Networking

7.8
2022-09-16 CVE-2022-25656 Qualcomm Integer Overflow or Wraparound vulnerability in Qualcomm products

Possible integer overflow and memory corruption due to improper validation of buffer size sent to write to console when computing the payload size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.8
2022-09-16 CVE-2022-25693 Qualcomm Use After Free vulnerability in Qualcomm products

Memory corruption in graphics due to use-after-free while graphics profiling in Snapdragon Connectivity, Snapdragon Mobile

7.8
2022-09-16 CVE-2020-23550 Irfanview Out-of-bounds Write vulnerability in Irfanview 4.54

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e82.

7.8
2022-09-16 CVE-2020-23551 Irfanview Out-of-bounds Write vulnerability in Irfanview 4.54

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e30.

7.8
2022-09-16 CVE-2020-23552 Irfanview Out-of-bounds Write vulnerability in Irfanview 4.54

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e62.

7.8
2022-09-16 CVE-2020-23553 Irfanview Out-of-bounds Write vulnerability in Irfanview 4.54

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007d33.

7.8
2022-09-16 CVE-2020-23554 Irfanview Out-of-bounds Write vulnerability in Irfanview 4.54

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e20.

7.8
2022-09-16 CVE-2020-23555 Irfanview Out-of-bounds Write vulnerability in Irfanview 4.54

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e6e.

7.8
2022-09-16 CVE-2020-23556 Irfanview Out-of-bounds Write vulnerability in Irfanview 4.54

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000007e28.

7.8
2022-09-16 CVE-2020-23557 Irfanview Out-of-bounds Write vulnerability in Irfanview 4.54

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000755d.

7.8
2022-09-16 CVE-2020-23558 Irfanview Out-of-bounds Write vulnerability in Irfanview 4.54

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007f4b.

7.8
2022-09-16 CVE-2020-23559 Irfanview Out-of-bounds Write vulnerability in Irfanview 4.54

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000007d7f.

7.8
2022-09-16 CVE-2020-23560 Irfanview Out-of-bounds Write vulnerability in Irfanview 4.54

IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000001bcab.

7.8
2022-09-16 CVE-2022-35415 NI Improper Input Validation vulnerability in NI Configuration Manager

An improper input validation in NI System Configuration Manager before 22.5 may allow a privileged user to potentially enable escalation of privilege via local access.

7.8
2022-09-15 CVE-2022-40636 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40637 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40638 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40639 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40640 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40641 Ansys Out-of-bounds Write vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40642 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40643 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40644 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40645 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40646 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40647 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40648 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40649 Ansys Access of Uninitialized Pointer vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40650 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40651 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40652 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40653 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40654 Ansys Unspecified vulnerability in Ansys Spaceclaim 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim 2022 R1.

7.8
2022-09-15 CVE-2022-40655 Nikon Out-of-bounds Write vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0.

7.8
2022-09-15 CVE-2022-40656 Nikon Unspecified vulnerability in Nikon Nis-Elements Viewer 13.2.0.21165

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 13.2.0.21165.

7.8
2022-09-15 CVE-2022-40657 Nikon Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0.

7.8
2022-09-15 CVE-2022-40658 Nikon Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0.

7.8
2022-09-15 CVE-2022-40659 Nikon Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0.

7.8
2022-09-15 CVE-2022-40660 Nikon Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0.

7.8
2022-09-15 CVE-2022-40661 Nikon Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0.

7.8
2022-09-15 CVE-2022-40662 Nikon Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0.

7.8
2022-09-15 CVE-2022-40663 Nikon Unspecified vulnerability in Nikon Nis-Elements Viewer 1.2100.1483.0

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0.

7.8
2022-09-15 CVE-2022-38862 Mplayerhq Out-of-bounds Write vulnerability in Mplayerhq Mencoder and Mplayer

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function play() of libaf/af.c:639.

7.8
2022-09-14 CVE-2022-2977 Linux Use After Free vulnerability in Linux Kernel

A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices.

7.8
2022-09-14 CVE-2022-20364 Google Out-of-bounds Write vulnerability in Google Android

In sysmmu_unmap of TBD, there is a possible out of bounds write due to a missing bounds check.

7.8
2022-09-14 CVE-2022-40673 Kdiskmark Project
Fedoraproject
Missing Authorization vulnerability in multiple products

KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper::flushPageCache.

7.8
2022-09-13 CVE-2022-31322 Pentasecurity Use of Hard-coded Credentials vulnerability in Pentasecurity Wapples 5.0.12.0/6.0.0/V6.0.R3.4.10

Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to escalate privileges via overwriting files using SUID flagged executables.

7.8
2022-09-13 CVE-2022-34101 Crestron Uncontrolled Search Path Element vulnerability in Crestron Airmedia 4.3.1.39

A vulnerability was discovered in the Crestron AirMedia Windows Application, version 4.3.1.39, in which a user can place a malicious DLL in a certain path to execute code and preform a privilege escalation attack.

7.8
2022-09-13 CVE-2022-38633 Genymobile Uncontrolled Search Path Element vulnerability in Genymobile Genymotion Desktop 3.2.1

Genymotion Desktop v3.2.1 was discovered to contain a DLL hijacking vulnerability which allows attackers to escalate privileges and execute arbitrary code via a crafted binary.

7.8
2022-09-13 CVE-2022-34356 IBM Unspecified vulnerability in IBM AIX and Vios

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to obtain root privileges.

7.8
2022-09-13 CVE-2022-36768 IBM Unspecified vulnerability in IBM AIX and Vios

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to obtain root privileges.

7.8
2022-09-13 CVE-2022-38306 Lief Project Out-of-bounds Write vulnerability in Lief-Project Lief

LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc.

7.8
2022-09-13 CVE-2022-38495 Lief Project Out-of-bounds Write vulnerability in Lief-Project Lief

LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c.

7.8
2022-09-13 CVE-2021-0871 Google Integer Overflow or Wraparound vulnerability in Google Android

In PVRSRVBridgePMRPDumpSymbolicAddr of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access.

7.8
2022-09-13 CVE-2021-0943 Google Out-of-bounds Write vulnerability in Google Android

In MMU_MapPages of TBD, there is a possible out of bounds write due to improper input validation.

7.8
2022-09-13 CVE-2022-20392 Google Improper Input Validation vulnerability in Google Android

In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation.

7.8
2022-09-13 CVE-2022-20395 Google Path Traversal vulnerability in Google Android

In checkAccess of MediaProvider.java, there is a possible file deletion due to a path traversal error.

7.8
2022-09-13 CVE-2022-20398 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 13.0

In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to configure Wi-Fi due to a permissions bypass.

7.8
2022-09-13 CVE-2022-2962 Qemu Improper Synchronization vulnerability in Qemu

A DMA reentrancy issue was found in the Tulip device emulation in QEMU.

7.8
2022-09-13 CVE-2022-35292 SAP Unspecified vulnerability in SAP Business ONE 10.0

In SAP Business One application when a service is created, the executable path contains spaces and isn’t enclosed within quotes, leading to a vulnerability known as Unquoted Service Path which allows a user to gain SYSTEM privileges.

7.8
2022-09-13 CVE-2022-3170 Linux Out-of-bounds Read vulnerability in Linux Kernel 6.0

An out-of-bounds access issue was found in the Linux kernel sound subsystem.

7.8
2022-09-13 CVE-2022-38466 Siemens Incorrect Default Permissions vulnerability in Siemens Coreshield One-Way Gateway

A vulnerability has been identified in CoreShield One-Way Gateway (OWG) Software (All versions < V2.2).

