Security Bulletin 31 Aug 2022

Published on 31 Aug 2022

Updated on 31 Aug 2022

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2021-21777An information disclosure vulnerability exists in the Ethernet/IP UDP handler functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted network request can lead to an out-of-bounds read.10https://nvd.nist.gov/vuln/detail/CVE-2021-21777
CVE-2022-22536SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.10https://nvd.nist.gov/vuln/detail/CVE-2022-22536
CVE-2022-30547A directory traversal vulnerability exists in the unzipDirectory functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2022-30547
CVE-2017-17590FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-17590
CVE-2018-16530A stack-based buffer overflow in Forcepoint Email Security version 8.5 allows an attacker to craft malicious input and potentially crash a process creating a denial-of-service. While no known Remote Code Execution (RCE) vulnerabilities exist, as with all buffer overflows, the possibility of RCE cannot be completely ruled out. Data Execution Protection (DEP) is already enabled on the Email appliance as a risk mitigation.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-16530
CVE-2020-28592A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-28592
CVE-2021-22911A improper input sanitization vulnerability exists in Rocket.Chat server 3.11, 3.12 & 3.13 that could lead to unauthenticated NoSQL injection, resulting potentially in RCE.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-22911
CVE-2021-21824An out-of-bounds write vulnerability exists in the JPG Handle_JPEG420 functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21824
CVE-2021-21833An improper array index validation vulnerability exists in the TIF IP_planar_raster_unpack functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21833
CVE-2021-21807An integer overflow vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to a stack-based buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21807
CVE-2021-21821A stack-based buffer overflow vulnerability exists in the PDF process_fontname functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-21821
CVE-2021-36260A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-36260
CVE-2021-22941Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise the storage zones controller.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-22941
CVE-2021-23857Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the system.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-23857
CVE-2022-21907HTTP Protocol Stack Remote Code Execution Vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-21907
CVE-2022-0318Heap-based Buffer Overflow in vim/vim prior to 8.2.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0318
CVE-2021-23196The web application on Agilia Link+ version 3.0 implements authentication and session management mechanisms exclusively on the client-side and does not protect authentication attributes sufficiently.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-23196
CVE-2022-22532In SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim's logon session.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22532
CVE-2022-29599In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29599
CVE-2022-1927Buffer Over-read in GitHub repository vim/vim prior to 8.2.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-1927
CVE-2022-2207Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2207
CVE-2021-40663deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40663
CVE-2022-31627In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as finfo_buffer, due to incorrect patch applied to the third party code from libmagic, incorrect function may be used to free allocated memory, which may lead to heap corruption.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-31627
CVE-2022-37434zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference).9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37434
CVE-2022-37452Exim before 4.95 has a heap-based buffer overflow for the alias list in host_name_lookup in host.c when sender_host_name is set.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37452
CVE-2022-20239remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-2339720919.8https://nvd.nist.gov/vuln/detail/CVE-2022-20239
CVE-2022-37042Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. By bypassing authentication (i.e., not having an authtoken), an attacker can upload arbitrary files to the system, leading to directory traversal and remote code execution. NOTE: this issue exists because of an incomplete fix for CVE-2022-27925.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37042
CVE-2022-29805A Java Deserialization vulnerability in the Fishbowl Server in Fishbowl Inventory before 2022.4.1 allows remote attackers to execute arbitrary code via a crafted XML payload.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29805
CVE-2020-27836A flaw was found in cluster-ingress-operator. A change to how the router-default service allows only certain IP source ranges could allow an attacker to access resources that would otherwise be restricted to specified IP ranges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability..9.8https://nvd.nist.gov/vuln/detail/CVE-2020-27836
CVE-2021-3586A flaw was found in servicemesh-operator. The NetworkPolicy resources installed for Maistra do not properly specify which ports may be accessed, allowing access to all ports on these resources from any pod. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-3586
CVE-2022-34773Tabit - HTTP Method manipulation. https://bridge.tabit.cloud/configuration/addresses-query - can be POST-ed to add addresses to the DB. This is an example of OWASP:API8 – Injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34773
CVE-2022-37134D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/form2Wan.cgi. When wantype is 3, l2tp_usrname will be decrypted by base64, and the result will be stored in v94, which does not check the size of l2tp_usrname, resulting in stack overflow.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37134
CVE-2022-35583wkhtmlTOpdf 0.12.6 is vulnerable to SSRF which allows an attacker to get initial access into the target's system by injecting iframe tag with initial asset IP address on it's source. This allows the attacker to takeover the whole infrastructure by accessing their internal assets.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35583
CVE-2022-2842A vulnerability classified as critical has been found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-206451.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2842
CVE-2022-38667HTTP applications (servers) based on Crow through 1.0+4 may allow a Use-After-Free and code execution when HTTP pipelining is used.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38667
CVE-2021-42232TP-Link Archer A7 Archer A7(US)_V5_210519 is affected by a command injection vulnerability in /usr/bin/tddp. The vulnerability is caused by the program taking part of the received data packet as part of the command. This will cause an attacker to execute arbitrary commands on the router.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42232
CVE-2022-34919The file upload wizard in Zengenti Contensis Classic before 15.2.1.79 does not correctly check that a user has authenticated. By uploading a crafted aspx file, it is possible to execute arbitrary commands.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34919
CVE-2022-35733Missing authentication for critical function vulnerability in UNIMO Technology digital video recorders (UDR-JA1004/JA1008/JA1016 firmware versions v1.0.20.13 and earlier, and UDR-JA1016 firmware versions v2.0.20.13 and earlier) allows a remote unauthenticated attacker to execute an arbitrary OS command by sending a specially crafted request to the affected device web interface.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35733
CVE-2021-42627The WAN configuration page "wan.htm" on D-Link DIR-615 devices with firmware 20.06 can be accessed directly without authentication which can lead to disclose the information about WAN settings and also leverage attacker to modify the data fields of page.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42627
CVE-2022-37199JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/user/list.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37199
CVE-2022-37223JFinal CMS 5.1.0 is vulnerable to SQL Injection via /jfinal_cms/system/role/list.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37223
CVE-2022-35726Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35726
CVE-2022-37111BlueCMS 1.6 has SQL injection in line 132 of admin/article.php9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37111
CVE-2022-37112BlueCMS 1.6 has SQL injection in line 55 of admin/model.php9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37112
CVE-2022-37113Bluecms 1.6 has SQL injection in line 132 of admin/area.php9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37113
CVE-2022-35115IceWarp WebClient DC2 - Update 2 Build 9 (13.0.2.9) was discovered to contain a SQL injection vulnerability via the search parameter at /webmail/server/webmail.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35115
CVE-2021-39815The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-2324406709.8https://nvd.nist.gov/vuln/detail/CVE-2021-39815
CVE-2022-20122The PowerVR GPU driver allows unprivileged apps to allocated pinned memory, unpin it (which makes it available to be freed), and continue using the page in GPU calls. No privileges required and this results in kernel memory corruption.Product: AndroidVersions: Android SoCAndroid ID: A-2324413399.8https://nvd.nist.gov/vuln/detail/CVE-2022-20122
CVE-2022-3718172crm 9.0 has an Arbitrary file upload vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37181
CVE-2022-32839The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A remote user may cause an unexpected app termination or arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-32839
CVE-2022-2957A vulnerability classified as critical was found in SourceCodester Simple and Nice Shopping Cart Script. Affected by this vulnerability is an unknown functionality of the file /mkshop/Men/profile.php. The manipulation of the argument mem_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-207001 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2957
CVE-2022-36511H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function EditApAdvanceInfo.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36511
CVE-2022-36513H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function edditactionlist.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36513
CVE-2022-36514H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function WanModeSetMultiWan.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36514
CVE-2022-36515H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function addactionlist.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36515
CVE-2022-36516H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function ap_version_check.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36516
CVE-2022-36517H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function debug_wlan_advance.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36517
CVE-2022-36518H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function EditWlanMacList.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36518
CVE-2022-36519H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function AddWlanMacList.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36519
CVE-2022-36520H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function DEleteusergroup.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36520
CVE-2022-37066H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateDDNS.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37066
CVE-2022-37067H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanParamsMulti.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37067
CVE-2022-37068H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateMacCloneFinal.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37068
CVE-2022-37069H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateSnat.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37069
CVE-2022-37070H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37070
CVE-2022-37071H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateOne2One.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37071
CVE-2022-37072H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanLinkspyMulti.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37072
CVE-2022-37073H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function UpdateWanModeMulti.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37073
CVE-2022-37085H3C H200 H200V100R004 was discovered to contain a stack overflow via the AddWlanMacList function.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37085
CVE-2022-37086H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37086
CVE-2022-37087H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetMobileAPInfoById.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37087
CVE-2022-37088H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAP5GWifiById.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37088
CVE-2022-37089H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditMacList.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37089
CVE-2022-37090H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37090
CVE-2022-37091H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditWlanMacList.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37091
CVE-2022-37092H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37092
CVE-2022-37093H3C H200 H200V100R004 was discovered to contain a stack overflow via the function AddMacList.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37093
CVE-2022-37094H3C H200 H200V100R004 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37094
CVE-2022-37095H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateWanParams.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37095
CVE-2022-37096H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EnableIpv6.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37096
CVE-2022-37097H3C H200 H200V100R004 was discovered to contain a stack overflow via the function SetAPInfoById.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37097
CVE-2022-37098H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateIpv6Params.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37098
CVE-2022-37099H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateSnat.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37099
CVE-2022-37100H3C H200 H200V100R004 was discovered to contain a stack overflow via the function UpdateMacClone.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37100
CVE-2022-37240MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to HTTP Response splitting via the format parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37240
CVE-2022-37242MDaemon Technologies SecurityGateway for Email Servers 8.5.2, is vulnerable to HTTP Response splitting via the data parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37242
CVE-2022-37798Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetVirtualSer.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37798
CVE-2022-37799Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37799
CVE-2022-37800Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function fromSetRouteStatic.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37800
CVE-2022-37801Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37801
CVE-2022-37802Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromNatStaticSetting.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37802
CVE-2022-37803Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromAddressNat.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37803
CVE-2022-37804Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter in the function saveParentControlInfo.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37804
CVE-2022-37805Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromWizardHandle.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37805
CVE-2022-37806Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the page parameter in the function fromDhcpListClient.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37806
CVE-2022-37807Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function formSetClientState.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37807
CVE-2022-37808Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the index parameter in the function formWifiWpsOOB.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37808
CVE-2022-37809Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the speed_dir parameter in the function formSetSpeedWan.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37809
CVE-2022-37810Tenda AC1206 V15.03.06.23 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37810
CVE-2022-37811Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the startIp parameter in the function formSetPPTPServer.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37811
CVE-2022-37812Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the firewallEn parameter in the function formSetFirewallCfg.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37812
CVE-2022-37813Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetSysTime.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37813
CVE-2022-37814Tenda AC1206 V15.03.06.23 was discovered to contain multiple stack overflows via the deviceMac and the device_id parameters in the function addWifiMacFilter.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37814
CVE-2022-37815Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the PPPOEPassword parameter in the function formQuickIndex.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37815
CVE-2022-37816Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the function fromSetIpMacBind.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37816
CVE-2022-37159Claroline 13.5.7 and prior is vulnerable to Remote code execution via arbitrary file upload.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37159
CVE-2021-20223An issue was found in fts5UnicodeTokenize() in ext/fts5/fts5_tokenize.c in Sqlite. A unicode61 tokenizer configured to treat unicode "control-characters" (class Cc), was treating embedded nul characters as tokens. The issue was fixed in sqlite-3.34.0 and later.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-20223
CVE-2022-36692Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36692
CVE-2022-36693Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_item.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36693
CVE-2022-36695Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockin.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36695
CVE-2022-36696Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_stockout.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36696
CVE-2022-36697Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_waste.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36697
CVE-2022-36715Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter at /admin/search.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36715
CVE-2022-36716Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/changestock.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36716
CVE-2022-36719Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the ok parameter at /admin/history.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36719
CVE-2022-36678Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36678
CVE-2022-36679Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36679
CVE-2022-36680Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_schedule.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36680
CVE-2022-36681Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36681
CVE-2022-36682Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36682
CVE-2022-36683Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_payment.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36683
CVE-2022-37152An issue was discovered in Online Diagnostic Lab Management System 1.0, There is a SQL injection vulnerability via "dob" parameter in "/classes/Users.php?f=save_client"9.8https://nvd.nist.gov/vuln/detail/CVE-2022-37152
CVE-2022-34668NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34668
CVE-2022-38116Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-38116
CVE-2021-24884The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like <audio>,<video>,<img>,<a> and<button>.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Link gets clicked, Javascript code can be executed. The vulnerability is due to insufficient sanitization of the "data-frmverify" tag for links in the web-based entry inspection page of affected systems. A successful exploitation incomibantion with CSRF could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These actions include stealing the users account by changing their password or allowing attackers to submit their own code through an authenticated user resulting in Remote Code Execution. If an authenticated user who is able to edit Wordpress PHP Code in any kind, clicks the malicious link, PHP code can be edited.9.6https://nvd.nist.gov/vuln/detail/CVE-2021-24884
CVE-2022-1309Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-1309
CVE-2022-1312Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-1312
CVE-2022-33649Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-33649
CVE-2022-38193There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution.9.6https://nvd.nist.gov/vuln/detail/CVE-2022-38193
CVE-2020-15472In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short.9.1https://nvd.nist.gov/vuln/detail/CVE-2020-15472
CVE-2021-21809A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.9.1https://nvd.nist.gov/vuln/detail/CVE-2021-21809
CVE-2022-22544Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution Manager administrator. Impacts of unauthorized execution of commands can lead to sensitive information disclosure, loss of system integrity and denial of service.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-22544
CVE-2022-22721If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-22721
CVE-2022-23663A authenticated remote command injection vulnerability was discovered in Aruba ClearPass Policy Manager version(s): 6.10.4 and below, 6.9.9 and below, 6.8.9-HF2 and below, 6.7.x and below. Aruba has released updates to ClearPass Policy Manager that address this security vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-23663
CVE-2022-28615Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-28615
CVE-2022-35409An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-35409
CVE-2022-36261An arbitrary file deletion vulnerability was discovered in taocms 3.0.2, that allows attacker to delete file in server when request url admin.php?action=file&ctrl=del&path=/../../../test.txt9.1https://nvd.nist.gov/vuln/detail/CVE-2022-36261
CVE-2022-28712A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.9https://nvd.nist.gov/vuln/detail/CVE-2022-28712

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2018-1057On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers).8.8https://nvd.nist.gov/vuln/detail/CVE-2018-1057
CVE-2018-1195In Cloud Controller versions prior to 1.46.0, cf-deployment versions prior to 1.3.0, and cf-release versions prior to 283, Cloud Controller accepts refresh tokens for authentication where access tokens are expected. This exposes a vulnerability where a refresh token that would otherwise be insufficient to obtain an access token, either due to lack of client credentials or revocation, would allow authentication.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-1195