7.8
2022-09-13 CVE-2022-39137 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39138 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39139 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39140 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39141 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39142 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39143 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39144 Siemens Out-of-bounds Write vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39145 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39146 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39147 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39148 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39149 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39150 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39151 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39152 Siemens Out-of-bounds Write vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39153 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39154 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39155 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-13 CVE-2022-39156 Siemens Unspecified vulnerability in Siemens Parasolid and Simcenter Femap

A vulnerability has been identified in Parasolid V33.1 (All versions < V33.1.262), Parasolid V33.1 (All versions >= V33.1.262 < V33.1.263), Parasolid V34.0 (All versions < V34.0.252), Parasolid V34.1 (All versions < V34.1.242), Parasolid V35.0 (All versions < V35.0.161), Parasolid V35.0 (All versions >= V35.0.161 < V35.0.164), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2).

7.8
2022-09-12 CVE-2022-2979 Omron Use After Free vulnerability in Omron Cx-Programmer

Opening a specially crafted file could cause the affected product to fail to release its memory reference potentially resulting in arbitrary code execution.

7.8
2022-09-12 CVE-2022-31226 Dell Out-of-bounds Write vulnerability in Dell products

Dell BIOS versions contain a Stack-based Buffer Overflow vulnerability.

7.8
2022-09-12 CVE-2022-3178 Gpac Out-of-bounds Read vulnerability in Gpac

Buffer Over-read in GitHub repository gpac/gpac prior to 2.1.0-DEV.

7.8
2022-09-18 CVE-2022-40769 Profanity Project Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Profanity Project Profanity

profanity through 1.60 has only four billion possible RNG initializations.

7.5
2022-09-16 CVE-2022-35991 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35992 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35993 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35994 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35995 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35996 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35997 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35998 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35999 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36000 Google NULL Pointer Dereference vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36001 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36002 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36003 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36004 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36005 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36011 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36012 Google Reachable Assertion vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36013 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36014 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36015 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36016 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36017 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36027 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35979 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35981 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35982 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35983 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35984 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35985 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35986 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35987 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35988 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35989 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35990 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36018 Google Reachable Assertion vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36019 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-36026 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-3217 Visam Unspecified vulnerability in Visam Vbase 11.7.0.2

When logging in to a VBASE runtime project via Web-Remote, the product uses XOR with a static initial key to obfuscate login messages.

7.5
2022-09-16 CVE-2022-40757 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.

7.5
2022-09-16 CVE-2022-40758 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.

7.5
2022-09-16 CVE-2022-40759 Samsung NULL Pointer Dereference vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0

A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.

7.5
2022-09-16 CVE-2022-40760 Samsung Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.

7.5
2022-09-16 CVE-2022-40761 Samsung Improper Validation of Specified Quantity in Input vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0

The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.

7.5
2022-09-16 CVE-2022-40762 Samsung Allocation of Resources Without Limits or Throttling vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0

A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.

7.5
2022-09-16 CVE-2022-35964 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35965 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35966 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35967 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35968 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35969 Google Reachable Assertion vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35970 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35971 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35972 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35973 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35974 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35934 Google Reachable Assertion vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35935 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35940 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35941 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35952 Google Reachable Assertion vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35959 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35960 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-35963 Google Unspecified vulnerability in Google Tensorflow

TensorFlow is an open source platform for machine learning.

7.5
2022-09-16 CVE-2022-39063 Open5Gs Unspecified vulnerability in Open5Gs

When Open5GS UPF receives a PFCP Session Establishment Request, it stores related values for building the PFCP Session Establishment Response.

7.5
2022-09-16 CVE-2020-36600 Huawei Out-of-bounds Write vulnerability in Huawei Emui and Magic UI

Out-of-bounds write vulnerability in the power consumption module.

7.5
2022-09-16 CVE-2020-36601 Huawei Out-of-bounds Write vulnerability in Huawei Emui and Magic UI

Out-of-bounds write vulnerability in the kernel modules.

7.5
2022-09-16 CVE-2021-40023 Huawei Unspecified vulnerability in Huawei Emui 12.0.0

Configuration defects in the secure OS module.

7.5
2022-09-16 CVE-2021-40024 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Implementation of the WLAN module interfaces has the information disclosure vulnerability.

7.5
2022-09-16 CVE-2021-46836 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

Implementation of the WLAN module interfaces has the information disclosure vulnerability.

7.5
2022-09-16 CVE-2022-38978 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The secure OS module has configuration defects.

7.5
2022-09-16 CVE-2022-38979 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The secure OS module has configuration defects.

7.5
2022-09-16 CVE-2022-38987 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The secure OS module has configuration defects.

7.5
2022-09-16 CVE-2022-38988 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The secure OS module has configuration defects.

7.5
2022-09-16 CVE-2022-38989 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The secure OS module has configuration defects.

7.5
2022-09-16 CVE-2022-38990 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The secure OS module has configuration defects.

7.5
2022-09-16 CVE-2022-38991 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The secure OS module has configuration defects.

7.5
2022-09-16 CVE-2022-38992 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The secure OS module has configuration defects.

7.5
2022-09-16 CVE-2022-38993 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The secure OS module has configuration defects.

7.5
2022-09-16 CVE-2022-38994 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The secure OS module has configuration defects.

7.5
2022-09-16 CVE-2022-38995 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The secure OS module has configuration defects.

7.5
2022-09-16 CVE-2022-38996 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The secure OS module has configuration defects.

7.5
2022-09-16 CVE-2022-38997 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The secure OS module has configuration defects.

7.5
2022-09-16 CVE-2022-39001 Huawei Path Traversal vulnerability in Huawei Emui, Harmonyos and Magic UI

The number identification module has a path traversal vulnerability.

7.5
2022-09-16 CVE-2022-39004 Huawei Memory Leak vulnerability in Huawei Emui, Harmonyos and Magic UI

The MPTCP module has the memory leak vulnerability.

7.5
2022-09-16 CVE-2022-39005 Huawei Memory Leak vulnerability in Huawei Emui, Harmonyos and Magic UI

The MPTCP module has the memory leak vulnerability.

7.5
2022-09-16 CVE-2022-39010 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The HwChrService module has a vulnerability in permission control.

7.5
2022-09-16 CVE-2022-40149 Jettison Project
Debian
Out-of-bounds Write vulnerability in multiple products

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS).

7.5
2022-09-16 CVE-2022-40150 Jettison Project
Debian
Uncontrolled Recursion vulnerability in multiple products

Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS).

7.5
2022-09-16 CVE-2022-40151 Xstream Project Out-of-bounds Write vulnerability in Xstream Project Xstream

Those using Xstream to seralize XML data may be vulnerable to Denial of Service attacks (DOS).

7.5
2022-09-16 CVE-2022-40152 Xstream Project
Fasterxml
Out-of-bounds Write vulnerability in multiple products

Those using Woodstox to parse XML data may be vulnerable to Denial of Service attacks (DOS) if DTD support is enabled.

7.5
2022-09-16 CVE-2022-22091 Qualcomm Unspecified vulnerability in Qualcomm products

Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.5
2022-09-16 CVE-2022-25669 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.5
2022-09-16 CVE-2022-25670 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

7.5
2022-09-16 CVE-2022-25690 Qualcomm Improper Validation of Array Index vulnerability in Qualcomm products

Information disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

7.5
2022-09-16 CVE-2022-25706 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.5
2022-09-15 CVE-2022-36074 Nextcloud Incorrect Authorization vulnerability in Nextcloud Enterprise Server and Nextcloud Server

Nextcloud server is an open source personal cloud product.

7.5
2022-09-15 CVE-2022-39213 Pandatix Unspecified vulnerability in Pandatix Go-Cvss 0.2.0/0.3.0

go-cvss is a Go module to manipulate Common Vulnerability Scoring System (CVSS).

7.5
2022-09-15 CVE-2022-37260 Stealjs Unspecified vulnerability in Stealjs Steal 2.2.4

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the input variable in main.js.

7.5
2022-09-15 CVE-2022-37262 Stealjs Unspecified vulnerability in Stealjs Steal 2.2.4

A Regular Expression Denial of Service (ReDoS) flaw was found in stealjs steal 2.2.4 via the source and sourceWithComments variable in main.js.

7.5
2022-09-15 CVE-2022-3001 Milesight Improper Input Validation vulnerability in Milesight Video Management Systems Firmware 40.7.0.79

This vulnerability exists in Milesight Video Management Systems (VMS), all firmware versions prior to 40.7.0.79-r1, due to improper input handling at camera’s web-based management interface.

7.5
2022-09-14 CVE-2022-29492 Hitachienergy Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600

Improper Input Validation vulnerability in the handling of a malformed IEC 104 TCP packet in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600.

7.5
2022-09-14 CVE-2022-29922 Hitachienergy Improper Input Validation vulnerability in Hitachienergy Microscada X Sys600

Improper Input Validation vulnerability in the handling of a specially crafted IEC 61850 packet with a valid data item but with incorrect data type in the IEC 61850 OPC Server in the Hitachi Energy MicroSCADA X SYS600, MicroSCADA Pro SYS600.

7.5
2022-09-14 CVE-2022-2277 Hitachienergy Improper Validation of Specified Quantity in Input vulnerability in Hitachienergy Microscada X Sys600

Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system.

7.5
2022-09-14 CVE-2021-38924 IBM Information Exposure Through an Error Message vulnerability in IBM Maximo Application Suite and Maximo Asset Management

IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

7.5
2022-09-14 CVE-2022-3212 Axum Core Project Allocation of Resources Without Limits or Throttling vulnerability in Axum-Core Project Axum-Core

<bytes::Bytes as axum_core::extract::FromRequest>::from_request would not, by default, set a limit for the size of the request body.

7.5
2022-09-13 CVE-2022-38769 Transtek Unspecified vulnerability in Transtek Mojodat Fixed Asset Management 2.4.6

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch cleartext passwords upon a successful login request.

7.5
2022-09-13 CVE-2022-39821 Nokia Information Exposure Through Log Files vulnerability in Nokia 1350 Optical Management System 14.2

In NOKIA 1350 OMS R14.2, an Insertion of Sensitive Information into an Application Log File vulnerability occurs.

7.5
2022-09-13 CVE-2022-40621 Wavlink Authentication Bypass by Capture-replay vulnerability in Wavlink Wn531G3 Firmware M31G3.V5030.200325

Because the WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 and earlier communicates over HTTP and not HTTPS, and because the hashing mechanism does not rely on a server-supplied key, it is possible for an attacker with sufficient network access to capture the hashed password of a logged on user and use it in a classic Pass-the-Hash style attack.

7.5
2022-09-13 CVE-2022-39208 Onedev Project Unspecified vulnerability in Onedev Project Onedev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban.

7.5
2022-09-13 CVE-2022-32190 Golang Path Traversal vulnerability in Golang GO 1.19.0

JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path.

7.5
2022-09-13 CVE-2022-36104 Typo3 Unspecified vulnerability in Typo3

TYPO3 is an open source PHP based web content management system released under the GNU GPL.

7.5
2022-09-13 CVE-2022-39801 SAP Unspecified vulnerability in SAP Access Control 12

SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a Firefighter session even after it is closed in Firefighter Logon Pad.

7.5
2022-09-13 CVE-2022-3029 Nlnetlabs Unspecified vulnerability in Nlnetlabs Routinator

In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that isn’t correctly base 64 encoded is treated as a fatal error and causes Routinator to exit.

7.5
2022-09-13 CVE-2022-38100 Contechealth Unspecified vulnerability in Contechealth Cms8000 Firmware

The CMS800 device fails while attempting to parse malformed network data sent by a threat actor.

7.5
2022-09-13 CVE-2022-1278 Redhat Insecure Default Initialization of Resource vulnerability in Redhat products

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

7.5
2022-09-13 CVE-2022-3174 Ikus Soft Missing Encryption of Sensitive Data vulnerability in Ikus-Soft Rdiffweb

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository ikus060/rdiffweb prior to 2.4.2.

7.5
2022-09-12 CVE-2022-35572 Linksys Missing Authentication for Critical Function vulnerability in Linksys E5350 Firmware 1.0.00.037

On Linksys E5350 WiFi Router with firmware version 1.0.00.037 and lower, (and potentially other vendors/devices due to code reuse), the /SysInfo.htm URI does not require a session ID.

7.5
2022-09-12 CVE-2022-37797 Lighttpd
Debian
NULL Pointer Dereference vulnerability in multiple products

In lighttpd 1.4.65, mod_wstunnel does not initialize a handler function pointer if an invalid HTTP request (websocket handshake) is received.

7.5
2022-09-12 CVE-2022-37734 Graphql Java Project Unspecified vulnerability in Graphql-Java Project Graphql-Java

graphql-java before19.0 is vulnerable to Denial of Service.

7.5
2022-09-12 CVE-2022-37835 Torguard Insecure Storage of Sensitive Information vulnerability in Torguard VPN 4.8

Torguard VPN 4.8, has a vulnerability that allows an attacker to dump sensitive information, such as credentials and information about the server, without admin privileges.

7.5
2022-09-12 CVE-2022-36255 Inventorymanagementsystem Project SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0

A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".

7.5
2022-09-12 CVE-2022-36256 Inventorymanagementsystem Project SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0

A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "productcode".

7.5
2022-09-12 CVE-2022-36257 Inventorymanagementsystem Project SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0

A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "users", "pass", etc.

7.5
2022-09-12 CVE-2022-36258 Inventorymanagementsystem Project SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0

A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "searchTxt".

7.5
2022-09-12 CVE-2022-36259 Inventorymanagementsystem Project SQL Injection vulnerability in Inventorymanagementsystem Project Inventorymanagementsystem 1.0

A SQL injection vulnerability in ConnectionFactory.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as "username", "password", etc.

7.5
2022-09-16 CVE-2022-35193 Testlink SQL Injection vulnerability in Testlink 1.9.20

TestLink v1.9.20 was discovered to contain a SQL injection vulnerability via /lib/execute/execNavigator.php.

7.2
2022-09-16 CVE-2022-35195 Testlink Unspecified vulnerability in Testlink 1.9.20

TestLink 1.9.20 Raijin was discovered to contain a broken access control vulnerability at /lib/attachments/attachmentdownload.php

7.2
2022-09-16 CVE-2022-38877 Garage Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Garage Management System Project Garage Management System 1.0

Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1.

7.2
2022-09-16 CVE-2022-38878 School Activity Updates With SMS Notification Project SQL Injection vulnerability in School Activity Updates With SMS Notification Project School Activity Updates With SMS Notification 1.0

School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/event/index.php?view=edit&id=.

7.2
2022-09-16 CVE-2022-38832 School Activity Updates With SMS Notification Project SQL Injection vulnerability in School Activity Updates With SMS Notification Project School Activity Updates With SMS Notification 1.0

School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/department/index.php?view=edit&id=.

7.2
2022-09-16 CVE-2022-38833 School Activity Updates With SMS Notification Project SQL Injection vulnerability in School Activity Updates With SMS Notification Project School Activity Updates With SMS Notification 1.0

School Activity Updates with SMS Notification v1.0 is vulnerable to SQL Injection via /activity/admin/modules/modstudent/index.php?view=view&id=.

7.2
2022-09-15 CVE-2022-38534 Totolink OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setdiagnosicfg function.

7.2
2022-09-15 CVE-2022-38535 Totolink OS Command Injection vulnerability in Totolink A720R Firmware 4.1.5Cu.374

TOTOLINK-720R v4.1.5cu.374 was discovered to contain a remote code execution (RCE) vulnerability via the setTracerouteCfg function.

7.2
2022-09-15 CVE-2022-38594 Church Management System Project SQL Injection vulnerability in Church Management System Project Church Management System 1.0

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_visitor.php.

7.2
2022-09-15 CVE-2022-38595 Church Management System Project SQL Injection vulnerability in Church Management System Project Church Management System 1.0

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_user.php.

7.2
2022-09-15 CVE-2022-38323 Event Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Event Management System Project Event Management System 1.0

Event Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /Royal_Event/update_image.php.