CVE-2016-2123A flaw was found in samba versions 4.0.0 to 4.5.2. The Samba routine ndr_pull_dnsp_name contains an integer wrap problem, leading to an attacker-controlled memory overwrite. ndr_pull_dnsp_name parses data from the Samba Active Directory ldb database. Any user who can write to the dnsRecord attribute over LDAP can trigger this memory corruption. By default, all authenticated LDAP users can write to the dnsRecord attribute on new DNS objects. This makes the defect a remote privilege escalation.8.8https://nvd.nist.gov/vuln/detail/CVE-2016-2123
CVE-2021-24163The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 and retrieve the client_secret key needed to establish the SendWP connection while also installing the SendWP plugin.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-24163
CVE-2020-13592An exploitable SQL injection vulnerability exists in "global_lists/choices" page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability, this can be done either with administrator credentials or through cross-site request forgery.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-13592
CVE-2021-25356An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-25356
CVE-2021-24188Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-24188
CVE-2021-22894A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as the root user via maliciously crafted meeting room.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-22894
CVE-2021-30560Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-30560
CVE-2021-22952A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk device(s) assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and later.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-22952
CVE-2021-42321Microsoft Exchange Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2021-42321
CVE-2021-22957A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-22957
CVE-2022-0729Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0729
CVE-2022-23277Microsoft Exchange Server Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23277
CVE-2022-30129Visual Studio Code Remote Code Execution Vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-30129
CVE-2022-2214A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with the malicious input leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2214
CVE-2022-1305Use after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1305
CVE-2022-1308Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1308
CVE-2022-1310Use after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1310
CVE-2022-1311Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1311
CVE-2022-1313Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1313
CVE-2022-1314Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1314
CVE-2022-1364Type confusion in V8 Turbofan in Google Chrome prior to 100.0.4896.127 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1364
CVE-2022-1477Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1477
CVE-2022-1478Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1478
CVE-2022-1479Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1479
CVE-2022-1481Use after free in Sharing in Google Chrome on Mac prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1481
CVE-2022-1483Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1483
CVE-2022-1484Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1484
CVE-2022-1486Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1486
CVE-2022-2477Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2477
CVE-2022-2480Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2480
CVE-2022-2481Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2481
CVE-2022-2603Use after free in Omnibox in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2603
CVE-2022-2604Use after free in Safe Browsing in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2604
CVE-2022-2606Use after free in Managed devices API in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enable a specific Enterprise policy to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2606
CVE-2022-2608Use after free in Overview Mode in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2608
CVE-2022-2609Use after free in Nearby Share in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2609
CVE-2022-2613Use after free in Input in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to enage in specific user interactions to potentially exploit heap corruption via specific UI interactions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2613
CVE-2022-2614Use after free in Sign-In Flow in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2614
CVE-2022-2617Use after free in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2617
CVE-2022-2620Use after free in WebUI in Google Chrome on Chrome OS prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2620
CVE-2022-2621Use after free in Extensions in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interactions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2621
CVE-2022-2623Use after free in Offline in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via specific UI interactions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2623
CVE-2022-2624Heap buffer overflow in PDF in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2624
CVE-2022-2867libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2867
CVE-2022-2869libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2869
CVE-2022-36009gomatrixserverlib is a Go library for matrix protocol federation. Dendrite is a Matrix homeserver written in Go, an alternative to Synapse. The power level parsing within gomatrixserverlib was failing to parse the `"events_default"` key of the `m.room.power_levels` event, defaulting the event default power level to zero in all cases. Power levels are the matrix terminology for user access level. In rooms where the `"events_default"` power level had been changed, this could result in events either being incorrectly authorised or rejected by Dendrite servers. gomatrixserverlib contains a fix as of commit `723fd49` and Dendrite 0.9.3 has been updated accordingly. Matrix rooms where the `"events_default"` power level has not been changed from the default of zero are not vulnerable. Users are advised to upgrade. There are no known workarounds for this issue.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36009
CVE-2022-30036MA Lighting grandMA2 Light has a password of root for the root account. NOTE: The vendor's position is that the product was designed for isolated networks. Also, the successor product, grandMA3, is not affected by this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-30036
CVE-2021-3590A flaw was found in Foreman project. A credential leak was identified which will expose Azure Compute Profile password through JSON of the API output. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-3590
CVE-2022-34772Tabit - password enumeration. Description: Tabit - password enumeration. The passwords for the Tabit system is a 4 digit OTP. One can resend OTP and try logging in indefinitely. Once again, this is an example of OWASP: API4 - Rate limiting.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34772
CVE-2022-29468A cross-site request forgery (CSRF) vulnerability exists in WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-29468
CVE-2022-30534An OS command injection vulnerability exists in the aVideoEncoder chunkfile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-30534
CVE-2022-30605A privilege escalation vulnerability exists in the session id functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to increased privileges. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-30605
CVE-2022-32282An improper password check exists in the login functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. An attacker that owns a users' password hash will be able to use it to directly login into the account, leading to increased privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-32282
CVE-2022-32572An os command injection vulnerability exists in the aVideoEncoder wget functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-32572
CVE-2022-33147A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the aVideoEncoder functionality which can be used to add new videos, allowing an attacker to inject SQL by manipulating the videoDownloadedLink or duration parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-33147
CVE-2022-33148A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the title parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-33148
CVE-2022-33149A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the CloneSite plugin, allowing an attacker to inject SQL by manipulating the url parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-33149
CVE-2022-34652A sql injection vulnerability exists in the ObjectYPT functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to inject SQL by manipulating the description parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34652
CVE-2022-36288Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36288
CVE-2022-36292Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36292
CVE-2022-36379Cross-Site Request Forgery (CSRF) leading to plugin settings update in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36379
CVE-2022-36389Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36389
CVE-2022-36394Authenticated (author+) SQL Injection (SQLi) vulnerability in Contest Gallery plugin <= 17.0.4 at WordPress.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36394
CVE-2022-1513A potential vulnerability was reported in Lenovo PCManager prior to version 5.0.10.4191 that may allow code execution when visiting a specially crafted website.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1513
CVE-2022-38132Command injection vulnerability in Linksys MR8300 router while Registration to DDNS Service. By specifying username and password, an attacker connected to the router's web interface can execute arbitrary OS commands. The username and password fields are not sanitized correctly and are used as URL construction arguments, allowing URL redirection to an arbitrary server, downloading an arbitrary script file, and eventually executing the file in the device. This issue affects: Linksys MR8300 Router 1.0.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38132
CVE-2022-37333SQL injection vulnerability in the Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows remote authenticated attackers to execute arbitrary SQL commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-37333
CVE-2022-2234An authenticated mySCADA myPRO 8.26.0 user may be able to modify parameters to run commands directly in the operating system.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2234
CVE-2022-37178An issue was discovered in 72crm 9.0. There is a SQL Injection vulnerability in View the task calendar.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-37178
CVE-2022-32893An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1, Safari 15.6.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-32893
CVE-2022-32744A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-32744
CVE-2022-20921A vulnerability in the API implementation of Cisco ACI Multi-Site Orchestrator (MSO) could allow an authenticated, remote attacker to elevate privileges on an affected device. This vulnerability is due to improper authorization on specific APIs. An attacker could exploit this vulnerability by sending crafted HTTP requests. A successful exploit could allow an attacker who is authenticated with non-Administrator privileges to elevate to Administrator privileges on an affected device.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-20921
CVE-2022-36698Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36698
CVE-2022-36699Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/manage_category.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36699
CVE-2022-36700Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/manage_item.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36700
CVE-2022-36701Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/view_item.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36701
CVE-2022-36703Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /stocks/manage_stockin.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36703
CVE-2022-36720Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/modify1.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36720
CVE-2022-36721Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Textbook parameter at /admin/modify.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36721
CVE-2022-36546Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36546
CVE-2022-38118OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38118
CVE-2022-0028A PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target. To be misused by an external attacker, the firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a source zone that has an external facing interface. This configuration is not typical for URL filtering and, if set, is likely unintended by the administrator. If exploited, this issue would not impact the confidentiality, integrity, or availability of our products. However, the resulting denial-of-service (DoS) attack may help obfuscate the identity of the attacker and implicate the firewall as the source of the attack. We have taken prompt action to address this issue in our PAN-OS software. All software updates for this issue are expected to be released no later than the week of August 15, 2022. This issue does not impact Panorama M-Series or Panorama virtual appliances. This issue has been resolved for all Cloud NGFW and Prisma Access customers and no additional action is required from them.8.6https://nvd.nist.gov/vuln/detail/CVE-2022-0028
CVE-2022-34838Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add or alter data points and corresponding attributes. Once such engineering data is used the data visualization will be altered for the end user.8.4https://nvd.nist.gov/vuln/detail/CVE-2022-34838
CVE-2022-33636Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability.8.3https://nvd.nist.gov/vuln/detail/CVE-2022-33636
CVE-2022-34255Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in Privilege escalation. An attacker with a low privilege account could leverage this vulnerability to perform an account takeover for a victim. Exploitation of this issue does not require user interaction.8.3https://nvd.nist.gov/vuln/detail/CVE-2022-34255
CVE-2016-5385PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.8.1https://nvd.nist.gov/vuln/detail/CVE-2016-5385
CVE-2018-1139A flaw was found in the way samba before 4.7.9 and 4.8.4 allowed the use of weak NTLMv1 authentication even when NTLMv1 was explicitly disabled. A man-in-the-middle attacker could use this flaw to read the credential and other details passed between the samba server and client.8.1https://nvd.nist.gov/vuln/detail/CVE-2018-1139
CVE-2022-22576An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).8.1https://nvd.nist.gov/vuln/detail/CVE-2022-22576
CVE-2022-2868libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-2868
CVE-2020-35509A flaw was found in keycloak affecting versions 11.0.3 and 12.0.0. An expired certificate would be accepted by the direct-grant authenticator because of missing time stamp validations. The highest threat from this vulnerability is to data confidentiality and integrity.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-35509
CVE-2021-3701A flaw was found in ansible-runner where the default temporary files configuration in ansible-2.0.0 are written to world R/W locations. This flaw allows an attacker to pre-create the directory, resulting in reading private information or forcing ansible-runner to write files as the legitimate user in a place they did not expect. The highest threat from this vulnerability is to confidentiality and integrity.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-3701
CVE-2021-3827A flaw was found in keycloak, where the default ECP binding flow allows other authentication flows to be bypassed. By exploiting this behavior, an attacker can bypass the MFA authentication by sending a SOAP request with an AuthnRequest and Authorization header with the user's credentials. The highest threat from this vulnerability is to confidentiality and integrity.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-3827
CVE-2021-4125It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-4125
CVE-2022-32745A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-32745
CVE-2021-21775A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a malicious webpage.8https://nvd.nist.gov/vuln/detail/CVE-2021-21775
CVE-2021-3968vim is vulnerable to Heap-based Buffer Overflow8https://nvd.nist.gov/vuln/detail/CVE-2021-3968
CVE-2021-22907An improper access control vulnerability exists in Citrix Workspace App for Windows potentially allows privilege escalation in CR versions prior to 2105 and 1912 LTSR prior to CU4.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-22907
CVE-2021-23019The NGINX Controller 2.0.0 thru 2.9.0 and 3.x before 3.15.0 Administrator password may be exposed in the systemd.txt file that is included in the NGINX support package.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-23019
CVE-2020-28598An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-28598
CVE-2021-3927vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3927
CVE-2021-3928vim is vulnerable to Use of Uninitialized Variable7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3928
CVE-2021-3973vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3973
CVE-2021-4019vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4019
CVE-2021-3984vim is vulnerable to Heap-based Buffer Overflow7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3984
CVE-2021-4069vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4069
CVE-2021-21911A privilege escalation vulnerability exists in the Windows version of installation for Advantech R-SeeNet Advantech R-SeeNet 2.4.15 (30.07.2021). A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21911
CVE-2021-4173vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4173
CVE-2021-4187vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4187
CVE-2021-4192vim is vulnerable to Use After Free7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4192
CVE-2022-0261Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0261
CVE-2022-0351Access of Memory Location Before Start of Buffer in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0351
CVE-2022-0359Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0359
CVE-2022-0361Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0361
CVE-2022-0368Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0368
CVE-2022-0392Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0392
CVE-2022-0407Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0407
CVE-2022-0408Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0408
CVE-2022-0413Use After Free in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0413
CVE-2022-0417Heap-based Buffer Overflow GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0417
CVE-2022-22528SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-22528
CVE-2022-0554Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0554
CVE-2022-0629Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0629
CVE-2022-0685Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-0685
CVE-2022-1154Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1154
CVE-2022-1160heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1160
CVE-2022-1619Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1619
CVE-2022-1621Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1621
CVE-2022-29581Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-29581
CVE-2022-1735Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1735
CVE-2022-1796Use After Free in GitHub repository vim/vim prior to 8.2.4979.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1796
CVE-2022-1942Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1942
CVE-2022-1943A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1943
CVE-2022-1968Use After Free in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1968
CVE-2022-32250net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-32250
CVE-2022-2124Buffer Over-read in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2124
CVE-2022-2125Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2125
CVE-2022-2129Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2129
CVE-2022-2175Buffer Over-read in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2175
CVE-2022-2182Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2182
CVE-2022-2206Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2206
CVE-2022-2257Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2257
CVE-2022-2284Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2284
CVE-2022-2286Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2286
CVE-2022-2289Use After Free in GitHub repository vim/vim prior to 9.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2289
CVE-2022-34918An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34918
CVE-2022-2304Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2304
CVE-2022-2343Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2343
CVE-2022-2345Use After Free in GitHub repository vim/vim prior to 9.0.0046.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2345
CVE-2022-28670This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of AcroForms. Crafted data in an AcroForm can trigger a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16523.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28670
CVE-2022-28678This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16805.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28678
CVE-2022-28679This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16861.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28679
CVE-2022-28680This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16821.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28680
CVE-2022-31262An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31262
CVE-2022-27493Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable an escalation of privilege via local access.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-27493
CVE-2022-28858Improper buffer restriction in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28858
CVE-2022-33209Improper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-33209
CVE-2022-34488Improper buffer restrictions in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via local access.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34488
CVE-2022-2793Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-353 Missing Support for Integrity Check, and has no authentication or authorization of data packets after establishing a connection for the SRTP protocol.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2793
CVE-2022-38171Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38171
CVE-2021-23177An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-23177
CVE-2021-31566An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31566
CVE-2022-2946Use After Free in GitHub repository vim/vim prior to 9.0.0246.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2946
CVE-2020-35511A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-35511
CVE-2022-2938A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2938
CVE-2022-31676VMware Tools (12.0.0, 11.x.y and 10.x.y) contains a local privilege escalation vulnerability. A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31676
CVE-2021-3999A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-3999