7.2
2022-09-13 CVE-2022-40634 Craftercms Improper Control of Dynamically-Managed Code Resources vulnerability in Craftercms Crafter CMS

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker SSTI.

7.2
2022-09-13 CVE-2022-40635 Craftercms Improper Control of Dynamically-Managed Code Resources vulnerability in Craftercms Crafter CMS

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass.

7.2
2022-09-12 CVE-2022-38302 Online Leave Management System Project SQL Injection vulnerability in Online Leave Management System Project Online Leave Management System 1.0

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_department.php.

7.2
2022-09-12 CVE-2022-38303 Online Leave Management System Project SQL Injection vulnerability in Online Leave Management System Project Online Leave Management System 1.0

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /employees/manage_leave_type.php.

7.2
2022-09-12 CVE-2022-38304 Online Leave Management System Project SQL Injection vulnerability in Online Leave Management System Project Online Leave Management System 1.0

Online Leave Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /maintenance/manage_leave_type.php.

7.2
2022-09-12 CVE-2022-38605 Church Management System Project SQL Injection vulnerability in Church Management System Project Church Management System 1.0

Church Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/edit_event.php.

7.2
2022-09-12 CVE-2022-38606 Garage Management System Project SQL Injection vulnerability in Garage Management System Project Garage Management System 1.0

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editcategory.php.

7.2
2022-09-12 CVE-2022-38610 Garage Management System Project SQL Injection vulnerability in Garage Management System Project Garage Management System 1.0

Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editclient.php.

7.2
2022-09-12 CVE-2022-36102 Shopware Improper Preservation of Permissions vulnerability in Shopware

Shopware is an open source e-commerce software.

7.2
2022-09-14 CVE-2022-3202 Linux
Netapp
A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel.
7.1
2022-09-13 CVE-2022-2989 Podman Project
Redhat
An incorrect handling of the supplementary groups in the Podman container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
7.1
2022-09-13 CVE-2022-2990 Buildah Project
Redhat
An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
7.1
2022-09-12 CVE-2022-34108 MSI Unspecified vulnerability in MSI Micro-Star International Feature Navigator 1.0.1808.0901

An issue in the Feature Navigator of Micro-Star International MSI Feature Nagivator v1.0.1808.0901 allows attackers to cause a Denial of Service (DoS) via a crafted image or video file.

7.1
2022-09-12 CVE-2022-34109 MSI Unspecified vulnerability in MSI Micro-Star International Feature Navigator 1.0.1808.0901

An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to write arbitrary files to the directory \PromoPhoto\, regardless of file type or size.

7.1
2022-09-16 CVE-2022-22093 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Memory corruption or temporary denial of service due to improper handling of concurrent hypervisor operations to attach or detach IRQs from virtual interrupt sources in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.0
2022-09-16 CVE-2022-22094 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

memory corruption in Kernel due to race condition while getting mapping reference in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

7.0
2022-09-16 CVE-2022-25696 Qualcomm Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products

Memory corruption in display due to time-of-check time-of-use race condition during map or unmap in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

7.0
2022-09-13 CVE-2021-0697 Google Use After Free vulnerability in Google Android

In PVRSRVRGXSubmitTransferKM of rgxtransfer.c, there is a possible user after free due to a race condition.

7.0
2022-09-13 CVE-2022-3182 Devolutions Unspecified vulnerability in Devolutions Remote Desktop Manager

Improper Access Control vulnerability in the Duo SMS two-factor of Devolutions Remote Desktop Manager 2022.2.14 and earlier allows attackers to bypass the application lock.

7.0

167 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-13 CVE-2022-36385 Contechealth Unspecified vulnerability in Contechealth Cms8000 Firmware

A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality.

6.8
2022-09-16 CVE-2022-25654 Qualcomm Out-of-bounds Write vulnerability in Qualcomm products

Memory corruption in kernel due to improper input validation while processing ION commands in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables

6.7
2022-09-14 CVE-2022-20231 Google Out-of-bounds Write vulnerability in Google Android

In smc_intc_request_fiq of arm_gic.c, there is a possible out of bounds write due to improper input validation.

6.7
2022-09-16 CVE-2022-34002 Pdssoftware Path Traversal vulnerability in Pdssoftware PDS Vista 7

The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application.

6.5
2022-09-15 CVE-2022-39209 Github
Fedoraproject
Algorithmic Complexity vulnerability in multiple products

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C.

6.5
2022-09-15 CVE-2022-1798 Kubevirt Path Traversal vulnerability in Kubevirt

A path traversal vulnerability in KubeVirt versions up to 0.56 (and 0.55.1) on all platforms allows a user able to configure the kubevirt to read arbitrary files on the host filesystem which are publicly readable or which are readable for UID 107 or GID 107.

6.5
2022-09-15 CVE-2022-40736 Axiosys Unspecified vulnerability in Axiosys Bento4 1.6.0639

An issue was discovered in Bento4 1.6.0-639.

6.5
2022-09-15 CVE-2022-40737 Axiosys Out-of-bounds Read vulnerability in Axiosys Bento4

An issue was discovered in Bento4 through 1.6.0-639.

6.5
2022-09-15 CVE-2022-40738 Axiosys NULL Pointer Dereference vulnerability in Axiosys Bento4

An issue was discovered in Bento4 through 1.6.0-639.

6.5
2022-09-14 CVE-2022-40734 Unisharp Path Traversal vulnerability in Unisharp Laravel Filemanager

UniSharp laravel-filemanager (aka Laravel Filemanager) before 2.6.4 allows download?working_dir=%2F..

6.5
2022-09-14 CVE-2020-36603 Hoyoverse Unspecified vulnerability in Hoyoverse Mhyprot2 1.0.0.0

The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems.

6.5
2022-09-14 CVE-2022-40438 Axiosys Classic Buffer Overflow vulnerability in Axiosys Bento4 1.6.0639

Buffer overflow vulnerability in function AP4_MemoryByteStream::WritePartial in mp42aac in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file.

6.5
2022-09-14 CVE-2022-40439 Axiosys Memory Leak vulnerability in Axiosys Bento4 1.6.0639

An memory leak issue was discovered in AP4_StdcFileByteStream::Create in mp42ts in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file.

6.5
2022-09-14 CVE-2022-35946 Glpi Project SQL Injection vulnerability in Glpi-Project Glpi

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.

6.5
2022-09-14 CVE-2022-36114 Rust Lang Unspecified vulnerability in Rust-Lang Cargo

Cargo is a package manager for the rust programming language.

6.5
2022-09-13 CVE-2022-37191 Cuppacms Inclusion of Functionality from Untrusted Control Sphere vulnerability in Cuppacms 1.0

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI.

6.5
2022-09-13 CVE-2022-31324 Pentasecurity Download of Code Without Integrity Check vulnerability in Pentasecurity Wapples

An arbitrary file download vulnerability in the downloadAction() function of Penta Security Systems Inc WAPPLES v6.0 r3 4.10-hotfix1 allows attackers to download arbitrary files via a crafted POST request.

6.5
2022-09-13 CVE-2022-22483 IBM Improper Privilege Management vulnerability in IBM DB2

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used.

6.5
2022-09-13 CVE-2022-35637 IBM Unspecified vulnerability in IBM DB2 10.5/11.1/11.5

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool.

6.5
2022-09-13 CVE-2022-39816 Nokia Insufficiently Protected Credentials vulnerability in Nokia 1350 Optical Management System 14.2

In NOKIA 1350 OMS R14.2, Insufficiently Protected Credentials (cleartext administrator password) occur in the edit configuration page.

6.5
2022-09-13 CVE-2022-38342 Safe XXE vulnerability in Safe FME Server

Safe Software FME Server v2021.2.5, v2022.0.0.2 and below was discovered to contain a XML External Entity (XXE) vulnerability which allows authenticated attackers to perform data exfiltration or Server-Side Request Forgery (SSRF) attacks.

6.5
2022-09-12 CVE-2021-44425 Anydesk Unspecified vulnerability in Anydesk

An issue was discovered in AnyDesk before 6.2.6 and 6.3.x before 6.3.3.

6.5
2022-09-13 CVE-2022-39202 Matrix Improper Privilege Management vulnerability in Matrix IRC Bridge

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix.

6.3
2022-09-16 CVE-2020-25491 6Kare Cross-site Scripting vulnerability in 6Kare Emakin 5.0.341.0

6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile DisplayName field, which is mishandled when rendering the Activity Stream page.

6.1
2022-09-16 CVE-2022-37775 Genesys Cross-site Scripting vulnerability in Genesys Pureconnect

Genesys PureConnect Interaction Web Tools Chat Service (up to at least 26- September- 2019) allows XSS within the Printable Chat History via the participant -> name JSON POST parameter.

6.1
2022-09-16 CVE-2022-38845 Espocrm Cross-site Scripting vulnerability in Espocrm 7.1.8

Cross Site Scripting in Import feature in EspoCRM 7.1.8 allows remote users to run malicious JavaScript in victim s browser via sending crafted csv file containing malicious JavaScript to authenticated user.

6.1
2022-09-16 CVE-2022-3223 Diagrams Unspecified vulnerability in Diagrams Drawio

Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.3.1.

6.1
2022-09-16 CVE-2022-2654 Radiustheme Unspecified vulnerability in Radiustheme products

The Classima WordPress theme before 2.1.11 and some of its required plugins (Classified Listing before 2.2.14, Classified Listing Pro before 2.0.20, Classified Listing Store & Membership before 1.4.20 and Classima Core before 1.10) do not escape a parameter before outputting it back in attributes, leading to Reflected Cross-Site Scripting

6.1
2022-09-16 CVE-2022-2655 Radiustheme Unspecified vulnerability in Radiustheme Classified Listing

The Classified Listing Pro WordPress plugin before 2.0.20 does not escape a generated URL before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

6.1
2022-09-16 CVE-2022-2669 WP Taxonomy Import Project Unspecified vulnerability in WP Taxonomy Import Project WP Taxonomy Import

The WP Taxonomy Import WordPress plugin through 1.0.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

6.1
2022-09-15 CVE-2022-29649 Qsmart Next Project Cross-site Scripting vulnerability in Qsmart Next Project Qsmart Next 4.1.2

Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.

6.1
2022-09-15 CVE-2022-3224 Parse URL Project Unspecified vulnerability in Parse-Url Project Parse-Url

Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0.

6.1
2022-09-15 CVE-2022-31735 Osstech Open Redirect vulnerability in Osstech Openam

OpenAM Consortium Edition version 14.0.0 provided by OpenAM Consortium contains an open redirect vulnerability (CWE-601).

6.1
2022-09-14 CVE-2022-37724 Apple Cross-site Scripting vulnerability in Apple Webobjects

Project Wonder WebObjects 1.0 through 5.4.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces.

6.1
2022-09-14 CVE-2022-40365 Gocron Project Cross-site Scripting vulnerability in Gocron Project Gocron 1.5.3

Cross site scripting (XSS) vulnerability in ouqiang gocron through 1.5.3, allows attackers to execute arbitrary code via scope.row.hostname in web/vue/src/pages/taskLog/list.vue.

6.1
2022-09-14 CVE-2022-35945 Glpi Project Cross-site Scripting vulnerability in Glpi-Project Glpi

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.

6.1
2022-09-14 CVE-2022-38796 Feehi Injection vulnerability in Feehi CMS 2.1.1

A Host Header Injection vulnerability in Feehi CMS 2.1.1 may allow an attacker to spoof a particular header.

6.1
2022-09-14 CVE-2022-40626 Zabbix
Fedoraproject
Cross-site Scripting vulnerability in multiple products

An unauthenticated user can create a link with reflected Javascript code inside the backurl parameter and send it to other authenticated users in order to create a fake account with predefined login, password and role in Zabbix Frontend.

6.1
2022-09-13 CVE-2022-39814 Nokia Open Redirect vulnerability in Nokia 1350 Optical Management System 14.2

In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP GET parameter.

6.1
2022-09-13 CVE-2022-3205 Redhat Cross-site Scripting vulnerability in Redhat Ansible Automation Platform 1.2/2.0

Cross site scripting in automation controller UI in Red Hat Ansible Automation Platform 1.2 and 2.0 where the project name is susceptible to XSS injection

6.1
2022-09-13 CVE-2022-36108 Typo3 Unspecified vulnerability in Typo3

TYPO3 is an open source PHP based web content management system released under the GNU GPL.

6.1
2022-09-13 CVE-2022-36020 Typo3 Unspecified vulnerability in Typo3 Html Sanitizer

The typo3/html-sanitizer package is an HTML sanitizer, written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.

6.1
2022-09-13 CVE-2022-35298 SAP Unspecified vulnerability in SAP Netweaver Enterprise Portal 7.50

SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.

6.1
2022-09-13 CVE-2022-39799 SAP Unspecified vulnerability in SAP Netweaver Application Server Abap

An attacker with no prior authentication could craft and send malicious script to SAP GUI for HTML within Fiori Launchpad, resulting in reflected cross-site scripting attack.

6.1
2022-09-13 CVE-2022-38069 Contechealth Use of Hard-coded Credentials vulnerability in Contechealth Cms8000 Firmware

Multiple globally default credentials exist across all CMS8000 devices, that once exposed, allow a threat actor with momentary physical access to gain privileged access to any device.

6.1
2022-09-12 CVE-2022-38291 Slims Cross-site Scripting vulnerability in Slims Senayan Library Management System 9.4.2

SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Search function.

6.1
2022-09-12 CVE-2022-38295 Cuppacms Cross-site Scripting vulnerability in Cuppacms 1.0

Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager/view/cu_user_groups.

6.1
2022-09-12 CVE-2022-38972 ARK WEB Cross-site Scripting vulnerability in Ark-Web A-Form

Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for Movable Type 7 Series) and versions prior to 3.9.1 (for Movable Type 6 Series) allows a remote unauthenticated attacker to inject an arbitrary script.

6.1
2022-09-16 CVE-2022-39006 Huawei Race Condition vulnerability in Huawei Emui, Harmonyos and Magic UI

The MPTCP module has the race condition vulnerability.

5.9
2022-09-16 CVE-2022-38846 Espocrm Cleartext Transmission of Sensitive Information vulnerability in Espocrm 7.1.8

EspoCRM version 7.1.8 is vulnerable to Missing Secure Flag allowing the browser to send plain text cookies over an insecure channel (HTTP).

5.9
2022-09-15 CVE-2022-40306 Ecisolutions Unspecified vulnerability in Ecisolutions Printanista Managed Print Service 20220627

The login form /Login in ECi Printanista Hub (formerly FMAudit Printscout) before 5.5.2 (July 2023) performs expensive RSA key-generation operations, which allows attackers to cause a denial of service (DoS) by requesting that form repeatedly.

5.9
2022-09-15 CVE-2022-39215 Tauri Link Following vulnerability in Tauri

Tauri is a framework for building binaries for all major desktop platforms.

5.8
2022-09-14 CVE-2022-36112 Glpi Project Unspecified vulnerability in Glpi-Project Glpi

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.

5.8
2022-09-16 CVE-2022-3225 Budibase Unspecified vulnerability in Budibase

Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20.

5.7
2022-09-13 CVE-2022-3027 Contechealth Unspecified vulnerability in Contechealth Cms8000 Firmware

The CMS8000 device does not properly control or sanitize the SSID name of a new Wi-Fi access point.

5.7
2022-09-18 CVE-2022-40774 Axiosys NULL Pointer Dereference vulnerability in Axiosys Bento4

An issue was discovered in Bento4 through 1.6.0-639.