CVE-2021-4028A flaw in the Linux kernel's implementation of RDMA communications manager listener code allowed an attacker with local access to setup a socket to listen on a high port allowing for a list element to be used after free. Given the ability to execute code, a local attacker could leverage this use-after-free to crash the system or possibly escalate privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4028
CVE-2021-4037A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4037
CVE-2021-4041A flaw was found in ansible-runner. An improper escaping of the shell command, while calling the ansible_runner.interface.run_command, can lead to parameters getting executed as host's shell command. A developer could unintentionally write code that gets executed in the host rather than the virtual environment.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4041
CVE-2021-4217A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-4217
CVE-2022-2978A flaw use after free in the Linux kernel NILFS file system was found in the way user triggers function security_inode_alloc to fail with following call to function nilfs_mdt_destroy. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2978
CVE-2022-32810The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-32810
CVE-2022-32811A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-32811
CVE-2022-32812The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-32812
CVE-2022-32813The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. An app with root privileges may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-32813
CVE-2022-32837This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to cause unexpected system termination or write kernel memory.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-32837
CVE-2022-32840This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, iOS 15.6 and iPadOS 15.6. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-32840
CVE-2022-32894An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6.1 and iPadOS 15.6.1, macOS Monterey 12.5.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-32894
CVE-2022-36456TOTOLink A720R V4.1.5cu.532_B20210610 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36456
CVE-2022-36458TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36458
CVE-2022-36459TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36459
CVE-2022-36460TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36460
CVE-2022-36461TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36461
CVE-2022-36462TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the lang parameter in the function setLanguageCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36462
CVE-2022-36463TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36463
CVE-2022-36464TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36464
CVE-2022-36465TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the pppoeUser parameter.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36465
CVE-2022-36466TOTOLINK A3700R V9.1.2u.6134_B20201202 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36466
CVE-2022-36467H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function EditMacList.d.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36467
CVE-2022-36468H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36468
CVE-2022-36469H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36469
CVE-2022-36470H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAP5GWifiById.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36470
CVE-2022-36471H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetMacAccessMode.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36471
CVE-2022-36472H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetMobileAPInfoById.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36472
CVE-2022-36473H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36473
CVE-2022-36474H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function WlanWpsSet.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36474
CVE-2022-36475H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddMacList.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36475
CVE-2022-36477H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function AddWlanMacList.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36477
CVE-2022-36478H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function Edit_BasicSSID.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36478
CVE-2022-36479TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the host_time parameter in the function NTPSyncWithHost.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36479
CVE-2022-36480TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the command parameter in the function setTracerouteCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36480
CVE-2022-36481TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the ip parameter in the function setDiagnosisCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36481
CVE-2022-36482TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the lang parameter in the function setLanguageCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36482
CVE-2022-36483TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the pppoeUser parameter.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36483
CVE-2022-36484TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the function setDiagnosisCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36484
CVE-2022-36485TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36485
CVE-2022-36486TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36486
CVE-2022-36487TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a command injection vulnerability via the command parameter in the function setTracerouteCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36487
CVE-2022-36488TOTOLINK N350RT V9.3.5u.6139_B20201216 was discovered to contain a stack overflow via the sPort parameter in the function setIpPortFilterRules.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36488
CVE-2022-36489H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EnableIpv6.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36489
CVE-2022-36490H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditMacList.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36490
CVE-2022-36491H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateIpv6Params.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36491
CVE-2022-36492H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddMacList.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36492
CVE-2022-36493H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36493
CVE-2022-36494H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function edditactionlist.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36494
CVE-2022-36495H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function addactionlist.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36495
CVE-2022-36496H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMobileAPInfoById.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36496
CVE-2022-36497H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID_5G.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36497
CVE-2022-36498H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Asp_SetTimingtimeWifiAndLed.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36498
CVE-2022-36499H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function DEleteusergroup.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36499
CVE-2022-36500H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EditWlanMacList.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36500
CVE-2022-36501H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateSnat.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36501
CVE-2022-36502H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateWanParams.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36502
CVE-2022-36503H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function UpdateMacClone.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36503
CVE-2022-36504H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function Edit_BasicSSID.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36504
CVE-2022-36505H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function EDitusergroup.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36505
CVE-2022-36506H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetMacAccessMode.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36506
CVE-2022-36507H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function AddWlanMacList.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36507
CVE-2022-36508H3C Magic NX18 Plus NX18PV100R003 was discovered to contain a stack overflow via the function SetAPInfoById.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36508
CVE-2022-36509H3C GR3200 MiniGR1B0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36509
CVE-2022-36510H3C GR2200 MiniGR1A0V100R014 was discovered to contain a command injection vulnerability via the param parameter at DelL2tpLNSList.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36510
CVE-2022-37074H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function switch_debug_info_set.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37074
CVE-2022-37075TOTOLink A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ip parameter in the function setDiagnosisCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37075
CVE-2022-37076TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the FileName parameter in the function UploadFirmwareFile.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37076
CVE-2022-36455TOTOLink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a command injection vulnerability via the username parameter in /cstecgi.cgi.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-36455
CVE-2022-37077TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the pppoeUser parameter.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37077
CVE-2022-37078TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the lang parameter at /setting/setLanguageCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37078
CVE-2022-37079TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the hostName parameter in the function setOpModeCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37079
CVE-2022-37080TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the command parameter at setting/setTracerouteCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37080
CVE-2022-37081TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the command parameter at setting/setTracerouteCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37081
CVE-2022-37082TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the host_time parameter at the function NTPSyncWithHost.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37082
CVE-2022-37083TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a command injection vulnerability via the ip parameter at the function setDiagnosisCfg.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37083
CVE-2022-37084TOTOLINK A7000R V9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the sPort parameter at the addEffect function.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37084
CVE-2022-37817Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetIpMacBind.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37817
CVE-2022-37818Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter at the function formSetQosBand.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37818
CVE-2022-37819Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the timezone parameter in the function fromSetSysTime.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37819
CVE-2022-37820Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ddnsEn parameter in the function formSetSysToolDDNS.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37820
CVE-2022-37821Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the ProvinceCode parameter in the function formSetProvince.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37821
CVE-2022-37822Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the function fromSetRouteStatic.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37822
CVE-2022-37823Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetVirtualSer.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37823
CVE-2022-37824Tenda AX1803 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37824
CVE-2022-2463Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2463
CVE-2022-2464Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2464
CVE-2022-2465Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2465
CVE-2020-27796A heap-based buffer over-read was discovered in the invert_pt_dynamic function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-27796
CVE-2020-27799A heap-based buffer over-read was discovered in the acc_ua_get_be32 function in miniacc.h in UPX 4.0.0 via a crafted Mach-O file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-27799
CVE-2020-27800A heap-based buffer over-read was discovered in the get_le32 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-27800
CVE-2020-27801A heap-based buffer over-read was discovered in the get_le64 function in bele.h in UPX 4.0.0 via a crafted Mach-O file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-27801
CVE-2022-2982Use After Free in GitHub repository vim/vim prior to 9.0.0260.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2982
CVE-2015-7540The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of service (memory consumption and daemon crash) via crafted packets.7.5https://nvd.nist.gov/vuln/detail/CVE-2015-7540
CVE-2015-8467The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.7.5https://nvd.nist.gov/vuln/detail/CVE-2015-8467
CVE-2016-2118The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 mishandle DCERPC connections, which allows man-in-the-middle attackers to perform protocol-downgrade attacks and impersonate users by modifying the client-server data stream, aka "BADLOCK."7.5https://nvd.nist.gov/vuln/detail/CVE-2016-2118
CVE-2015-8873Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) via recursive method calls.7.5https://nvd.nist.gov/vuln/detail/CVE-2015-8873
CVE-2015-8879The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application crash) in opportunistic circumstances by leveraging use of the odbc_fetch_array function to access a certain type of Microsoft SQL Server table.7.5https://nvd.nist.gov/vuln/detail/CVE-2015-8879
CVE-2016-2119libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before 4.3.11, and 4.4.x before 4.4.5 allows man-in-the-middle attackers to bypass a client-signing protection mechanism, and consequently spoof SMB2 and SMB3 servers, via the (1) SMB2_SESSION_FLAG_IS_GUEST or (2) SMB2_SESSION_FLAG_IS_NULL flag.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-2119
CVE-2016-10159Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-10159
CVE-2017-8516Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure Vulnerability".7.5https://nvd.nist.gov/vuln/detail/CVE-2017-8516
CVE-2017-15275Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-15275
CVE-2017-2619Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-2619
CVE-2018-7158The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-7158
CVE-2018-7164Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-7164
CVE-2018-7167Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability, the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron"), 8.x (LTS "Carbon"), and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-7167
CVE-2017-9118PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-9118
CVE-2018-12116Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the `path` option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to made to the same server.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-12116
CVE-2018-12122Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service (DoS) by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-12122
CVE-2018-19935ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-19935
CVE-2018-14463The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-14463
CVE-2019-19246Oniguruma through 6.9.3, as used in PHP 7.3.x and other products, has a heap-based buffer over-read in str_lower_case_match in regexec.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-19246
CVE-2020-11080In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS frame payload causes denial of service. The proof of concept attack involves a malicious client constructing a SETTINGS frame with a length of 14,400 bytes (2400 individual settings entries) over and over again. The attack causes the CPU to spike at 100%. nghttp2 v1.41.0 fixes this vulnerability. There is a workaround to this vulnerability. Implement nghttp2_on_frame_recv_callback callback, and if received frame is SETTINGS frame and the number of settings entries are large (e.g., > 32), then drop the connection.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-11080
CVE-2020-15476In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-15476
CVE-2021-23840Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissable length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative. This could cause applications to behave incorrectly or crash. OpenSSL versions 1.1.1i and below are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1j. OpenSSL versions 1.0.2x and below are affected by this issue. However OpenSSL 1.0.2 is out of support and no longer receiving public updates. Premium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y. Other users should upgrade to 1.1.1j. Fixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL 1.0.2y (Affected 1.0.2-1.0.2x).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23840
CVE-2021-22882UniFi Protect before v1.17.1 allows an attacker to use spoofed cameras to perform a denial-of-service attack that may cause the UniFi Protect controller to crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22882
CVE-2021-24146Lack of authorisation checks in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not properly restrict access to the export files, allowing unauthenticated users to exports all events data in CSV or XML format for example.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-24146
CVE-2021-24027A cache configuration issue prior to WhatsApp for Android v2.21.4.18 and WhatsApp Business for Android v2.21.4.18 may have allowed a third party with access to the device’s external storage to read cached TLS material.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-24027
CVE-2021-29509Puma is a concurrent HTTP 1.1 server for Ruby/Rack applications. The fix for CVE-2019-16770 was incomplete. The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server which received more concurrent `keep-alive` connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections. This problem has been fixed in `puma` 4.3.8 and 5.3.1. Setting `queue_requests false` also fixes the issue. This is not advised when using `puma` without a reverse proxy, such as `nginx` or `apache`, because you will open yourself to slow client attacks (e.g. slowloris). The fix is very small and a git patch is available for those using unsupported versions of Puma.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-29509
CVE-2021-22892An information disclosure vulnerability exists in the Rocket.Chat server fixed v3.13, v3.12.2 & v3.11.3 that allowed email addresses to be disclosed by enumeration and validation checks.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-22892
CVE-2021-23855The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23855
CVE-2021-23858Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23858
CVE-2021-23263Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23263
CVE-2021-4044Internally libssl in OpenSSL calls X509_verify_cert() on the client side to verify a certificate supplied by a server. That function may return a negative return value to indicate an internal error (for example out of memory). Such a negative return value is mishandled by OpenSSL and will cause an IO function (such as SSL_connect() or SSL_do_handshake()) to not indicate success and a subsequent call to SSL_get_error() to return the value SSL_ERROR_WANT_RETRY_VERIFY. This return value is only supposed to be returned by OpenSSL if the application has previously called SSL_CTX_set_cert_verify_callback(). Since most applications do not do this the SSL_ERROR_WANT_RETRY_VERIFY return value from SSL_get_error() will be totally unexpected and applications may not behave correctly as a result. The exact behaviour will depend on the application but it could result in crashes, infinite loops or other similar incorrect responses. This issue is made more serious in combination with a separate bug in OpenSSL 3.0 that will cause X509_verify_cert() to indicate an internal error when processing a certificate chain. This will occur where a certificate does not include the Subject Alternative Name extension but where a Certificate Authority has enforced name constraints. This issue can occur even with valid chains. By combining the two issues an attacker could induce incorrect, application dependent behaviour. Fixed in OpenSSL 3.0.1 (Affected 3.0.0).7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4044
CVE-2021-24893The Stars Rating WordPress plugin before 3.5.1 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the comments section, or pending comment dashboard depending if the user sent it as unauthenticated or authenticated.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-24893
CVE-2021-24906The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin (and therefore the protection offered) via a crafted request7.5https://nvd.nist.gov/vuln/detail/CVE-2021-24906
CVE-2021-24839The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-24839
CVE-2022-22533Due to improper error handling in SAP NetWeaver Application Server Java - versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22533
CVE-2022-22540SAP NetWeaver AS ABAP (Workplace Server) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22540
CVE-2022-22543SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) - versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22543
CVE-2021-23192A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23192
CVE-2022-0778The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: - TLS clients consuming server certificates - TLS servers consuming client certificates - Hosting providers taking certificates or private keys from customers - Certificate authorities parsing certification requests from subscribers - Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0778
CVE-2018-25032zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-25032
CVE-2022-24790Puma is a simple, fast, multi-threaded, parallel HTTP 1.1 server for Ruby/Rack applications. When using Puma behind a proxy that does not properly validate that the incoming HTTP request matches the RFC7230 standard, Puma and the frontend proxy may disagree on where a request starts and ends. This would allow requests to be smuggled via the front-end proxy to Puma. The vulnerability has been fixed in 5.6.4 and 4.3.12. Users are advised to upgrade as soon as possible. Workaround: when deploying a proxy in front of Puma, turning on any and all functionality to make sure that the request matches the RFC7230 standard.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24790
CVE-2022-27781libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27781
CVE-2022-27782libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27782
CVE-2022-26377Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26377
CVE-2022-29404In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29404
CVE-2022-32081MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32081
CVE-2022-32083MariaDB v10.2 to v10.6.1 was discovered to contain a segmentation fault via the component Item_subselect::init_expr_cache_tracker.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32083
CVE-2022-32086MariaDB v10.4 to v10.8 was discovered to contain a segmentation fault via the component Item_field::fix_outer_field.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32086
CVE-2022-32091MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32091
CVE-2022-34169The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java project is dormant and in the process of being retired. No future releases of Apache Xalan Java to address this issue are expected. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34169
CVE-2022-34749In mistune through 2.0.2, support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34749
CVE-2022-1485Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-1485
CVE-2022-35796Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35796
CVE-2022-38150In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38150
CVE-2021-26639This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-26639
CVE-2022-35173An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35173
CVE-2022-35198Contract Management System v2.0 contains a weak default password which gives attackers to access database connection information.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-35198
CVE-2022-2792Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-284 Improper Access Control, and stores project data in a directory with improper access control lists.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2792
CVE-2022-2362The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based download blocking restrictions.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2362
CVE-2022-34770Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a ‘tiny URL’ in Tabit’s domain, in the form of https://tbit.be/{suffix} with suffix being a 5 characters long string containing numbers, lower- and upper-case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. This is both an example of OWASP: API4 - rate limiting and OWASP: API1 - Broken object level authorization. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information. For example: The URL https://tabitisrael.co.il/online-reservations/health-statement?orgId={org_id}&healthStatementId={health_statement_id} is used to invite friends to fill a health statement before attending the restaurant. We can use the health_statement_id to access the https://tgm-api.tabit.cloud/health-statement/{health_statement_id} API which disclose medical information as well as id number.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34770
CVE-2022-34775Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34775
CVE-2022-34776Tabit - giftcard stealth. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described APIs, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a 'tiny URL' in tabits domain, in the form of https://tbit.be/{suffix} with suffix being a 5 character long string containing numbers, lower and upper case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34776
CVE-2022-37133D-link DIR-816 A2_v1.10CNB04.img reboots the router without authentication via /goform/doReboot. No authentication is required, and reboot is executed when the function returns at the end.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37133
CVE-2022-1930An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encode_structured_data method7.5https://nvd.nist.gov/vuln/detail/CVE-2022-1930
CVE-2022-32777An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the session cookie to be leaked over non-HTTPS connections. This could allow an attacker to steal the session cookie via crafted HTTP requests.This vulnerabilty is for the session cookie which can be leaked via JavaScript.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32777
CVE-2022-32778An information disclosure vulnerability exists in the cookie functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. The session cookie and the pass cookie miss the HttpOnly flag, making them accessible via JavaScript. The session cookie also misses the secure flag, which allows the session cookie to be leaked over non-HTTPS connections. This could allow an attacker to steal the session cookie via crafted HTTP requests.This vulnerability is for the pass cookie, which contains the hashed password and can be leaked via JavaScript.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32778
CVE-2022-38668HTTP applications (servers) based on Crow through 1.0+4 may reveal potentially sensitive data from stack memory when fulfilling a request for a static file smaller than 16 KB.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38668
CVE-2022-33916OPC UA .NET Standard Reference Server 1.04.368 allows a remote attacker to cause the application to access sensitive information.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-33916
CVE-2022-21208The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21208
CVE-2022-24298All versions of package freeopcua/freeopcua are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24298
CVE-2022-24381All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24381
CVE-2022-25231The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) by sending a specifically crafted OPC UA message with a special OPC UA NodeID, when the requested memory allocation exceeds the v8’s memory limit.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25231
CVE-2022-25302All versions of package asneg/opcuastack are vulnerable to Denial of Service (DoS) due to a missing handler for failed casting when unvalidated data is forwarded to boost::get function in OpcUaNodeIdBase.h. Exploiting this vulnerability is possible when sending a specifically crafted OPC UA message with a special encoded NodeId.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25302
CVE-2022-25304All versions of package opcua; all versions of package asyncua are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25304
CVE-2022-25761The package open62541/open62541 before 1.2.5, from 1.3-rc1 and before 1.3.1 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25761
CVE-2022-25888The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) due to a missing limitation on the number of received chunks - per single session or in total for all concurrent sessions. An attacker can exploit this vulnerability by sending an unlimited number of huge chunks (e.g. 2GB each) without sending the Final closing chunk.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25888
CVE-2021-20298A flaw was found in OpenEXR's B44Compressor. This flaw allows an attacker who can submit a crafted file to be processed by OpenEXR, to exhaust all memory accessible to the application. The highest threat from this vulnerability is to system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20298
CVE-2021-20304A flaw was found in OpenEXR's hufDecode functionality. This flaw allows an attacker who can pass a crafted file to be processed by OpenEXR, to trigger an undefined right shift error. The highest threat from this vulnerability is to system availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-20304
CVE-2021-3690A flaw was found in Undertow. A buffer leak on the incoming WebSocket PONG message may lead to memory exhaustion. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3690
CVE-2021-3714A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a networked service to determine if the page has been merged.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3714
CVE-2021-3800A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3800
CVE-2021-3839A flaw was found in the vhost library in DPDK. Function vhost_user_set_inflight_fd() does not validate `msg->payload.inflight.num_queues`, possibly causing out-of-bounds memory read/write. Any software using DPDK vhost library may crash as a result of this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3839
CVE-2021-3905A memory leak was found in Open vSwitch (OVS) during userspace IP fragmentation processing. An attacker could use this flaw to potentially exhaust available memory by keeping sending packet fragments.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3905
CVE-2022-28882A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aegen.dll will go into an infinite loop when unpacking PE files. This eventually leads to scanning engine crash. The exploit can be triggered remotely by an attacker.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-28882
CVE-2022-28883A Denial-of-Service (DoS) vulnerability was discovered in F-Secure & WithSecure products whereby the aerdl unpack function crashes. This can lead to a possible scanning engine crash. The exploit can be triggered remotely by an attacker.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-28883
CVE-2022-24375The package node-opcua before 2.74.0 are vulnerable to Denial of Service (DoS) when bypassing the limitations for excessive memory consumption by sending multiple CloseSession requests with the deleteSubscription parameter equal to False.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24375
CVE-2022-25903The package opcua from 0.0.0 are vulnerable to Denial of Service (DoS) via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25903
CVE-2022-27812Flooding SNS firewall 3.7.0 to 3.7.26 with udp or icmp randomizing the source through an internal to internal or external to internal interfaces will lead the firewall to overwork. It will consume 100% CPU, 100 RAM and won't be available and can crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27812
CVE-2021-0891An unprivileged app can trigger PowerVR driver to return an uninitialized heap memory causing information disclosure.Product: AndroidVersions: Android SoCAndroid ID: A-2368494907.5https://nvd.nist.gov/vuln/detail/CVE-2021-0891
CVE-2021-0946The method PVRSRVBridgePMRPDumpSymbolicAddr allocates puiMemspaceNameInt on the heap, fills the contents of the buffer via PMR_PDumpSymbolicAddr, and then copies the buffer to userspace. The method PMR_PDumpSymbolicAddr may fail, and if it does the buffer will be left uninitialized and despite the error will still be copied to userspace. Kernel leak of uninitialized heap data with no privs required.Product: AndroidVersions: Android SoCAndroid ID: A-2368469667.5https://nvd.nist.gov/vuln/detail/CVE-2021-0946
CVE-2021-0947The method PVRSRVBridgeTLDiscoverStreams allocates puiStreamsInt on the heap, fills the contents of the buffer via TLServerDiscoverStreamsKM, and then copies the buffer to userspace. The method TLServerDiscoverStreamsKM may fail for several reasons including invalid sizes. If this method fails the buffer will be left uninitialized and despite the error will still be copied to userspace. Kernel leak of uninitialized heap data with no privs required.Product: AndroidVersions: Android SoCAndroid ID: A-2368389607.5https://nvd.nist.gov/vuln/detail/CVE-2021-0947
CVE-2021-3998A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-3998
CVE-2021-43309An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43309
CVE-2021-4213A flaw was found in JSS, where it did not properly free up all memory. Over time, the wasted memory builds up in the server memory, saturating the server’s RAM. This flaw allows an attacker to force the invocation of an out-of-memory process, causing a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4213
CVE-2022-32793Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.5, watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6. An app may be able to disclose kernel memory.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32793
CVE-2022-22728A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22728
CVE-2022-37151There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37151
CVE-2017-12150It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.7.4https://nvd.nist.gov/vuln/detail/CVE-2017-12150
CVE-2021-3796vim is vulnerable to Use After Free7.3https://nvd.nist.gov/vuln/detail/CVE-2021-3796
CVE-2022-2788Emerson Electric's Proficy Machine Edition Version 9.80 and prior is vulnerable to CWE-29 Path Traversal: '\\..\\Filename', also known as a ZipSlip attack, through an upload procedure which enables attackers to implant a malicious .BLZ file on the PLC. The file can transfer through the engineering station onto Windows in a way that executes the malicious code.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-2788
CVE-2015-5252vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share.7.2https://nvd.nist.gov/vuln/detail/CVE-2015-5252
CVE-2020-17049Kerberos Security Feature Bypass Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2020-17049
CVE-2021-22900A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-22900
CVE-2021-23862A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder (VJD-7513 and VJD-8000).7.2https://nvd.nist.gov/vuln/detail/CVE-2021-23862
CVE-2022-27925Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-27925
CVE-2022-32268StarWind SAN and NAS v0.2 build 1914 allow remote code execution. A flaw was found in REST API in StarWind Stack. REST command, which allows changing the hostname, doesn’t check a new hostname parameter. It goes directly to bash as part of a script. An attacker with non-root user access can inject arbitrary data into the command that will be executed with root privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-32268
CVE-2022-33676Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-33678.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-33676
CVE-2022-33678Azure Site Recovery Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-33676.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-33678
CVE-2022-32579Improper initialization in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-32579
CVE-2022-25811The Transposh WordPress Translation WordPress plugin through 1.0.8 does not sanitise and escape the order and orderby parameters before using them in a SQL statement, leading to a SQL injection7.2https://nvd.nist.gov/vuln/detail/CVE-2022-25811
CVE-2022-25812The Transposh WordPress Translation WordPress plugin before 1.0.8 does not validate its debug settings, which could allow allowing high privilege users such as admin to perform RCE7.2https://nvd.nist.gov/vuln/detail/CVE-2022-25812
CVE-2022-34486Path traversal vulnerability in PukiWiki versions 1.4.5 to 1.5.3 allows a remote authenticated attacker with an administrative privilege to execute a malicious script via unspecified vectors.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-34486
CVE-2022-35203An access control issue in TrendNet TV-IP572PI v1.0 allows unauthenticated attackers to access sensitive system information.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-35203
CVE-2022-36285Authenticated Arbitrary File Upload vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-36285
CVE-2021-4166vim is vulnerable to Out-of-bounds Read7.1https://nvd.nist.gov/vuln/detail/CVE-2021-4166
CVE-2021-23179Out of bounds read in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow a privileged user to potentially enable information disclosure via local access.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-23179
CVE-2021-3481A flaw was found in Qt. An out-of-bounds read vulnerability was found in QRadialFetchSimd in qt/qtbase/src/gui/painting/qdrawhelper_p.h in Qt/Qtbase. While rendering and displaying a crafted Scalable Vector Graphics (SVG) file this flaw may lead to an unauthorized memory access. The highest threat from this vulnerability is to data confidentiality and the application availability.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-3481
CVE-2021-4204An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-4204
CVE-2016-5625Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging.7https://nvd.nist.gov/vuln/detail/CVE-2016-5625
CVE-2021-23892By exploiting a time of check to time of use (TOCTOU) race condition during the Endpoint Security for Linux Threat Prevention and Firewall (ENSL TP/FW) installation process, a local user can perform a privilege escalation attack to obtain administrator privileges for the purpose of executing arbitrary code through insecure use of predictable temporary file locations.7https://nvd.nist.gov/vuln/detail/CVE-2021-23892
CVE-2022-2959A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.7https://nvd.nist.gov/vuln/detail/CVE-2022-2959
CVE-2021-20316A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.6.8https://nvd.nist.gov/vuln/detail/CVE-2021-20316
CVE-2022-26363x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26363
CVE-2022-26364x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-26364
CVE-2021-33655When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-33655
CVE-2021-4178A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-4178
CVE-2022-2991A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-2991
CVE-2022-0213vim is vulnerable to Heap-based Buffer Overflow6.6https://nvd.nist.gov/vuln/detail/CVE-2022-0213
CVE-2022-1015A flaw was found in the Linux kernel in linux/net/netfilter/nf_tables_api.c of the netfilter subsystem. This flaw allows a local user to cause an out-of-bounds write issue.6.6https://nvd.nist.gov/vuln/detail/CVE-2022-1015
CVE-2015-7560The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content.6.5https://nvd.nist.gov/vuln/detail/CVE-2015-7560
CVE-2016-6207Integer overflow in the _gdContributionsAlloc function in gd_interpolation.c in GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds memory write or memory consumption) via unspecified vectors.6.5https://nvd.nist.gov/vuln/detail/CVE-2016-6207
CVE-2016-5172The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which allows remote attackers to obtain sensitive information from arbitrary memory locations via crafted JavaScript code.6.5https://nvd.nist.gov/vuln/detail/CVE-2016-5172
CVE-2016-2126Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation due to incorrect handling of the PAC (Privilege Attribute Certificate) checksum. A remote, authenticated, attacker can cause the winbindd process to crash using a legitimate Kerberos ticket. A local service with access to the winbindd privileged pipe can cause winbindd to cache elevated access permissions.6.5https://nvd.nist.gov/vuln/detail/CVE-2016-2126
CVE-2016-2125It was found that Samba before versions 4.5.3, 4.4.8, 4.3.13 always requested forwardable tickets when using Kerberos authentication. A service to which Samba authenticated using Kerberos could subsequently use the ticket to impersonate Samba to other services or domain users.6.5https://nvd.nist.gov/vuln/detail/CVE-2016-2125
CVE-2018-16841Samba from version 4.3.0 and before versions 4.7.12, 4.8.7 and 4.9.3 are vulnerable to a denial of service. When configured to accept smart-card authentication, Samba's KDC will call talloc_free() twice on the same memory if the principal in a validly signed certificate does not match the principal in the AS-REQ. This is only possible after authentication with a trusted certificate. talloc is robust against further corruption from a double-free with talloc_free() and directly calls abort(), terminating the KDC process.6.5https://nvd.nist.gov/vuln/detail/CVE-2018-16841
CVE-2018-16851Samba from version 4.0.0 and before versions 4.7.12, 4.8.7, 4.9.3 is vulnerable to a denial of service. During the processing of an LDAP search before Samba's AD DC returns the LDAP entries to the client, the entries are cached in a single memory object with a maximum size of 256MB. When this size is reached, the Samba process providing the LDAP service will follow the NULL pointer, terminating the process. There is no further vulnerability associated with this issue, merely a denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2018-16851
CVE-2019-15297res_pjsip_t38 in Sangoma Asterisk 15.x before 15.7.4 and 16.x before 16.5.1 allows an attacker to trigger a crash by sending a declined stream in a response to a T.38 re-invite initiated by Asterisk. The crash occurs because of a NULL session media object dereference.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-15297
CVE-2019-11047When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 it is possible to supply it with data what will cause it to read past the allocated buffer. This may lead to information disclosure or crash.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-11047
CVE-2015-5361Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel. These related sessions (gates) are specific to source and destination IPs and ports of client and server. The design intent of the ftps-extensions option (which is disabled by default) is to provide similar functionality when the SRX secures the FTP/FTPS client. As the control channel is encrypted, the FTP ALG cannot inspect the port specific information and will open a wider TCP data channel (gate) from client IP to server IP on all destination TCP ports. In FTP/FTPS client environments to an enterprise network or the Internet, this is the desired behavior as it allows firewall policy to be written to FTP/FTPS servers on well-known control ports without using a policy with destination IP ANY and destination port ANY. Issue The ftps-extensions option is not intended or recommended where the SRX secures the FTPS server, as the wide data channel session (gate) will allow the FTPS client temporary access to all TCP ports on the FTPS server. The data session is associated to the control channel and will be closed when the control channel session closes. Depending on the configuration of the FTPS server, supporting load-balancer, and SRX inactivity-timeout values, the server/load-balancer and SRX may keep the control channel open for an extended period of time, allowing an FTPS client access for an equal duration.? Note that the ftps-extensions option is not enabled by default.6.5https://nvd.nist.gov/vuln/detail/CVE-2015-5361
CVE-2020-29450Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the avatar upload feature. The affected versions are before version 7.2.0.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-29450
CVE-2021-22877A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-22877
CVE-2021-24158Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for lower-level users, however, they can still supply the user_role parameter to update the default role for registration.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-24158
CVE-2020-28590An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionality of Slic3r libslic3r 1.3.0 and Master Commit 92abbc42. A specially crafted obj file could lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-28590
CVE-2021-22917Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-22917
CVE-2021-22922When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-22922
CVE-2021-23861By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-23861
CVE-2022-22535SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-22535
CVE-2022-22537When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-22537
CVE-2022-22538When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-22538
CVE-2022-22539When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-22539
CVE-2022-22542S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-22542
CVE-2021-23055On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls snippet use with NGINX Ingress Controller does not apply to Ingress objects. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-23055
CVE-2022-27776A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27776
CVE-2022-31461Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-31461
CVE-2022-21499KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).6.5https://nvd.nist.gov/vuln/detail/CVE-2022-21499
CVE-2022-2056Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2056
CVE-2022-2057Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2057
CVE-2022-2058Divide By Zero error in tiffcrop in libtiff 4.4.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f3a5e010.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2058
CVE-2022-34903GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-34903
CVE-2022-32206curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-32206