5.5
2022-09-18 CVE-2022-40775 Axiosys NULL Pointer Dereference vulnerability in Axiosys Bento4

An issue was discovered in Bento4 through 1.6.0-639.

5.5
2022-09-18 CVE-2022-40768 Linux
Fedoraproject
Debian
Use of Uninitialized Resource vulnerability in multiple products

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stex_queuecommand_lck lacks a memset for the PASSTHRU_CMD case.

5.5
2022-09-17 CVE-2022-39210 Nextcloud Path Traversal vulnerability in Nextcloud

Nextcloud android is the official Android client for the Nextcloud home server platform.

5.5
2022-09-16 CVE-2022-40755 Jasper Project Reachable Assertion vulnerability in Jasper Project Jasper 3.0.6

JasPer 3.0.6 allows denial of service via a reachable assertion in the function inttobits in libjasper/base/jas_image.c.

5.5
2022-09-16 CVE-2022-28855 Adobe Unspecified vulnerability in Adobe Indesign

Adobe InDesign versions 16.4.2 (and earlier) and 17.3 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

5.5
2022-09-16 CVE-2022-36402 Linux Integer Overflow or Wraparound vulnerability in Linux Kernel

An integer overflow vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'.

5.5
2022-09-16 CVE-2022-25653 Qualcomm Out-of-bounds Read vulnerability in Qualcomm products

Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

5.5
2022-09-15 CVE-2022-38334 Xpdfreader Uncontrolled Recursion vulnerability in Xpdfreader Xpdf

XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.

5.5
2022-09-15 CVE-2022-38600 Mplayerhq Memory Leak vulnerability in Mplayerhq Mplayer Svnr3837413.0.1

Mplayer SVN-r38374-13.0.1 is vulnerable to Memory Leak via vf.c and vf_vo.c.

5.5
2022-09-15 CVE-2022-38850 Mplayerhq
Debian
Divide By Zero vulnerability in multiple products

The MPlayer Project mencoder SVN-r38374-13.0.1 is vulnerable to Divide By Zero via the function config () of llibmpcodecs/vf_scale.c.

5.5
2022-09-15 CVE-2022-38851 Mplayerhq
Debian
Out-of-bounds Read vulnerability in multiple products

Certain The MPlayer Project products are vulnerable to Out-of-bounds Read via function read_meta_record() of mplayer/libmpdemux/asfheader.c.

5.5
2022-09-15 CVE-2022-38890 F5 Out-of-bounds Read vulnerability in F5 NJS 0.7.7

Nginx NJS v0.7.7 was discovered to contain a segmentation violation via njs_utf8_next at src/njs_utf8.h

5.5
2022-09-15 CVE-2022-38853 Mplayerhq Out-of-bounds Write vulnerability in Mplayerhq Mencoder and Mplayer

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function asf_init_audio_stream() of libmpdemux/asfheader.c.

5.5
2022-09-15 CVE-2022-38855 Mplayerhq
Debian
Out-of-bounds Write vulnerability in multiple products

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function gen_sh_video () of mplayer/libmpdemux/demux_mov.c.

5.5
2022-09-15 CVE-2022-38856 Mplayerhq Out-of-bounds Write vulnerability in Mplayerhq Mencoder and Mplayer

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c.

5.5
2022-09-15 CVE-2022-38858 Mplayerhq
Debian
Out-of-bounds Write vulnerability in multiple products

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mov_build_index() of libmpdemux/demux_mov.c.

5.5
2022-09-15 CVE-2022-38860 Mplayerhq
Debian
Divide By Zero vulnerability in multiple products

Certain The MPlayer Project products are vulnerable to Divide By Zero via function demux_open_avi() of libmpdemux/demux_avi.c which affects mencoder.

5.5
2022-09-15 CVE-2022-38861 Mplayerhq
Debian
Out-of-bounds Write vulnerability in multiple products

The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function free_mp_image() of libmpcodecs/mp_image.c.

5.5
2022-09-15 CVE-2022-38863 Mplayerhq
Debian
Out-of-bounds Write vulnerability in multiple products

Certain The MPlayer Project products are vulnerable to Buffer Overflow via function mp_getbits() of libmpdemux/mpeg_hdr.c which affects mencoder and mplayer.

5.5
2022-09-15 CVE-2022-38864 Mplayerhq
Debian
Out-of-bounds Write vulnerability in multiple products

Certain The MPlayer Project products are vulnerable to Buffer Overflow via the function mp_unescape03() of libmpdemux/mpeg_hdr.c.

5.5
2022-09-15 CVE-2022-38865 Mplayerhq
Debian
Divide By Zero vulnerability in multiple products

Certain The MPlayer Project products are vulnerable to Divide By Zero via the function demux_avi_read_packet of libmpdemux/demux_avi.c.

5.5
2022-09-15 CVE-2022-38866 Mplayerhq
Debian
Out-of-bounds Write vulnerability in multiple products

Certain The MPlayer Project products are vulnerable to Buffer Overflow via read_avi_header() of libmpdemux/aviheader.c .

5.5
2022-09-15 CVE-2022-2472 Ezviz Unspecified vulnerability in Ezviz Cs-C6N-A0-1C2Wfr Firmware 5.3.0

Improper Initialization vulnerability in the local server component of EZVIZ CS-C6N-A0-1C2WFR allows a local attacker to read the contents of the memory space containing the encrypted admin password.

5.5
2022-09-15 CVE-2022-3222 Gpac Unspecified vulnerability in Gpac

Uncontrolled Recursion in GitHub repository gpac/gpac prior to 2.1.0-DEV.

5.5
2022-09-14 CVE-2022-40476 Linux NULL Pointer Dereference vulnerability in Linux Kernel

A null pointer dereference issue was discovered in fs/io_uring.c in the Linux kernel before 5.15.62.

5.5
2022-09-14 CVE-2022-36056 Sigstore Unspecified vulnerability in Sigstore Cosign

Cosign is a project under the sigstore organization which aims to make signatures invisible infrastructure.

5.5
2022-09-14 CVE-2022-0029 Paloaltonetworks Link Following vulnerability in Paloaltonetworks Cortex XDR Agent

An improper link resolution vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local attacker to read files on the system with elevated privileges when generating a tech support file.

5.5
2022-09-13 CVE-2022-38307 Lief Project NULL Pointer Dereference vulnerability in Lief-Project Lief

LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp.

5.5
2022-09-13 CVE-2022-38496 Lief Project Reachable Assertion vulnerability in Lief-Project Lief

LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp.

5.5
2022-09-13 CVE-2022-38497 Lief Project NULL Pointer Dereference vulnerability in Lief-Project Lief

LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69.

5.5
2022-09-13 CVE-2022-20393 Google Integer Underflow (Wrap or Wraparound) vulnerability in Google Android 11.0/12.0/12.1

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow.

5.5
2022-09-13 CVE-2022-20396 Google Insufficient Verification of Data Authenticity vulnerability in Google Android 12.1/13.0

In SettingsActivity.java, there is a possible way to make a device discoverable over Bluetooth, without permission or user interaction, due to a permissions bypass.

5.5
2022-09-13 CVE-2022-20399 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android

In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due to an insecure default value.

5.5
2022-09-13 CVE-2022-1602 HP Unspecified vulnerability in HP Thinpro 7.2

A potential security vulnerability has been identified in HP ThinPro 7.2 Service Pack 8 (SP8).

5.5
2022-09-13 CVE-2022-3190 Wireshark
Fedoraproject
Infinite Loop vulnerability in multiple products

Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file

5.5
2022-09-13 CVE-2022-37302 Schneider Electric Unspecified vulnerability in Schneider-Electric Ecostruxure Control Expert 15.1

A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could cause a crash of the Control Expert software when an incorrect project file is opened.

5.5
2022-09-12 CVE-2022-34110 MSI Unspecified vulnerability in MSI Micro-Star International Feature Navigator 1.0.1808.0901

An issue in Micro-Star International MSI Feature Navigator v1.0.1808.0901 allows attackers to download arbitrary files regardless of file type or size.