CVE-2022-1482Inappropriate implementation in WebGL in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-1482
CVE-2022-30698NLnet Labs Unbound, up to and including version 1.16.1 is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a subdomain of a rogue domain name. The rogue nameserver returns delegation information for the subdomain that updates Unbound's delegation cache. This action can be repeated before expiry of the delegation information by querying Unbound for a second level subdomain which the rogue nameserver provides new delegation information. Since Unbound is a child-centric resolver, the ever-updating child delegation information can keep a rogue domain name resolvable long after revocation. From version 1.16.2 on, Unbound checks the validity of parent delegation records before using cached delegation information.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-30698
CVE-2022-30699NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the "ghost domain names" attack. The vulnerability works by targeting an Unbound instance. Unbound is queried for a rogue domain name when the cached delegation information is about to expire. The rogue nameserver delays the response so that the cached delegation information is expired. Upon receiving the delayed answer containing the delegation information, Unbound overwrites the now expired entries. This action can be repeated when the delegation information is about to expire making the rogue delegation information ever-updating. From version 1.16.2 on, Unbound stores the start time for a query and uses that to decide if the cached delegation information can be overwritten.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-30699
CVE-2022-2605Out of bounds read in Dawn in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2605
CVE-2022-2610Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2610
CVE-2022-2612Side-channel information leakage in Keyboard input in Google Chrome prior to 104.0.5112.79 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2612
CVE-2022-2615Insufficient policy enforcement in Cookies in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data via a crafted HTML page.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2615
CVE-2022-2616Inappropriate implementation in Extensions API in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to spoof the contents of the Omnibox (URL bar) via a crafted Chrome Extension.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2616
CVE-2022-2618Insufficient validation of untrusted input in Internals in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a malicious file .6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2618
CVE-2022-2622Insufficient validation of untrusted input in Safe Browsing in Google Chrome on Windows prior to 104.0.5112.79 allowed a remote attacker to bypass download restrictions via a crafted file.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2622
CVE-2022-35148maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35148
CVE-2022-36008Frontier is Substrate's Ethereum compatibility layer. A security issue was discovered affecting parsing of the RPC result of the exit reason in case of EVM reversion. In release build, this would cause the exit reason being incorrectly parsed and returned by RPC. In debug build, this would cause an overflow panic. No action is needed unless you have a bridge node that needs to distinguish different reversion exit reasons and you used RPC for this. There are currently no known workarounds.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36008
CVE-2022-36031Directus is a free and open-source data platform for headless content management. The Directus process can be aborted by having an authorized user update the `filename_disk` value to a folder and accessing that file through the `/assets` endpoint. This vulnerability has been patched and release v9.15.0 contains the fix. Users are advised to upgrade. Users unable to upgrade may prevent this problem by making sure no (untrusted) non-admin users have permissions to update the `filename_disk` field on `directus_files`.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36031
CVE-2022-25810The Transposh WordPress Translation WordPress plugin through 1.0.8 exposes a couple of sensitive actions such has “tp_reset� under the Utilities tab (/wp-admin/admin.php?page=tp_utils), which can be used/executed as the lowest-privileged user. Basically all Utilities functionalities are vulnerable this way, which involves resetting configurations and backup/restore operations.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-25810
CVE-2022-2388The WP Coder WordPress plugin before 2.5.3 does not have CSRF check in place when deleting code created by the plugin, which could allow attackers to make a logged in admin delete arbitrary ones via a CSRF attack6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2388
CVE-2022-2392The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-2392
CVE-2022-32480Dell PowerScale OneFS, versions 9.0.0, up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an insecure default initialization of a resource vulnerability. A remote authenticated attacker may potentially exploit this vulnerability, leading to information disclosure.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-32480
CVE-2022-28710An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-28710
CVE-2022-32761An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-32761
CVE-2022-35191D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-35191
CVE-2020-35992Fiserv Prologue through 2020-12-16 does not properly protect the database password. If an attacker were to gain access to the configuration file (specifically, the LogPassword attribute within appconfig.ini), they would be able to decrypt the password stored within the configuration file. This would yield cleartext credentials for the database (to gain access to financial records of customers stored within the database), and in some cases would allow remote login to the database.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-35992
CVE-2021-3670MaxQueryDuration not honoured in Samba AD DC LDAP6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3670
CVE-2022-33142Authenticated (subscriber+) Denial Of Service (DoS) vulnerability in WordPlus WordPress Better Messages plugin <= 1.9.10.57 at WordPress.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-33142
CVE-2022-34868Authenticated Arbitrary Settings Update vulnerability in YooMoney ?Kassa ??? WooCommerce plugin <= 2.3.0 at WordPress.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-34868
CVE-2022-37428PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-37428
CVE-2022-38663Jenkins Git Plugin 4.11.4 and earlier does not properly mask (i.e., replace with asterisks) credentials in the build log provided by the Git Username and Password (`gitUsernamePassword`) credentials binding.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-38663
CVE-2022-38665Jenkins CollabNet Plugins Plugin 2.0.8 and earlier stores a RabbitMQ password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-38665
CVE-2021-3975A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the virConnectGetAllDomainStats API when the guest is shutting down. An unprivileged client with a read-only connection could use this flaw to perform a denial of service attack by causing the libvirt daemon to crash.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3975
CVE-2021-4209A NULL pointer dereference flaw was found in GnuTLS. As Nettle's hash update functions internally call memcpy, providing zero-length input may cause undefined behavior. This flaw leads to a denial of service after authentication in rare circumstances.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-4209
CVE-2022-37316Archer Platform 6.8 before 6.11 P3 (6.11.0.3) contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 (6.10.0.3.1) is also a fixed release.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-37316
CVE-2022-26527Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-26527
CVE-2022-26528Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-26528
CVE-2022-26529Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-26529
CVE-2022-26362x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited.6.4https://nvd.nist.gov/vuln/detail/CVE-2022-26362
CVE-2022-38161The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA.6.4https://nvd.nist.gov/vuln/detail/CVE-2022-38161
CVE-2021-3702A race condition flaw was found in ansible-runner, where an attacker could watch for rapid creation and deletion of a temporary directory, substitute their directory at that name, and then have access to ansible-runner's private_data_dir the next time ansible-runner made use of the private_data_dir. The highest Threat out of this flaw is to integrity and confidentiality.6.3https://nvd.nist.gov/vuln/detail/CVE-2021-3702
CVE-2022-34345Improper input validation in the firmware for some Intel(R) NUC Laptop Kits before version BC0076 may allow a privileged user to potentially enable escalation of privilege via physical access.6.2https://nvd.nist.gov/vuln/detail/CVE-2022-34345
CVE-2019-6142It has been reported that XSS is possible in Forcepoint Email Security, versions 8.5 and 8.5.3. It is strongly recommended that you apply the relevant hotfix in order to remediate this issue.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-6142
CVE-2021-37412The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-37412
CVE-2022-22534Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-22534
CVE-2022-34007EQS Integrity Line Professional through 2022-07-01 allows a stored XSS via a crafted whistleblower entry.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-34007
CVE-2022-28681This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader 11.2.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the deletePages method. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-16825.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-28681
CVE-2021-24910The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the a parameter via an AJAX action (available to both unauthenticated and authenticated users when the curl library is installed) before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue6.1https://nvd.nist.gov/vuln/detail/CVE-2021-24910
CVE-2021-3639A flaw was found in mod_auth_mellon where it does not sanitize logout URLs properly. This issue could be used by an attacker to facilitate phishing attacks by tricking users into visiting a trusted web application URL that redirects to an external and potentially malicious server. The highest threat from this liability is to confidentiality and integrity.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-3639
CVE-2022-1932The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file6.1https://nvd.nist.gov/vuln/detail/CVE-2022-1932
CVE-2022-2383The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2022-2383
CVE-2022-2532The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2022-2532
CVE-2022-28598Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly neutralize user-controllable input before it is placed in output that is used as a web page that is served to other users.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-28598
CVE-2022-30690A cross-site scripting (xss) vulnerability exists in the image403 functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-30690
CVE-2022-32770A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the "toast" parameter which is inserted into the document with insufficient sanitization.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-32770
CVE-2022-32771A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the "success" parameter which is inserted into the document with insufficient sanitization.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-32771
CVE-2022-32772A cross-site scripting (xss) vulnerability exists in the footer alerts functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can get an authenticated user to send a crafted HTTP request to trigger this vulnerability.This vulnerability arrises from the "msg" parameter which is inserted into the document with insufficient sanitization.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-32772
CVE-2019-25075HTML injection combined with path traversal in the Email service in Gravitee API Management before 1.25.3 allows anonymous users to read arbitrary files via a /management/users/register request.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-25075
CVE-2022-27637Reflected cross-site scripting vulnerability in PukiWiki versions 1.5.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-27637
CVE-2022-2956A vulnerability classified as problematic has been found in ConsoleTVs Noxen. Affected is an unknown function of the file /Noxen-master/users.php. The manipulation of the argument create_user_username with the input ">--redacted-- leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-2070006.1https://nvd.nist.gov/vuln/detail/CVE-2022-2956
CVE-2022-35278In Apache ActiveMQ Artemis prior to 2.24.0, an attacker could show malicious content and/or redirect users to a malicious URL in the web console by using HTML in the name of an address or queue.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-35278
CVE-2022-29476Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification Bar for WordPress plugin <= 1.1.8 at WordPress.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-29476
CVE-2022-38172ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-38172
CVE-2022-38463ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-38463
CVE-2022-37153An issue was discovered in Artica Proxy 4.30.000000. There is a XSS vulnerability via the password parameter in /fw.login.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-37153
CVE-2022-34837Storing Passwords in a Recoverable Format vulnerability in ABB Zenon 8.20 allows an attacker who successfully exploit the vulnerability may add more network clients that may monitor various activities of the Zenon.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-34837
CVE-2022-37161Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-37161
CVE-2022-37952A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-37952
CVE-2022-37953An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-37953
CVE-2022-37318Archer Platform 6.9 SP2 P2 before 6.11 P3 (6.11.0.3) contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-37318
CVE-2022-36547Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-36547
CVE-2021-4158A NULL pointer dereference issue was found in the ACPI code of QEMU. A malicious, privileged user within the guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.6https://nvd.nist.gov/vuln/detail/CVE-2021-4158
CVE-2015-7744wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.5.9https://nvd.nist.gov/vuln/detail/CVE-2015-7744
CVE-2015-3152Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB before 5.5.44 use the --ssl option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, aka a "BACKRONYM" attack.5.9https://nvd.nist.gov/vuln/detail/CVE-2015-3152
CVE-2016-6306The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before 1.0.2i might allow remote attackers to cause a denial of service (out-of-bounds read) via crafted certificate operations, related to s3_clnt.c and s3_srvr.c.5.9https://nvd.nist.gov/vuln/detail/CVE-2016-6306
CVE-2017-3732There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL 1.0.2 before 1.0.2k and 1.1.0 before 1.1.0d. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites. Note: This issue is very similar to CVE-2015-3193 but must be treated as a separate problem.5.9https://nvd.nist.gov/vuln/detail/CVE-2017-3732
CVE-2018-0735The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).5.9https://nvd.nist.gov/vuln/detail/CVE-2018-0735
CVE-2018-0734The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.1a (Affected 1.1.1). Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.0.2q (Affected 1.0.2-1.0.2p).5.9https://nvd.nist.gov/vuln/detail/CVE-2018-0734
CVE-2020-1971The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).5.9https://nvd.nist.gov/vuln/detail/CVE-2020-1971
CVE-2021-3449An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).5.9https://nvd.nist.gov/vuln/detail/CVE-2021-3449
CVE-2021-22916In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-22916
CVE-2021-22947When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-22947
CVE-2022-23634Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-23634
CVE-2022-32208When curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-32208
CVE-2022-2790Emerson Electric's Proficy Machine Edition Version 9.00 and prior is vulenrable to CWE-347 Improper Verification of Cryptographic Signature, and does not properly verify compiled logic (PDT files) and data blocks data (BLD/BLK files).5.9https://nvd.nist.gov/vuln/detail/CVE-2022-2790
CVE-2021-20066JSDom improperly allows the loading of local resources, which allows for local files to be manipulated by a malicious web page when script execution is enabled.5.6https://nvd.nist.gov/vuln/detail/CVE-2021-20066
CVE-2021-3672A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.5.6https://nvd.nist.gov/vuln/detail/CVE-2021-3672
CVE-2016-0651Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows local users to affect availability via vectors related to Optimizer.5.5https://nvd.nist.gov/vuln/detail/CVE-2016-0651
CVE-2020-16287A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16287
CVE-2020-16288A buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16288
CVE-2020-16289A buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16289
CVE-2020-16290A buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16290
CVE-2020-16291A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16291
CVE-2020-16292A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16292
CVE-2020-16293A null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16293
CVE-2020-16294A buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16294
CVE-2020-16295A null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16295
CVE-2020-16296A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16296
CVE-2020-16297A buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16297
CVE-2020-16298A buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16298
CVE-2020-16299A Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16299
CVE-2020-16300A buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16300
CVE-2020-16301A buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-16301
CVE-2021-23135Exposure of System Data to an Unauthorized Control Sphere vulnerability in web UI of Argo CD allows attacker to cause leaked secret data into web UI error messages and logs. This issue affects Argo CD 1.8 versions prior to 1.8.7; 1.7 versions prior to 1.7.14.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-23135
CVE-2021-3875vim is vulnerable to Heap-based Buffer Overflow5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3875
CVE-2021-4193vim is vulnerable to Out-of-bounds Read5.5https://nvd.nist.gov/vuln/detail/CVE-2021-4193
CVE-2022-0156vim is vulnerable to Use After Free5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0156
CVE-2022-0319Out-of-bounds Read in vim/vim prior to 8.2.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0319
CVE-2021-23207An attacker with physical access to the host can extract the secrets from the registry and create valid JWT tokens for the Fresenius Kabi Vigilant MasterMed version 2.0.1.3 application and impersonate arbitrary users. An attacker could manipulate RabbitMQ queues and messages by impersonating users.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-23207
CVE-2022-0714Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4436.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-0714
CVE-2022-21151Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-21151
CVE-2022-1771Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1771
CVE-2022-2208NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2208
CVE-2022-33917An issue was discovered in the Arm Mali GPU Kernel Driver (Valhall r29p0 through r38p0). A non-privileged user can make improper GPU processing operations to gain access to already freed memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-33917
CVE-2021-26257Improper buffer restrictions in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.120 may allow an authenticated user to potentially enable denial of service via local access.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-26257
CVE-2022-21233Improper isolation of shared resources in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-21233
CVE-2022-21793Insufficient control flow management in the Intel(R) Ethernet 500 Series Controller drivers for VMWare before version 1.11.4.0 and in the Intel(R) Ethernet 700 Series Controller drivers for VMWare before version 2.1.5.0 may allow an authenticated user to potentially enable a denial of service via local access.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-21793
CVE-2022-26373Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-26373
CVE-2022-2873An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2873
CVE-2022-31238Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain a process invoked with sensitive information vulnerability. A CLI user may potentially exploit this vulnerability, leading to information disclosure.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-31238
CVE-2022-2923NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2923
CVE-2021-3736A flaw was found in the Linux kernel. A memory leak problem was found in mbochs_ioctl in samples/vfio-mdev/mbochs.c in Virtual Function I/O (VFIO) Mediated devices. This flaw could allow a local attacker to leak internal kernel information.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3736
CVE-2021-3759A memory overflow vulnerability was found in the Linux kernel’s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3759
CVE-2021-3764A memory leak flaw was found in the Linux kernel's ccp_run_aes_gcm_cmd() function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3764
CVE-2021-3798A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject, nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3798
CVE-2021-3917A flaw was found in the coreos-installer, where it writes the Ignition config to the target system with world-readable access permissions. This flaw allows a local attacker to have read access to potentially sensitive data. The highest threat from this vulnerability is to confidentiality.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3917
CVE-2021-3995A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3995
CVE-2021-3996A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3996
CVE-2021-3997A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3997
CVE-2022-33172de.fac2 1.34 allows bypassing the User Presence protection mechanism when there is malware on the victim's PC.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-33172
CVE-2021-0698In PVRSRVBridgeHeapCfgHeapDetails, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-2368481655.5https://nvd.nist.gov/vuln/detail/CVE-2021-0698
CVE-2021-0887In PVRSRVBridgeHeapCfgHeapConfigName, there is a possible leak of kernel heap content due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-2368488175.5https://nvd.nist.gov/vuln/detail/CVE-2021-0887
CVE-2021-4142The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use the SCA (simple content access) certificate for authentication with Candlepin.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-4142
CVE-2021-4155A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-4155
CVE-2021-4214A heap overflow flaw was found in libpngs' pngimage.c program. This flaw allows an attacker with local network access to pass a specially crafted PNG file to the pngimage utility, causing an application to crash, leading to a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-4214