5.5
2022-09-18 CVE-2022-25873 Vuetifyjs Cross-site Scripting vulnerability in Vuetifyjs Vuetify

The package vuetify from 2.0.0-beta.4 and before 2.6.10 are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization in the 'eventName' function within the VCalendar component.

5.4
2022-09-17 CVE-2022-3231 Librenms Unspecified vulnerability in Librenms

Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.9.0.

5.4
2022-09-16 CVE-2022-35194 Testlink Cross-site Scripting vulnerability in Testlink 1.9.20

TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /lib/inventory/inventoryView.php.

5.4
2022-09-16 CVE-2022-37247 Craftcms Cross-site Scripting vulnerability in Craftcms Craft CMS 4.2.0.1

Craft CMS 4.2.0.1 is vulnerable to stored a cross-site scripting (XSS) via /admin/settings/fields page.

5.4
2022-09-16 CVE-2022-37251 Craftcms Cross-site Scripting vulnerability in Craftcms Craft CMS 4.2.0.1

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via Drafts.

5.4
2022-09-16 CVE-2022-30677 Adobe Unspecified vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2022-09-16 CVE-2022-30678 Adobe Unspecified vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2022-09-16 CVE-2022-30680 Adobe Unspecified vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2022-09-16 CVE-2022-30681 Adobe Unspecified vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability.

5.4
2022-09-16 CVE-2021-42597 Storage Unit Rental Management System Project Cross-site Scripting vulnerability in Storage Unit Rental Management System Project Storage Unit Rental Management System 1.0

A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form.

5.4
2022-09-16 CVE-2022-37248 Craftcms Cross-site Scripting vulnerability in Craftcms Craft CMS 4.2.0.1

Craft CMS 4.2.0.1 is vulnerable to Cross Site Scripting (XSS) via src/helpers/Cp.php.

5.4
2022-09-16 CVE-2022-37250 Craftcms Cross-site Scripting vulnerability in Craftcms Craft CMS 4.2.0.1

Craft CMS 4.2.0.1 suffers from Stored Cross Site Scripting (XSS) in /admin/myaccount.

5.4
2022-09-16 CVE-2022-36533 Syncovery Cross-site Scripting vulnerability in Syncovery

Super Flexible Software GmbH & Co.

5.4
2022-09-15 CVE-2022-38814 Fiberhome Cross-site Scripting vulnerability in Fiberhome An5506-02-B Firmware Rp2521

A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome AN5506-02-B vRP2521 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the sncfg_loid text field.

5.4
2022-09-15 CVE-2022-3211 Pimcore Unspecified vulnerability in Pimcore

Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.6.

5.4
2022-09-15 CVE-2018-25047 Smarty
Debian
Cross-site Scripting vulnerability in multiple products

In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS.

5.4
2022-09-14 CVE-2022-31187 Glpi Project Unspecified vulnerability in Glpi-Project Glpi

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.

5.4
2022-09-14 CVE-2022-36668 Garage Management System Project Cross-site Scripting vulnerability in Garage Management System Project Garage Management System 1.0

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters.

5.4
2022-09-14 CVE-2022-37137 Techvill Cross-site Scripting vulnerability in Techvill Paymoney 3.3

PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket.

5.4
2022-09-14 CVE-2022-37139 Razormist Cross-site Scripting vulnerability in Razormist Loan Management System 1.0

Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.

5.4
2022-09-14 CVE-2020-19587 Idera Cross-site Scripting vulnerability in Idera Yellowfin Business Intelligence 7.3

Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business Intelligence 7.3 allows remote attackers to run arbitrary code via MIAdminStyles.i4 Admin UI.

5.4
2022-09-13 CVE-2021-36568 Moodle
Fedoraproject
Cross-site Scripting vulnerability in multiple products

In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS).

5.4
2022-09-13 CVE-2022-31861 Thingsboard Cross-site Scripting vulnerability in Thingsboard

Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being sent to the audit logs.

5.4
2022-09-13 CVE-2022-34336 IBM Cross-site Scripting vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting.

5.4
2022-09-13 CVE-2022-39207 Onedev Project Incorrect Permission Assignment for Critical Resource vulnerability in Onedev Project Onedev

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban.

5.4
2022-09-13 CVE-2022-36106 Typo3 Unspecified vulnerability in Typo3

TYPO3 is an open source PHP based web content management system released under the GNU GPL.

5.4
2022-09-13 CVE-2022-36107 Typo3 Unspecified vulnerability in Typo3

TYPO3 is an open source PHP based web content management system released under the GNU GPL.

5.4
2022-09-13 CVE-2022-35294 SAP Unspecified vulnerability in SAP Netweaver Application Server Abap

An attacker with basic business user privileges could craft and upload a malicious file to SAP NetWeaver Application Server ABAP, which is then downloaded and viewed by other users resulting in a stored Cross-Site-Scripting attack.

5.4
2022-09-13 CVE-2022-36778 Synel Cross-site Scripting vulnerability in Synel Eharmony 8.0.2.3

insert HTML / js code inside input how to get to the vulnerable input : Workers &gt; worker nickname &gt; inject in this input the code.

5.4
2022-09-12 CVE-2022-36254 Hotel Management System Project Cross-site Scripting vulnerability in Hotel Management System Project Hotel Management System 1.0

Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname".

5.4
2022-09-12 CVE-2022-37796 Oretnom23 Cross-site Scripting vulnerability in Oretnom23 Simple Online Book Store System 1.0

In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description parameters are vulnerable to Cross Site Scripting(XSS).

5.4
2022-09-17 CVE-2022-39960 Netic Missing Authorization vulnerability in Netic Group Export 1.0.1

The Netic Group Export add-on before 1.0.3 for Atlassian Jira does not perform authorization checks.

5.3
2022-09-17 CVE-2022-39212 Nextcloud Unspecified vulnerability in Nextcloud Talk

Nextcloud Talk is an open source chat, video & audio calls client for the Nextcloud platform.

5.3
2022-09-16 CVE-2022-39211 Nextcloud Unspecified vulnerability in Nextcloud Server

Nextcloud server is an open source personal cloud platform.

5.3
2022-09-16 CVE-2022-37709 Tesla Authentication Bypass by Spoofing vulnerability in Tesla Model 3 Firmware and Tesla

Tesla Model 3 V11.0(2022.4.5.1 6b701552d7a6) Tesla mobile app v4.23 is vulnerable to Authentication Bypass by spoofing.

5.3
2022-09-16 CVE-2022-30683 Adobe Unspecified vulnerability in Adobe Experience Manager

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a Violation of Secure Design Principles vulnerability that could lead to bypass the security feature of the encryption mechanism in the backend .

5.3
2022-09-16 CVE-2022-2877 CM WP Unspecified vulnerability in Cm-Wp Titan Anti-Spam & Security

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers.

5.3
2022-09-14 CVE-2022-31143 Glpi Project Unspecified vulnerability in Glpi-Project Glpi

GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.

5.3
2022-09-13 CVE-2022-38770 Transtek Unspecified vulnerability in Transtek Mojodat Fixed Asset Management 2.4.6

The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote attackers to fetch other users' data upon a successful login request.

5.3
2022-09-13 CVE-2022-22330 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM Control Desk

IBM Control Desk 7.6.1 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.

5.3
2022-09-13 CVE-2022-36105 Typo3 Unspecified vulnerability in Typo3

TYPO3 is an open source PHP based web content management system released under the GNU GPL.

5.3
2022-09-13 CVE-2022-39014 SAP Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 430

Under certain conditions SAP BusinessObjects Business Intelligence Platform Central Management Console (CMC) - version 430, allows an attacker to access certain unencrypted sensitive parameters which would otherwise be restricted.

5.3
2022-09-13 CVE-2022-36780 Avdorcis Missing Authentication for Critical Function vulnerability in Avdorcis Crystal Quality

Avdor CIS - crystal quality Credentials Management Errors.