CVE-2021-4218A flaw was found in the Linux kernel’s implementation of reading the SVC RDMA counters. Reading the counter sysctl panics the system. This flaw allows a local attacker with local access to cause a denial of service while the system reboots. The issue is specific to CentOS/RHEL.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-4218
CVE-2022-2569The affected device stores sensitive information in cleartext, which may allow an authenticated user to access session data stored in the OAuth database belonging to legitimate users5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2569
CVE-2022-32834An access issue was addressed with improvements to the sandbox. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina. An app may be able to access sensitive user information.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-32834
CVE-2022-32838A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6. An app may be able to read arbitrary files.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-32838
CVE-2022-37292Tenda AX12 V22.03.01.21_CN is vulnerable to Buffer Overflow. This overflow is triggered in the sub_42FDE4 function, which satisfies the request of the upper-level interface function sub_430124, that is, handles the post request under /goform/SetIpMacBind.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-37292
CVE-2020-27797An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-27797
CVE-2020-27798An invalid memory address reference was discovered in the adjABS function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-27798
CVE-2020-27802An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-27802
CVE-2021-20224An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum() function in MagickCore/quantum-export.c. Function calls to GetPixelIndex() could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead to an undefined behaviour or a crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-20224
CVE-2021-23159A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function lsx_read_w_buf() in formats_i.c file. The vulnerability is exploitable with a crafted file, that could cause an application to crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-23159
CVE-2021-23172A vulnerability was found in SoX, where a heap-buffer-overflow occurs in function startread() in hcom.c file. The vulnerability is exploitable with a crafted hcomn file, that could cause an application to crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-23172
CVE-2021-23210A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-23210
CVE-2021-33844A floating point exception (divide-by-zero) issue was discovered in SoX in functon startread() of wav.c file. An attacker with a crafted wav file, could cause an application to crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-33844
CVE-2022-2980NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2980
CVE-2021-3669A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3669
CVE-2015-5296Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unencrypted downgrade attacks by modifying the client-server data stream, related to clidfs.c, libsmb_server.c, and smbXcli_base.c.5.4https://nvd.nist.gov/vuln/detail/CVE-2015-5296
CVE-2019-3880A flaw was found in the way samba implemented an RPC endpoint emulating the Windows registry service API. An unprivileged attacker could use this flaw to create a new registry hive file anywhere they have unix permissions which could lead to creation of a new file in the Samba share. Versions before 4.8.11, 4.9.6 and 4.10.2 are vulnerable.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-3880
CVE-2019-14902There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-14902
CVE-2020-7064In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-7064
CVE-2022-22546Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) - version 420.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-22546
CVE-2021-24911The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape the tk0 parameter from the tp_translation AJAX action, leading to Stored Cross-Site Scripting, which will trigger in the admin dashboard of the plugin. The minimum role needed to perform such attack depends on the plugin "Who can translate ?" setting.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-24911
CVE-2021-24912The Transposh WordPress Translation WordPress plugin before 1.0.8 does not have CSRF check in its tp_translation AJAX action, which could allow attackers to make authorised users add a translation. Given the lack of sanitisation in the tk0 parameter, this could lead to a Stored Cross-Site Scripting issue which will be executed in the context of a logged in admin5.4https://nvd.nist.gov/vuln/detail/CVE-2021-24912
CVE-2022-2312The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting5.4https://nvd.nist.gov/vuln/detail/CVE-2022-2312
CVE-2022-2375The WP Sticky Button WordPress plugin before 1.4.1 does not have authorisation and CSRF checks when saving its settings, allowing unauthenticated users to update them. Furthermore, due to the lack of escaping in some of them, it could lead to Stored Cross-Site Scripting issues5.4https://nvd.nist.gov/vuln/detail/CVE-2022-2375
CVE-2022-2829Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-2829
CVE-2022-36350Stored cross-site scripting vulnerability in PukiWiki versions 1.3.1 to 1.5.3 allows a remote attacker to inject an arbitrary script via unspecified vectors.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36350
CVE-2022-34648Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov Uploading SVG, WEBP and ICO files plugin <= 1.0.1 at WordPress.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-34648
CVE-2022-34658Multiple Authenticated (contributor+) Persistent Cross-Site Scripting (XSS) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-34658
CVE-2022-36282Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's Search Exclude plugin <= 1.2.6 at WordPress.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36282
CVE-2022-36341Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS) vulnerability in Akash soni's AS – Create Pinterest Pinboard Pages plugin <= 1.0 at WordPress.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36341
CVE-2022-36347Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine PhotoTile for Pinterest plugin <= 1.3.1 at WordPress.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36347
CVE-2022-36405Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts and Maps plugin <= 1.4 at WordPress.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36405
CVE-2022-38664Jenkins Job Configuration History Plugin 1165.v8cc9fd1f4597 and earlier does not escape the job name on the System Configuration History page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure job names.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-38664
CVE-2022-38080Reflected cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-38080
CVE-2022-38089Stored cross-site scripting vulnerability in Exment ((PHP8) exceedone/exment v5.0.2 and earlier and exceedone/laravel-admin v3.0.0 and earlier, (PHP7) exceedone/exment v4.4.2 and earlier and exceedone/laravel-admin v2.2.2 and earlier) allows a remote authenticated attacker to inject an arbitrary script.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-38089
CVE-2018-14520An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.5.4https://nvd.nist.gov/vuln/detail/CVE-2018-14520
CVE-2022-37239MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the rulles_list_ajax endpoint.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37239
CVE-2022-37241MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the data_leak_list_ajax endpoint.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37241
CVE-2022-37243MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the whitelist endpoint.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37243
CVE-2022-37244MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to IFRAME Injectionvia the currentRequest parameter. after login leads to inject malicious tag leads to IFRAME injection.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37244
CVE-2022-37245MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the Blacklist endpoint.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37245
CVE-2022-37238MDaemon Technologies SecurityGateway for Email Servers 8.5.2 is vulnerable to Cross Site Scripting (XSS) via the currentRequest parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37238
CVE-2022-37160Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with administrative rights by opening an SVG file as an administrator user.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37160
CVE-2022-37162Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain javascript code execution by adding arbitrary javascript code in the 'Location' field of a calendar event.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37162
CVE-2022-32746A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-32746
CVE-2022-36527Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the post title text field under the publish blog module.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36527
CVE-2022-37317Archer Platform 6.x before 6.11 P3 contain an HTML injection vulnerability. An authenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user to execute malicious code in the context of the web application. 6.10 P4 (6.10.0.4) and 6.11 P2 HF4 (6.11.0.2.4) are also fixed releases.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37317
CVE-2022-37150An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS vulnerability via firstname, address, middlename, lastname , gender, email, contact parameters.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-37150
CVE-2022-36548Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36548
CVE-2015-5299The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.5.3https://nvd.nist.gov/vuln/detail/CVE-2015-5299
CVE-2020-2752Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).5.3https://nvd.nist.gov/vuln/detail/CVE-2020-2752
CVE-2020-10700A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control is combined with the 'ASQ' control. A malicious user in a samba AD could use this flaw to cause denial of service. This issue affects all samba versions before 4.10.15, before 4.11.8 and before 4.12.2.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-10700
CVE-2020-14550Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).5.3https://nvd.nist.gov/vuln/detail/CVE-2020-14550
CVE-2020-7071In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with invalid password as valid URL. This may lead to functions that rely on URL being valid to mis-parse the URL and produce wrong data as components of the URL.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-7071
CVE-2021-22897curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-22897
CVE-2021-23053On version 15.1.x before 15.1.3, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.6, when the brute force protection feature of BIG-IP Advanced WAF or BIG-IP ASM is enabled on a virtual server and the virtual server is under brute force attack, the MySQL database may run out of disk space due to lack of row limit on undisclosed tables in the MYSQL database. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-23053
CVE-2021-3503A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-3503
CVE-2022-28614The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-28614
CVE-2022-2097AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).5.3https://nvd.nist.gov/vuln/detail/CVE-2022-2097
CVE-2022-38392Certain 5400 RPM hard drives, for laptops and other PCs in approximately 2005 and later, allow physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video. A reported product is Seagate STDT4000100 763649053447.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-38392
CVE-2022-35692Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of another user's account detials. Exploitation of this issue does not require user interaction.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-35692
CVE-2022-34774Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover (the mail can be used to reset password).5.3https://nvd.nist.gov/vuln/detail/CVE-2022-34774
CVE-2022-33932Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.2, contain an unprotected primary channel vulnerability. An unauthenticated network malicious attacker may potentially exploit this vulnerability, leading to a denial of filesystem services.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-33932
CVE-2022-1989All CODESYS Visualization versions before V4.2.0.0 generate a login dialog vulnerable to information exposure allowing a remote, unauthenticated attacker to enumerate valid users.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-1989
CVE-2022-35242Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-35242
CVE-2021-4040A flaw was found in AMQ Broker. This issue can cause a partial interruption to the availability of AMQ Broker via an Out of memory (OOM) condition. This flaw allows an attacker to partially disrupt availability to the broker through a sustained attack of maliciously crafted messages. The highest threat from this vulnerability is system availability.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-4040
CVE-2021-4189A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-4189
CVE-2022-23235Active IQ Unified Manager for VMware vSphere, Linux, and Microsoft Windows versions prior to 9.10P1 are susceptible to a vulnerability which could allow an attacker to discover cluster, node and Active IQ Unified Manager specific information via AutoSupport telemetry data that is sent even when AutoSupport has been disabled.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-23235
CVE-2019-2739Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).5.1https://nvd.nist.gov/vuln/detail/CVE-2019-2739
CVE-2022-32769Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Playlists plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's playlists.5https://nvd.nist.gov/vuln/detail/CVE-2022-32769
CVE-2016-3495Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.4.9https://nvd.nist.gov/vuln/detail/CVE-2016-3495
CVE-2016-5507Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.4.9https://nvd.nist.gov/vuln/detail/CVE-2016-5507
CVE-2016-5628Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.4.9https://nvd.nist.gov/vuln/detail/CVE-2016-5628
CVE-2016-5631Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.4.9https://nvd.nist.gov/vuln/detail/CVE-2016-5631
CVE-2016-5632Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.4.9https://nvd.nist.gov/vuln/detail/CVE-2016-5632
CVE-2016-5633Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290.4.9https://nvd.nist.gov/vuln/detail/CVE-2016-5633
CVE-2016-5634Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR.4.9https://nvd.nist.gov/vuln/detail/CVE-2016-5634
CVE-2016-5635Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.4.9https://nvd.nist.gov/vuln/detail/CVE-2016-5635
CVE-2020-2812Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-2812
CVE-2020-2814Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.6.47 and prior, 5.7.28 and prior and 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2020-2814
CVE-2021-2154Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2021-2154
CVE-2021-2166Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2021-2166
CVE-2021-2180Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2021-2180
CVE-2021-2194Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2021-2194
CVE-2022-22545A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform - versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-22545
CVE-2022-21427Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2022-21427
CVE-2021-29891IBM OPENBMC OP910 and OP940 could allow a privileged user to upload an improper site identity certificate that may cause it to lose network services. IBM X-Force ID: 207221.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-29891
CVE-2022-35235Authenticated (admin+) Arbitrary File Read vulnerability in XplodedThemes WPide plugin <= 2.6 at WordPress.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-35235
CVE-2022-1566The Quotes llama WordPress plugin before 1.0.0 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file4.8https://nvd.nist.gov/vuln/detail/CVE-2022-1566
CVE-2022-2361The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2361
CVE-2022-2407The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2407
CVE-2022-2796Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.4.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-2796
CVE-2016-0642Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.4.7https://nvd.nist.gov/vuln/detail/CVE-2016-0642
CVE-2021-3521There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources.4.7https://nvd.nist.gov/vuln/detail/CVE-2021-3521
CVE-2022-21385A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)4.6https://nvd.nist.gov/vuln/detail/CVE-2022-21385
CVE-2021-23211Cleartext Storage of Sensitive Information in Memory vulnerability in Gallagher Command Centre Server allows Cloud end-to-end encryption key to be discoverable in server memory dumps. This issue affects: Gallagher Command Centre 8.40 versions prior to 8.40.1888 (MR3).4.4https://nvd.nist.gov/vuln/detail/CVE-2021-23211
CVE-2021-33126Improper access control in the firmware for some Intel(R) 700 and 722 Series Ethernet Controllers and Adapters before versions 8.5 and 1.5.5 may allow a privileged user to potentially enable denial of service via local access.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-33126
CVE-2021-33128Improper access control in the firmware for some Intel(R) E810 Ethernet Controllers before version 1.6.0.6 may allow a privileged user to potentially enable denial of service via local access.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-33128
CVE-2021-4159A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-4159
CVE-2017-3464Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.54 and earlier, 5.6.35 and earlier and 5.7.17 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2017-3464
CVE-2017-3651Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Client mysqldump). Supported versions that are affected are 5.5.56 and earlier, 5.6.36 and earlier and 5.7.18 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2017-3651
CVE-2018-2813Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 5.5.59 and prior, 5.6.39 and prior and 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2018-2813
CVE-2018-3058Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2018-3058
CVE-2021-2032Vulnerability in the MySQL Server product of Oracle MySQL (component: Information Schema). Supported versions that are affected are 5.7.32 and prior and 8.0.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2021-2032
CVE-2020-1723A flaw was found in Keycloak Gatekeeper (Louketo). The logout endpoint can be abused to redirect logged-in users to arbitrary web pages. Affected versions of Keycloak Gatekeeper (Louketo): 6.0.1, 7.0.04.3https://nvd.nist.gov/vuln/detail/CVE-2020-1723
CVE-2021-24164In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to establish a connection. They could also retrieve the client_id for an already established OAuth connection.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-24164
CVE-2021-24851The Insert Pages WordPress plugin before 3.7.0 allows users with a role as low as Contributor to access content and metadata from arbitrary posts/pages regardless of their author and status (ie private), using a shortcode. Password protected posts/pages are not affected by such issue.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-24851
CVE-2021-23173The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-23173
CVE-2021-23265A logged-in and authenticated user with a Reviewer Role may lock a content item.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-23265
CVE-2022-1306Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-1306
CVE-2022-1307Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-1307
CVE-2022-2479Insufficient validation of untrusted input in File in Google Chrome on Android prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious app to obtain potentially sensitive information from internal file directories via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2479
CVE-2022-2611Inappropriate implementation in Fullscreen API in Google Chrome on Android prior to 104.0.5112.79 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2611
CVE-2022-2619Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2619
CVE-2022-2172The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2172
CVE-2022-2198The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2198
CVE-2022-2275The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2275
CVE-2022-2276The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2276
CVE-2022-2377The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2377
CVE-2022-2382The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2382
CVE-2022-2389The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2389
CVE-2021-3763A flaw was found in the Red Hat AMQ Broker management console in version 7.8 where an existing user is able to access some limited information even when the role the user is assigned to should not be allow access to the management console. The main impact is to confidentiality as this flaw means some role bindings are incorrectly checked, some privileged meta information such as queue names and configuration details are disclosed but the impact is limited as not all information is accessible and there is no affect to integrity.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-3763
CVE-2022-2965Improper Restriction of Rendered UI Layers or Frames in GitHub repository notrinos/notrinoserp prior to 0.7.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2965
CVE-2021-4122It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4122
CVE-2018-14519An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.4.3https://nvd.nist.gov/vuln/detail/CVE-2018-14519
CVE-2022-36358Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-36358
CVE-2022-32768Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of WWBN AVideo 11.6 and dev master commit 3f7c0364. A specially-crafted HTTP request by an authenticated user can lead to unauthorized access and takeover of resources. An attacker can send an HTTP request to trigger this vulnerability.This vulnerability exists in the Live Schedules plugin, allowing an attacker to bypass authentication by guessing a sequential ID, allowing them to take over the another user's streams.4.2https://nvd.nist.gov/vuln/detail/CVE-2022-32768
CVE-2021-22924libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take 'issuercert' into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn't include the 'issuer cert' which a transfer can setto qualify how to verify the server certificate.3.7https://nvd.nist.gov/vuln/detail/CVE-2021-22924
CVE-2021-41136Puma is a HTTP 1.1 server for Ruby/Rack applications. Prior to versions 5.5.1 and 4.3.9, using `puma` with a proxy which forwards HTTP header values which contain the LF character could allow HTTP request smugggling. A client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. The only proxy which has this behavior, as far as the Puma team is aware of, is Apache Traffic Server. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This vulnerability was patched in Puma 5.5.1 and 4.3.9. As a workaround, do not use Apache Traffic Server with `puma`.3.7https://nvd.nist.gov/vuln/detail/CVE-2021-41136
CVE-2022-34771Tabit - arbitrary SMS send on Tabits behalf. The resend OTP API of tabit allows an adversary to send messages on tabits behalf to anyone registered on the system - the API receives the parameters: phone number, and CustomMessage, We can use that API to craft malicious messages to any user of the system. In addition, the API probably has some kind of template injection potential. When entering {{OTP}} in the custom message field it is formatted into an OTP.3.5https://nvd.nist.gov/vuln/detail/CVE-2022-34771
CVE-2018-3066Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Options). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).3.3https://nvd.nist.gov/vuln/detail/CVE-2018-3066
CVE-2022-0158vim is vulnerable to Heap-based Buffer Overflow3.3https://nvd.nist.gov/vuln/detail/CVE-2022-0158
CVE-2022-20359In various methods of NotificationManagerService.java, there is a possible way to view notifications while lockdown is enabled due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-1737213733.3https://nvd.nist.gov/vuln/detail/CVE-2022-20359
CVE-2022-31237Dell PowerScale OneFS, versions 9.2.0 up to and including 9.2.1.12 and 9.3.0.5 contain an improper preservation of permissions vulnerability in SyncIQ. A low privileged local attacker may potentially exploit this vulnerability, leading to limited information disclosure.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-31237
CVE-2021-22898curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.3.1https://nvd.nist.gov/vuln/detail/CVE-2021-22898
CVE-2004-0686Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.https://nvd.nist.gov/vuln/detail/CVE-2004-0686
CVE-2004-0589Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.https://nvd.nist.gov/vuln/detail/CVE-2004-0589
CVE-2007-2444Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user.https://nvd.nist.gov/vuln/detail/CVE-2007-2444
CVE-2007-3007PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this issue might also involve the realpath function.https://nvd.nist.gov/vuln/detail/CVE-2007-3007
CVE-2008-1105Heap-based buffer overflow in the receive_smb_raw function in util/sock.c in Samba 3.0.0 through 3.0.29 allows remote attackers to execute arbitrary code via a crafted SMB response.https://nvd.nist.gov/vuln/detail/CVE-2008-1105
CVE-2008-3804Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) Forwarding Infrastructure (MFI) in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (memory corruption) via crafted packets for which the software path is used.https://nvd.nist.gov/vuln/detail/CVE-2008-3804
CVE-2008-6566Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a "major security" vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2008-6566
CVE-2009-1888The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory.https://nvd.nist.gov/vuln/detail/CVE-2009-1888
CVE-2010-2063Buffer overflow in the SMB1 packet chaining implementation in the chain_reply function in process.c in smbd in Samba 3.0.x before 3.3.13 allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a crafted field in a packet.https://nvd.nist.gov/vuln/detail/CVE-2010-2063
CVE-2010-3069Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse functions in Samba before 3.5.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted Windows Security ID (SID) on a file share.https://nvd.nist.gov/vuln/detail/CVE-2010-3069
CVE-2010-0215ActiveCollab before 2.3.2 allows remote authenticated users to bypass intended access restrictions, and (1) delete an attachment or (2) subscribe to an object, via a crafted URL.https://nvd.nist.gov/vuln/detail/CVE-2010-0215
CVE-2011-2522Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.https://nvd.nist.gov/vuln/detail/CVE-2011-2522
CVE-2011-4566Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.https://nvd.nist.gov/vuln/detail/CVE-2011-4566
CVE-2012-1688Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.https://nvd.nist.gov/vuln/detail/CVE-2012-1688
CVE-2012-1690Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.https://nvd.nist.gov/vuln/detail/CVE-2012-1690
CVE-2012-1697Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.https://nvd.nist.gov/vuln/detail/CVE-2012-1697
CVE-2012-0540Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.https://nvd.nist.gov/vuln/detail/CVE-2012-0540
CVE-2012-1689Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.https://nvd.nist.gov/vuln/detail/CVE-2012-1689
CVE-2012-1734Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.https://nvd.nist.gov/vuln/detail/CVE-2012-1734
CVE-2012-1756Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors.https://nvd.nist.gov/vuln/detail/CVE-2012-1756
CVE-2012-1757Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.https://nvd.nist.gov/vuln/detail/CVE-2012-1757
CVE-2012-3150Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.https://nvd.nist.gov/vuln/detail/CVE-2012-3150
CVE-2012-3166Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.https://nvd.nist.gov/vuln/detail/CVE-2012-3166
CVE-2012-3173Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.https://nvd.nist.gov/vuln/detail/CVE-2012-3173
CVE-2012-3180Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.https://nvd.nist.gov/vuln/detail/CVE-2012-3180
CVE-2012-5614Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.https://nvd.nist.gov/vuln/detail/CVE-2012-5614
CVE-2012-0572Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.https://nvd.nist.gov/vuln/detail/CVE-2012-0572
CVE-2012-0574Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.https://nvd.nist.gov/vuln/detail/CVE-2012-0574
CVE-2012-0578Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.https://nvd.nist.gov/vuln/detail/CVE-2012-0578
CVE-2012-1705Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.https://nvd.nist.gov/vuln/detail/CVE-2012-1705
CVE-2013-0367Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.https://nvd.nist.gov/vuln/detail/CVE-2013-0367
CVE-2013-0368Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.https://nvd.nist.gov/vuln/detail/CVE-2013-0368
CVE-2013-0371Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.https://nvd.nist.gov/vuln/detail/CVE-2013-0371
CVE-2013-0383Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.https://nvd.nist.gov/vuln/detail/CVE-2013-0383
CVE-2013-1512Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.https://nvd.nist.gov/vuln/detail/CVE-2013-1512
CVE-2013-1526Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.https://nvd.nist.gov/vuln/detail/CVE-2013-1526
CVE-2013-1532Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.https://nvd.nist.gov/vuln/detail/CVE-2013-1532
CVE-2013-1544Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.https://nvd.nist.gov/vuln/detail/CVE-2013-1544
CVE-2013-1555Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.https://nvd.nist.gov/vuln/detail/CVE-2013-1555
CVE-2013-2376Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.https://nvd.nist.gov/vuln/detail/CVE-2013-2376
CVE-2013-2389Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.https://nvd.nist.gov/vuln/detail/CVE-2013-2389
CVE-2013-2392Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.https://nvd.nist.gov/vuln/detail/CVE-2013-2392
CVE-2013-3783Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Parser.https://nvd.nist.gov/vuln/detail/CVE-2013-3783
CVE-2013-3793Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.https://nvd.nist.gov/vuln/detail/CVE-2013-3793
CVE-2013-3794Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.https://nvd.nist.gov/vuln/detail/CVE-2013-3794
CVE-2013-3802Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.https://nvd.nist.gov/vuln/detail/CVE-2013-3802
CVE-2013-3804Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.https://nvd.nist.gov/vuln/detail/CVE-2013-3804
CVE-2013-3805Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Prepared Statements.https://nvd.nist.gov/vuln/detail/CVE-2013-3805
CVE-2013-3808Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.https://nvd.nist.gov/vuln/detail/CVE-2013-3808
CVE-2013-3809Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.https://nvd.nist.gov/vuln/detail/CVE-2013-3809
CVE-2012-5627Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.https://nvd.nist.gov/vuln/detail/CVE-2012-5627
CVE-2013-3839Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.https://nvd.nist.gov/vuln/detail/CVE-2013-3839
CVE-2013-5891Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.https://nvd.nist.gov/vuln/detail/CVE-2013-5891
CVE-2014-0386Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.https://nvd.nist.gov/vuln/detail/CVE-2014-0386
CVE-2014-0401Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.https://nvd.nist.gov/vuln/detail/CVE-2014-0401
CVE-2014-0402Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.https://nvd.nist.gov/vuln/detail/CVE-2014-0402
CVE-2014-0412Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.https://nvd.nist.gov/vuln/detail/CVE-2014-0412
CVE-2013-4496Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.https://nvd.nist.gov/vuln/detail/CVE-2013-4496
CVE-2010-5298Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows remote attackers to inject data across sessions or cause a denial of service (use-after-free and parsing error) via an SSL connection in a multithreaded environment.https://nvd.nist.gov/vuln/detail/CVE-2010-5298
CVE-2014-0384Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to XML.https://nvd.nist.gov/vuln/detail/CVE-2014-0384
CVE-2014-2419Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.https://nvd.nist.gov/vuln/detail/CVE-2014-2419
CVE-2014-0198The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, does not properly manage a buffer pointer during certain recursive calls, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors that trigger an alert condition.https://nvd.nist.gov/vuln/detail/CVE-2014-0198
CVE-2014-0239The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.https://nvd.nist.gov/vuln/detail/CVE-2014-0239
CVE-2014-0221The dtls1_get_message_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote attackers to cause a denial of service (recursion and client crash) via a DTLS hello message in an invalid DTLS handshake.https://nvd.nist.gov/vuln/detail/CVE-2014-0221
CVE-2014-3470The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value.https://nvd.nist.gov/vuln/detail/CVE-2014-3470
CVE-2014-4049Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.https://nvd.nist.gov/vuln/detail/CVE-2014-4049
CVE-2014-2494Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to ENARC.https://nvd.nist.gov/vuln/detail/CVE-2014-2494
CVE-2014-4207Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier allows remote authenticated users to affect availability via vectors related to SROPTZR.https://nvd.nist.gov/vuln/detail/CVE-2014-4207
CVE-2014-4274Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.https://nvd.nist.gov/vuln/detail/CVE-2014-4274
CVE-2014-4287Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.https://nvd.nist.gov/vuln/detail/CVE-2014-4287
CVE-2014-6464Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.https://nvd.nist.gov/vuln/detail/CVE-2014-6464
CVE-2014-6478Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.https://nvd.nist.gov/vuln/detail/CVE-2014-6478
CVE-2014-6484Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.https://nvd.nist.gov/vuln/detail/CVE-2014-6484
CVE-2014-6494Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.https://nvd.nist.gov/vuln/detail/CVE-2014-6494
CVE-2014-6495Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.https://nvd.nist.gov/vuln/detail/CVE-2014-6495
CVE-2014-6496Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.https://nvd.nist.gov/vuln/detail/CVE-2014-6496
CVE-2014-6505Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.https://nvd.nist.gov/vuln/detail/CVE-2014-6505
CVE-2014-6507Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.https://nvd.nist.gov/vuln/detail/CVE-2014-6507
CVE-2014-6520Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.https://nvd.nist.gov/vuln/detail/CVE-2014-6520
CVE-2014-6559Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.https://nvd.nist.gov/vuln/detail/CVE-2014-6559
CVE-2014-6564Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.https://nvd.nist.gov/vuln/detail/CVE-2014-6564
CVE-2015-0381Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.https://nvd.nist.gov/vuln/detail/CVE-2015-0381
CVE-2015-0382Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.https://nvd.nist.gov/vuln/detail/CVE-2015-0382
CVE-2015-0391Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.https://nvd.nist.gov/vuln/detail/CVE-2015-0391
CVE-2015-0432Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.https://nvd.nist.gov/vuln/detail/CVE-2015-0432
CVE-2015-0433Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.https://nvd.nist.gov/vuln/detail/CVE-2015-0433
CVE-2015-0441Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption.https://nvd.nist.gov/vuln/detail/CVE-2015-0441
CVE-2015-2620Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.https://nvd.nist.gov/vuln/detail/CVE-2015-2620
CVE-2022-36945The Remote Keyless Entry (RKE) receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.https://nvd.nist.gov/vuln/detail/CVE-2022-36945
CVE-2022-37305The Remote Keyless Entry (RKE) receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.https://nvd.nist.gov/vuln/detail/CVE-2022-37305
CVE-2022-37418The Remote Keyless Entry (RKE) receiving unit on certain Nissan, Kia, and Hyundai vehicles through 2017 allows remote attackers to perform unlock operations and force a resynchronization after capturing two consecutive valid key fob signals over the radio, aka a RollBack attack. The attacker retains the ability to unlock indefinitely.https://nvd.nist.gov/vuln/detail/CVE-2022-37418
CVE-2022-38078Movable Type XMLRPC API provided by Six Apart Ltd. contains a command injection vulnerability. Sending a specially crafted message by POST method to Movable Type XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. Affected products and versions are as follows: Movable Type 7 r.5202 and earlier, Movable Type Advanced 7 r.5202 and earlier, Movable Type 6.8.6 and earlier, Movable Type Advanced 6.8.6 and earlier, Movable Type Premium 1.52 and earlier, and Movable Type Premium Advanced 1.52 and earlier. Note that all versions of Movable Type 4.0 or later including unsupported (End-of-Life, EOL) versions are also affected by this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-38078
CVE-2022-36633Teleport 9.3.6 is vulnerable to Command injection leading to Remote Code Execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social engineering attack. This is fully unauthenticated attack utilizing the trusted teleport server to deliver the payload.https://nvd.nist.gov/vuln/detail/CVE-2022-36633
CVE-2022-34836Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start and stop of various activity and the last error code etc.https://nvd.nist.gov/vuln/detail/CVE-2022-34836
CVE-2022-32857This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security Update 2022-005 Catalina, iOS 15.6 and iPadOS 15.6, tvOS 15.6, watchOS 8.7. A user in a privileged network position can track a user’s activity.https://nvd.nist.gov/vuln/detail/CVE-2022-32857
CVE-2022-32427PrinterLogic Windows Client through 25.0.0.676 allows attackers to execute directory traversal. Authenticated users with prior knowledge of the driver filename could exploit this to escalate privileges or distribute malicious content.https://nvd.nist.gov/vuln/detail/CVE-2022-32427
CVE-2022-34960The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host.https://nvd.nist.gov/vuln/detail/CVE-2022-34960
CVE-2022-36804Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from version 7.18.0 before version 7.21.4, from version 8.0.0 before version 8.0.3, from version 8.1.0 before version 8.1.3, and from version 8.2.0 before version 8.2.2, and from version 8.3.0 before 8.3.1 allows remote attackers with read permissions to a public or private Bitbucket repository to execute arbitrary code by sending a malicious HTTP request. This vulnerability was reported via our Bug Bounty Program by TheGrandPew.https://nvd.nist.gov/vuln/detail/CVE-2022-36804
CVE-2021-25642ZKConfigurationStore which is optionally used by CapacityScheduler of Apache Hadoop YARN deserializes data obtained from ZooKeeper without validation. An attacker having access to ZooKeeper can run arbitrary commands as YARN user by exploiting this. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.4 or later (containing YARN-11126) if ZKConfigurationStore is used.https://nvd.nist.gov/vuln/detail/CVE-2021-25642
CVE-2022-37158RuoYi v3.8.3 has a Weak password vulnerability in the management system.https://nvd.nist.gov/vuln/detail/CVE-2022-37158
CVE-2021-42521There is a NULL pointer dereference vulnerability in VTK, and it lies in IO/Infovis/vtkXMLTreeReader.cxx. The vendor didn't check the return value of libxml2 API 'xmlDocGetRootElement', and try to dereference it. It is unsafe as the return value can be NULL and that NULL pointer dereference may crash the application.https://nvd.nist.gov/vuln/detail/CVE-2021-42521
CVE-2021-42522There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'.https://nvd.nist.gov/vuln/detail/CVE-2021-42522
CVE-2021-42523There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.https://nvd.nist.gov/vuln/detail/CVE-2021-42523
CVE-2021-43766Odyssey passes to server unencrypted bytes from man-in-the-middle When Odyssey is configured to use certificate Common Name for client authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. This is similar to CVE-2021-23214 for PostgreSQL.https://nvd.nist.gov/vuln/detail/CVE-2021-43766
CVE-2021-43767Odyssey passes to client unencrypted bytes from man-in-the-middle When Odyssey storage is configured to use the PostgreSQL server using 'trust' authentication with a 'clientcert' requirement or to use 'cert' authentication, a man-in-the-middle attacker can inject false responses to the client's first few queries. Despite the use of SSL certificate verification and encryption, Odyssey will pass these results to client as if they originated from valid server. This is similar to CVE-2021-23222 for PostgreSQL.https://nvd.nist.gov/vuln/detail/CVE-2021-43767
CVE-2021-4022A vulnerability was found in rizin. The bug involves an ELF64 binary for the HPPA architecture. When a specially crafted binarygets analysed by rizin, it causes rizin to crash by freeing an uninitialized (and potentially user controlled, depending on the build) memory address.https://nvd.nist.gov/vuln/detail/CVE-2021-4022
CVE-2022-0135An out-of-bounds write issue was found in the VirGL virtual OpenGL renderer (virglrenderer). This flaw allows a malicious guest to create a specially crafted virgil resource and then issue a VIRTGPU_EXECBUFFER ioctl, leading to a denial of service or possible code execution.https://nvd.nist.gov/vuln/detail/CVE-2022-0135
CVE-2022-23715A flaw was discovered in ECE before 3.4.0 that might lead to the disclosure of sensitive information such as user passwords and Elasticsearch keystore settings values in logs such as the audit log or deployment logs in the Logging and Monitoring cluster. The affected APIs are PATCH /api/v1/user and PATCH /deployments/{deployment_id}/elasticsearch/{ref_id}/keystorehttps://nvd.nist.gov/vuln/detail/CVE-2022-23715
CVE-2022-2031A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.https://nvd.nist.gov/vuln/detail/CVE-2022-2031
CVE-2022-2255A vulnerability was found in mod_wsgi. The X-Client-IP header is not removed from a request from an untrusted proxy, allowing an attacker to pass the X-Client-IP header to the target WSGI application because the condition to remove it is missing.https://nvd.nist.gov/vuln/detail/CVE-2022-2255
CVE-2022-32742A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).https://nvd.nist.gov/vuln/detail/CVE-2022-32742
CVE-2022-20823A vulnerability in the OSPF version 3 (OSPFv3) feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incomplete input validation of specific OSPFv3 packets. An attacker could exploit this vulnerability by sending a malicious OSPFv3 link-state advertisement (LSA) to an affected device. A successful exploit could allow the attacker to cause the OSPFv3 process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: The OSPFv3 feature is disabled by default. To exploit this vulnerability, an attacker must be able to establish a full OSPFv3 neighbor state with an affected device. For more information about exploitation conditions, see the Details section of this advisory.https://nvd.nist.gov/vuln/detail/CVE-2022-20823
CVE-2022-20824A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with root privileges or cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation of specific values that are within a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to execute arbitrary code with root privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, which would cause the affected device to reload, resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).https://nvd.nist.gov/vuln/detail/CVE-2022-20824
CVE-2022-20865A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-20865
CVE-2021-35937A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.https://nvd.nist.gov/vuln/detail/CVE-2021-35937
CVE-2021-35938A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.https://nvd.nist.gov/vuln/detail/CVE-2021-35938
CVE-2021-3914It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.https://nvd.nist.gov/vuln/detail/CVE-2021-3914
CVE-2021-3929A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.https://nvd.nist.gov/vuln/detail/CVE-2021-3929
CVE-2021-3979A key length flaw was found in Red Hat Ceph Storage. An attacker can exploit the fact that the key length is incorrectly passed in an encryption algorithm to create a non random key, which is weaker and can be exploited for loss of confidentiality and integrity on encrypted disks.https://nvd.nist.gov/vuln/detail/CVE-2021-3979
CVE-2021-4112A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment.https://nvd.nist.gov/vuln/detail/CVE-2021-4112
CVE-2022-2997Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.https://nvd.nist.gov/vuln/detail/CVE-2022-2997
CVE-2021-43329A SQL injection vulnerability in license_update.php in Mumara Classic through 2.93 allows a remote unauthenticated attacker to execute arbitrary SQL commands via the license parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-43329
CVE-2022-31269Nortek Linear eMerge E3-Series devices through 0.32-09c place admin credentials in /test.txt that allow an attacker to open a building's doors. (This occurs in situations where the CVE-2019-7271 default credentials have been changed.)https://nvd.nist.gov/vuln/detail/CVE-2022-31269
CVE-2022-28747Key reuse in GoSecure Titan Inbox Detection & Response (IDR) through 2022-04-05 leads to remote code execution. To exploit this vulnerability, an attacker must craft and sign a serialized payload.https://nvd.nist.gov/vuln/detail/CVE-2022-28747
CVE-2022-31499Nortek Linear eMerge E3-Series devices before 0.32-08f allow an unauthenticated attacker to inject OS commands via ReaderNo. NOTE: this issue exists because of an incomplete fix for CVE-2019-7256.https://nvd.nist.gov/vuln/detail/CVE-2022-31499
CVE-2022-31798Nortek Linear eMerge E3-Series 0.32-07p devices are vulnerable to /card_scan.php?CardFormatNo= XSS with session fixation (via PHPSESSID) when they are chained together. This would allow an attacker to take over an admin account or a user account.https://nvd.nist.gov/vuln/detail/CVE-2022-31798
CVE-2022-36115An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An attacker can abuse the CreateProcessAutosave() method to inject their own functionality into a development process. If (upon a warning) a user decides to recover unsaved work by using the last saved version, the malicious code could enter the workflow. Should the process action stages not be fully reviewed before publishing, this could result in the malicious code being run in a production environment.https://nvd.nist.gov/vuln/detail/CVE-2022-36115
CVE-2022-36116An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the setValidationInfo administrative function. Removing the validation applied to newly designed processes increases the chance of successfully hiding malicious code that could be executed in a production environment.https://nvd.nist.gov/vuln/detail/CVE-2022-36116