5.3
2022-09-13 CVE-2022-3175 Ikus Soft Improper Handling of Exceptional Conditions vulnerability in Ikus-Soft Rdiffweb

Missing Custom Error Page in GitHub repository ikus060/rdiffweb prior to 2.4.2.

5.3
2022-09-12 CVE-2022-36101 Shopware Unspecified vulnerability in Shopware

Shopware is an open source e-commerce software.

5.3
2022-09-12 CVE-2022-39200 Matrix Unspecified vulnerability in Matrix Dendrite

Dendrite is a Matrix homeserver written in Go.

5.3
2022-09-13 CVE-2022-32244 SAP Unspecified vulnerability in SAP Businessobjects Business Intelligence 420/430

Under certain conditions an attacker authenticated as a CMS administrator access the BOE Commentary database and retrieve (non-personal) system data, modify system data but can't make the system unavailable.

5.2
2022-09-12 CVE-2022-31220 Dell Unchecked Return Value vulnerability in Dell products

Dell BIOS versions contain an Unchecked Return Value vulnerability.

5.1
2022-09-12 CVE-2022-31225 Dell Unchecked Return Value vulnerability in Dell products

Dell BIOS versions contain an Unchecked Return Value vulnerability.

5.1
2022-09-16 CVE-2022-2863 Wpvivid Unspecified vulnerability in Wpvivid Migration, Backup, Staging

The Migration, Backup, Staging WordPress plugin before 0.9.76 does not sanitise and validate a parameter before using it to read the content of a file, allowing high privilege users to read any file from the web server via a Traversal attack

4.9
2022-09-13 CVE-2022-35295 SAP Unspecified vulnerability in SAP Host Agent 7.22

In SAP Host Agent (SAPOSCOL) - version 7.22, an attacker may use files created by saposcol to escalate privileges for themselves.

4.9
2022-09-16 CVE-2021-41731 News247 News Magazine CMS Project Cross-site Scripting vulnerability in News247 News Magazine (Cms) Project News247 News Magazine (Cms) 1.0

Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field

4.8
2022-09-16 CVE-2022-2351 Wpexperts Unspecified vulnerability in Wpexperts Post Smtp

The Post SMTP Mailer/Email Log WordPress plugin before 2.1.4 does not escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed.

4.8
2022-09-16 CVE-2022-2575 Woobewoo Unspecified vulnerability in Woobewoo WBW Currency Switcher for Woocommerce

The WBW Currency Switcher for WooCommerce WordPress plugin before 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-09-16 CVE-2022-2635 Autoptimize Unspecified vulnerability in Autoptimize

The Autoptimize WordPress plugin before 3.1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-09-16 CVE-2022-2737 WP Staging Cross-site Scripting vulnerability in Wp-Staging WP Staging

The WP STAGING WordPress plugin before 2.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

4.8
2022-09-16 CVE-2022-2799 Wpaffiliatemanager Unspecified vulnerability in Wpaffiliatemanager Affiliates Manager

The Affiliates Manager WordPress plugin before 2.9.14 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-09-16 CVE-2022-2887 Acnam Unspecified vulnerability in Acnam WP Server Health Stats

The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-09-15 CVE-2022-27561 Hcltech Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0/12.0.1.1

There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin (LotusTraveler.nsf).

4.8
2022-09-15 CVE-2021-44076 Crushftp Cross-site Scripting vulnerability in Crushftp

An issue was discovered in CrushFTP 9.

4.8
2022-09-14 CVE-2022-1778 Hitachienergy Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hitachienergy Microscada X Sys600

Improper Input Validation vulnerability in Hitachi Energy MicroSCADA X SYS600 while reading a specific configuration file causes a buffer-overflow that causes a failure to start the SYS600.

4.4
2022-09-13 CVE-2022-38453 Contechealth Unspecified vulnerability in Contechealth Cms8000 Firmware

Multiple binary application files on the CMS8000 device are compiled with 'not stripped' and 'debug_info' compilation settings.

4.4
2022-09-12 CVE-2022-31222 Dell Missing Release of Resource after Effective Lifetime vulnerability in Dell products

Dell BIOS versions contain a Missing Release of Resource after Effective Lifetime vulnerability.

4.4
2022-09-17 CVE-2022-3232 Ikus Soft Unspecified vulnerability in Ikus-Soft Rdiffweb

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.5.

4.3
2022-09-17 CVE-2022-3173 Snipeitapp Unspecified vulnerability in Snipeitapp Snipe-It

Improper Authentication in GitHub repository snipe/snipe-it prior to 6.0.10.

4.3
2022-09-16 CVE-2022-29489 Sucuri Unspecified vulnerability in Sucuri Security

Cross-Site Request Forgery (CSRF) vulnerability in Sucuri Security plugin <= 1.8.33 at WordPress leading to Event log entry creation.

4.3
2022-09-16 CVE-2022-2912 Craw Data Project Server-Side Request Forgery (SSRF) vulnerability in Craw-Data Project Craw-Data

The Craw Data WordPress plugin through 1.0.0 does not implement nonce checks, which could allow attackers to make a logged in admin change the url value performing unwanted crawls on third-party sites (SSRF).

4.3
2022-09-16 CVE-2022-2913 Login NO Captcha Recaptcha Project Unspecified vulnerability in Login NO Captcha Recaptcha Project Login NO Captcha Recaptcha

The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen.

4.3
2022-09-15 CVE-2022-36075 Nextcloud Improper Privilege Management vulnerability in Nextcloud Files Access Control

Nextcloud files access control is a nextcloud app to manage access control for files.

4.3
2022-09-15 CVE-2022-38788 Nokia Unspecified vulnerability in Nokia Fastmile 5G Receiver Firmware 1.2104.00.0281

An issue was discovered in Nokia FastMile 5G Receiver 5G14-B 1.2104.00.0281.

4.3
2022-09-13 CVE-2022-22329 IBM Unspecified vulnerability in IBM Control Desk

IBM Control Desk 7.6.1 does not set the secure attribute on authorization tokens or session cookies.

4.3
2022-09-13 CVE-2022-38329 Shopxian Cross-Site Request Forgery (CSRF) vulnerability in Shopxian CMS 3.0.0

An issue was discovered in Shopxian CMS 3.0.0.

4.3
2022-09-12 CVE-2022-38299 Appsmith Unspecified vulnerability in Appsmith 1.7.11

An issue in the Elasticsearch plugin of Appsmith v1.7.11 allows attackers to connect disallowed hosts to the AWS/GCP internal metadata endpoint.

4.3
2022-09-12 CVE-2022-38135 Photospace Gallery Project Unspecified vulnerability in Photospace Gallery Project Photospace Gallery 2.3.5

Broken Access Control vulnerability in Dean Oakley's Photospace Gallery plugin <= 2.3.5 at WordPress allows users with subscriber or higher role to change plugin settings.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-16 CVE-2021-42948 Digitaldruid Cleartext Transmission of Sensitive Information vulnerability in Digitaldruid Hoteldruid

HotelDruid Hotel Management Software v3.0.3 and below was discovered to have exposed session tokens in multiple links via GET parameters, allowing attackers to access user session id's.

3.7
2022-09-13 CVE-2022-37703 Amanda Path Traversal vulnerability in Amanda 3.5.1

In Amanda 3.5.1, an information leak vulnerability was found in the calcsize SUID binary.

3.3
2022-09-12 CVE-2022-31224 Dell Unspecified vulnerability in Dell products

Dell BIOS versions contain an Improper Protection Against Voltage and Clock Glitches vulnerability.

2.4
2022-09-12 CVE-2022-31221 Dell Information Exposure vulnerability in Dell products

Dell BIOS versions contain an Information Exposure vulnerability.

2.3
2022-09-12 CVE-2022-31223 Dell Unspecified vulnerability in Dell products

Dell BIOS versions contain an Improper Neutralization of Null Byte vulnerability.

2.3