CVE-2022-36117An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for an administrative function. If credential access is configured to be accessible by a machine or the runtime resource security group, using further reverse engineering, an attacker can spoof a known machine and request known encrypted credentials to decrypt later.https://nvd.nist.gov/vuln/detail/CVE-2022-36117
CVE-2022-36118An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the SetProcessAttributes administrative function. Abusing this function will allow any Blue Prism user to publish, unpublish, or retire processes. Using this function, any logged-in user can change the status of a process, an action allowed only intended for users with the Edit Process permission.https://nvd.nist.gov/vuln/detail/CVE-2022-36118
CVE-2022-36119An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for a domain authenticated user to send a crafted message to the Blue Prism Server and accomplish a remote code execution attack that is possible because of insecure deserialization. Exploitation of this vulnerability allows for code to be executed in the context of the Blue Prism Server service.https://nvd.nist.gov/vuln/detail/CVE-2022-36119
CVE-2021-32570In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation.https://nvd.nist.gov/vuln/detail/CVE-2021-32570
CVE-2021-3020An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root.https://nvd.nist.gov/vuln/detail/CVE-2021-3020
CVE-2022-29850Various Lexmark products through 2022-04-27 allow External Control of a System or Configuration Setting because of Improper Input Validation.https://nvd.nist.gov/vuln/detail/CVE-2022-29850
CVE-2022-30984A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent.https://nvd.nist.gov/vuln/detail/CVE-2022-30984
CVE-2022-35192D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp.https://nvd.nist.gov/vuln/detail/CVE-2022-35192
CVE-2022-36120An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative function. Using a low/no privilege Blue Prism user account, the attacker can alter the server's settings by abusing the getChartData method, allowing the Blue Prism server to execute any MSSQL stored procedure by name.https://nvd.nist.gov/vuln/detail/CVE-2022-36120
CVE-2022-36121An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file.https://nvd.nist.gov/vuln/detail/CVE-2022-36121
CVE-2022-36168A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php:https://nvd.nist.gov/vuln/detail/CVE-2022-36168
CVE-2022-36226SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.https://nvd.nist.gov/vuln/detail/CVE-2022-36226
CVE-2022-38533In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.https://nvd.nist.gov/vuln/detail/CVE-2022-38533
CVE-2022-24304Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable to prototype pollution.https://nvd.nist.gov/vuln/detail/CVE-2022-24304
CVE-2021-39393mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor.https://nvd.nist.gov/vuln/detail/CVE-2021-39393
CVE-2021-39394mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information.https://nvd.nist.gov/vuln/detail/CVE-2021-39394
CVE-2021-40285htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component \\views\\backup.html.php.https://nvd.nist.gov/vuln/detail/CVE-2021-40285
CVE-2022-36521Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts.https://nvd.nist.gov/vuln/detail/CVE-2022-36521
CVE-2021-20260A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.https://nvd.nist.gov/vuln/detail/CVE-2021-20260
CVE-2021-35939It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.https://nvd.nist.gov/vuln/detail/CVE-2021-35939
CVE-2021-3414A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality.https://nvd.nist.gov/vuln/detail/CVE-2021-3414
CVE-2021-3427The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it's interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user's browser session.https://nvd.nist.gov/vuln/detail/CVE-2021-3427
CVE-2021-3563A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity.https://nvd.nist.gov/vuln/detail/CVE-2021-3563
CVE-2021-3574A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.https://nvd.nist.gov/vuln/detail/CVE-2021-3574
CVE-2021-3585A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager.https://nvd.nist.gov/vuln/detail/CVE-2021-3585
CVE-2021-3632A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow.https://nvd.nist.gov/vuln/detail/CVE-2021-3632
CVE-2021-3644A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity.https://nvd.nist.gov/vuln/detail/CVE-2021-3644
CVE-2021-3688A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.https://nvd.nist.gov/vuln/detail/CVE-2021-3688
CVE-2021-3703It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0.https://nvd.nist.gov/vuln/detail/CVE-2021-3703
CVE-2021-3735A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability.https://nvd.nist.gov/vuln/detail/CVE-2021-3735
CVE-2021-3754A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password.https://nvd.nist.gov/vuln/detail/CVE-2021-3754
CVE-2021-3856ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available.https://nvd.nist.gov/vuln/detail/CVE-2021-3856
CVE-2021-3859A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks.https://nvd.nist.gov/vuln/detail/CVE-2021-3859
CVE-2021-3864A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges.https://nvd.nist.gov/vuln/detail/CVE-2021-3864
CVE-2021-4216A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream.https://nvd.nist.gov/vuln/detail/CVE-2021-4216
CVE-2022-25625A malicious unauthorized PAM user can access the administration configuration data and change the values.https://nvd.nist.gov/vuln/detail/CVE-2022-25625
CVE-2022-0084A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up.https://nvd.nist.gov/vuln/detail/CVE-2022-0084
CVE-2022-0168A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.https://nvd.nist.gov/vuln/detail/CVE-2022-0168
CVE-2022-0171A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).https://nvd.nist.gov/vuln/detail/CVE-2022-0171
CVE-2022-0175A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-0175
CVE-2022-0207A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text.https://nvd.nist.gov/vuln/detail/CVE-2022-0207
CVE-2022-0216A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-0216
CVE-2022-0217It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611).https://nvd.nist.gov/vuln/detail/CVE-2022-0217
CVE-2022-0225A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack.https://nvd.nist.gov/vuln/detail/CVE-2022-0225
CVE-2022-31773IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357.https://nvd.nist.gov/vuln/detail/CVE-2022-31773
CVE-2022-34301A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.https://nvd.nist.gov/vuln/detail/CVE-2022-34301
CVE-2022-34302A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.https://nvd.nist.gov/vuln/detail/CVE-2022-34302
CVE-2022-34303A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.https://nvd.nist.gov/vuln/detail/CVE-2022-34303
CVE-2022-35714IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116.https://nvd.nist.gov/vuln/detail/CVE-2022-35714
CVE-2022-36522Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet.https://nvd.nist.gov/vuln/detail/CVE-2022-36522
CVE-2022-36529Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml.https://nvd.nist.gov/vuln/detail/CVE-2022-36529
CVE-2022-36537ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader.https://nvd.nist.gov/vuln/detail/CVE-2022-36537
CVE-2022-2915A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions.https://nvd.nist.gov/vuln/detail/CVE-2022-2915
CVE-2022-36542An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data.https://nvd.nist.gov/vuln/detail/CVE-2022-36542
CVE-2022-36543Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36543
CVE-2022-36544Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36544
CVE-2022-36545Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36545
CVE-2019-15167The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463.https://nvd.nist.gov/vuln/detail/CVE-2019-15167
CVE-2022-3012A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207422 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-3012
CVE-2022-3013A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423.https://nvd.nist.gov/vuln/detail/CVE-2022-3013
CVE-2022-3014A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424.https://nvd.nist.gov/vuln/detail/CVE-2022-3014
CVE-2022-3015A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-207425 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-3015
CVE-2022-2787Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.https://nvd.nist.gov/vuln/detail/CVE-2022-2787
CVE-2022-38791In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock.https://nvd.nist.gov/vuln/detail/CVE-2022-38791
CVE-2022-38792The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party.https://nvd.nist.gov/vuln/detail/CVE-2022-38792
CVE-2022-38794Zaver through 2020-12-15 allows directory traversal via the GET /.. substring.https://nvd.nist.gov/vuln/detail/CVE-2022-38794
CVE-2022-3016Use After Free in GitHub repository vim/vim prior to 9.0.0286.https://nvd.nist.gov/vuln/detail/CVE-2022-3016
CVE-2022-3017Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38.https://nvd.nist.gov/vuln/detail/CVE-2022-3017
CVE-2022-36755D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36755
CVE-2022-36756DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36756
CVE-2022-37053TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php.https://nvd.nist.gov/vuln/detail/CVE-2022-37053
CVE-2022-37057D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main.https://nvd.nist.gov/vuln/detail/CVE-2022-37057
CVE-2022-38556Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.https://nvd.nist.gov/vuln/detail/CVE-2022-38556
CVE-2022-38557D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh.https://nvd.nist.gov/vuln/detail/CVE-2022-38557
CVE-2022-37055D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main,https://nvd.nist.gov/vuln/detail/CVE-2022-37055
CVE-2022-37056D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main,https://nvd.nist.gov/vuln/detail/CVE-2022-37056
CVE-2022-38555Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.https://nvd.nist.gov/vuln/detail/CVE-2022-38555
CVE-2022-38562Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-38562
CVE-2022-38563Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-38563
CVE-2022-38564Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-38564
CVE-2022-38565Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-38565
CVE-2022-38566Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-38566
CVE-2022-38567Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-38567
CVE-2022-38568Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-38568
CVE-2022-38569Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd.https://nvd.nist.gov/vuln/detail/CVE-2022-38569
CVE-2022-38570Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-38570
CVE-2022-38571Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem.https://nvd.nist.gov/vuln/detail/CVE-2022-38571
CVE-2022-36704Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36704
CVE-2022-36705Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_waste.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36705
CVE-2022-36706Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_stockout.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36706
CVE-2022-36708Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /student/bookdetails.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36708
CVE-2022-36572Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/.https://nvd.nist.gov/vuln/detail/CVE-2022-36572
CVE-2022-36573A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit.https://nvd.nist.gov/vuln/detail/CVE-2022-36573
CVE-2022-36610TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample.https://nvd.nist.gov/vuln/detail/CVE-2022-36610
CVE-2022-36611TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample.https://nvd.nist.gov/vuln/detail/CVE-2022-36611
CVE-2022-36612TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample.https://nvd.nist.gov/vuln/detail/CVE-2022-36612
CVE-2022-36613TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample.https://nvd.nist.gov/vuln/detail/CVE-2022-36613
CVE-2022-36614TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample.https://nvd.nist.gov/vuln/detail/CVE-2022-36614
CVE-2022-36615TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample.https://nvd.nist.gov/vuln/detail/CVE-2022-36615
CVE-2022-36616TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample.https://nvd.nist.gov/vuln/detail/CVE-2022-36616
CVE-2022-38510Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList.https://nvd.nist.gov/vuln/detail/CVE-2022-38510
CVE-2022-38511TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi.https://nvd.nist.gov/vuln/detail/CVE-2022-38511
CVE-2021-40326Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification.https://nvd.nist.gov/vuln/detail/CVE-2021-40326
CVE-2021-41780Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.https://nvd.nist.gov/vuln/detail/CVE-2021-41780
CVE-2021-41781Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.https://nvd.nist.gov/vuln/detail/CVE-2021-41781
CVE-2021-41782Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.https://nvd.nist.gov/vuln/detail/CVE-2021-41782
CVE-2021-41783Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.https://nvd.nist.gov/vuln/detail/CVE-2021-41783
CVE-2021-41784Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.https://nvd.nist.gov/vuln/detail/CVE-2021-41784
CVE-2021-41785Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.https://nvd.nist.gov/vuln/detail/CVE-2021-41785
CVE-2022-21165All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function.https://nvd.nist.gov/vuln/detail/CVE-2022-21165
CVE-2022-25641Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack.https://nvd.nist.gov/vuln/detail/CVE-2022-25641
CVE-2022-25644All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function.https://nvd.nist.gov/vuln/detail/CVE-2022-25644
CVE-2022-25921All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor.https://nvd.nist.gov/vuln/detail/CVE-2022-25921
CVE-2022-22897A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.https://nvd.nist.gov/vuln/detail/CVE-2022-22897
CVE-2022-32548An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field.https://nvd.nist.gov/vuln/detail/CVE-2022-32548
CVE-2022-36194Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-36194
CVE-2022-3019The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id's might also be an option but I wouldn't count on it, since it would take a long time to find a valid one).https://nvd.nist.gov/vuln/detail/CVE-2022-3019
CVE-2022-37059Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Fieldhttps://nvd.nist.gov/vuln/detail/CVE-2022-37059
CVE-2022-35014Advancecomp v2.3 contains a segmentation fault.https://nvd.nist.gov/vuln/detail/CVE-2022-35014
CVE-2022-35015Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.https://nvd.nist.gov/vuln/detail/CVE-2022-35015
CVE-2022-35016Advancecomp v2.3 was discovered to contain a heap buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2022-35016
CVE-2022-35017Advancecomp v2.3 was discovered to contain a heap buffer overflow.https://nvd.nist.gov/vuln/detail/CVE-2022-35017
CVE-2022-35018Advancecomp v2.3 was discovered to contain a segmentation fault.https://nvd.nist.gov/vuln/detail/CVE-2022-35018
CVE-2022-35019Advancecomp v2.3 was discovered to contain a segmentation fault.https://nvd.nist.gov/vuln/detail/CVE-2022-35019
CVE-2022-35020Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.https://nvd.nist.gov/vuln/detail/CVE-2022-35020
CVE-2022-36686Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=.https://nvd.nist.gov/vuln/detail/CVE-2022-36686
CVE-2022-36687Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.https://nvd.nist.gov/vuln/detail/CVE-2022-36687
CVE-2022-36688Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=.https://nvd.nist.gov/vuln/detail/CVE-2022-36688
CVE-2022-36689Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=.https://nvd.nist.gov/vuln/detail/CVE-2022-36689
CVE-2022-36690Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=.https://nvd.nist.gov/vuln/detail/CVE-2022-36690
CVE-2022-0284A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2022-0284
CVE-2022-0336The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.https://nvd.nist.gov/vuln/detail/CVE-2022-0336
CVE-2022-0358A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system.https://nvd.nist.gov/vuln/detail/CVE-2022-0358
CVE-2022-0367A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.https://nvd.nist.gov/vuln/detail/CVE-2022-0367
CVE-2022-0400An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.https://nvd.nist.gov/vuln/detail/CVE-2022-0400
CVE-2022-0480A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks.https://nvd.nist.gov/vuln/detail/CVE-2022-0480
CVE-2022-0485A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.https://nvd.nist.gov/vuln/detail/CVE-2022-0485
CVE-2022-0496A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().https://nvd.nist.gov/vuln/detail/CVE-2022-0496
CVE-2022-0497A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.https://nvd.nist.gov/vuln/detail/CVE-2022-0497
CVE-2022-0669A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-0669
CVE-2022-0718A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.https://nvd.nist.gov/vuln/detail/CVE-2022-0718
CVE-2022-0812An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.https://nvd.nist.gov/vuln/detail/CVE-2022-0812
CVE-2022-0850A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.https://nvd.nist.gov/vuln/detail/CVE-2022-0850
CVE-2022-0851There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager.https://nvd.nist.gov/vuln/detail/CVE-2022-0851
CVE-2022-0852There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel.https://nvd.nist.gov/vuln/detail/CVE-2022-0852
CVE-2022-0934A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-0934
CVE-2022-1016A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker.https://nvd.nist.gov/vuln/detail/CVE-2022-1016
CVE-2022-1043A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-1043
CVE-2022-1115A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-1115
CVE-2022-1117A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.https://nvd.nist.gov/vuln/detail/CVE-2022-1117
CVE-2022-1184A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-1184
CVE-2022-1198A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.https://nvd.nist.gov/vuln/detail/CVE-2022-1198
CVE-2022-1199A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-1199
CVE-2022-1204A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system.https://nvd.nist.gov/vuln/detail/CVE-2022-1204
CVE-2022-2953LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8.https://nvd.nist.gov/vuln/detail/CVE-2022-2953
CVE-2022-2961A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system.https://nvd.nist.gov/vuln/detail/CVE-2022-2961
CVE-2022-31677An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow.https://nvd.nist.gov/vuln/detail/CVE-2022-31677
CVE-2022-35962Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190.https://nvd.nist.gov/vuln/detail/CVE-2022-35962
CVE-2022-36200In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed.https://nvd.nist.gov/vuln/detail/CVE-2022-36200
CVE-2022-27546HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's web browser within the security context of the hosting web site and/or steal the victim's cookie-based authentication credentials.https://nvd.nist.gov/vuln/detail/CVE-2022-27546
CVE-2022-27547HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc.https://nvd.nist.gov/vuln/detail/CVE-2022-27547
CVE-2022-27558HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking.https://nvd.nist.gov/vuln/detail/CVE-2022-27558
CVE-2022-36033jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript\:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript\:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.)https://nvd.nist.gov/vuln/detail/CVE-2022-36033
CVE-2022-36034nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-36034
CVE-2022-1123The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks.https://nvd.nist.gov/vuln/detail/CVE-2022-1123
CVE-2022-1663The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request.https://nvd.nist.gov/vuln/detail/CVE-2022-1663
CVE-2022-2034The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachershttps://nvd.nist.gov/vuln/detail/CVE-2022-2034
CVE-2022-2080The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and studenthttps://nvd.nist.gov/vuln/detail/CVE-2022-2080
CVE-2022-2261The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue.https://nvd.nist.gov/vuln/detail/CVE-2022-2261
CVE-2022-2267The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for examplehttps://nvd.nist.gov/vuln/detail/CVE-2022-2267
CVE-2022-2373The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email addresshttps://nvd.nist.gov/vuln/detail/CVE-2022-2373
CVE-2022-2374The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2022-2374
CVE-2022-2537The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting.https://nvd.nist.gov/vuln/detail/CVE-2022-2537
CVE-2022-2538The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2022-2538
CVE-2022-2556The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for examplehttps://nvd.nist.gov/vuln/detail/CVE-2022-2556
CVE-2022-2559The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege usershttps://nvd.nist.gov/vuln/detail/CVE-2022-2559
CVE-2022-2599The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2022-2599
CVE-2022-2638The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the serverhttps://nvd.nist.gov/vuln/detail/CVE-2022-2638
CVE-2022-36036mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2022-36036
CVE-2022-3035Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.0.11.https://nvd.nist.gov/vuln/detail/CVE-2022-3035
CVE-2020-26938In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.https://nvd.nist.gov/vuln/detail/CVE-2020-26938
CVE-2021-38934IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671.https://nvd.nist.gov/vuln/detail/CVE-2021-38934
CVE-2022-32993TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh.https://nvd.nist.gov/vuln/detail/CVE-2022-32993
CVE-2022-37177HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm.https://nvd.nist.gov/vuln/detail/CVE-2022-37177
CVE-2022-38772Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature.https://nvd.nist.gov/vuln/detail/CVE-2022-38772
CVE-2022-36553Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi.https://nvd.nist.gov/vuln/detail/CVE-2022-36553
CVE-2022-36554A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges.https://nvd.nist.gov/vuln/detail/CVE-2022-36554
CVE-2022-36555Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack.https://nvd.nist.gov/vuln/detail/CVE-2022-36555
CVE-2022-36556Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01.https://nvd.nist.gov/vuln/detail/CVE-2022-36556
CVE-2022-36557Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file.https://nvd.nist.gov/vuln/detail/CVE-2022-36557
CVE-2022-36558Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg.https://nvd.nist.gov/vuln/detail/CVE-2022-36558
CVE-2022-36559Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi.https://nvd.nist.gov/vuln/detail/CVE-2022-36559
CVE-2022-36560Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh.https://nvd.nist.gov/vuln/detail/CVE-2022-36560
CVE-2022-37680An access control issue in Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi.https://nvd.nist.gov/vuln/detail/CVE-2022-37680
CVE-2022-37681Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi.https://nvd.nist.gov/vuln/detail/CVE-2022-37681
CVE-2022-38625Patlite NH-FB v1.46 and below was discovered to contain insufficient firmware validation during the upgrade firmware file upload process. This vulnerability allows authenticated attackers to create and upload their own custom-built firmware and inject malicious code.https://nvd.nist.gov/vuln/detail/CVE-2022-38625
CVE-2022-36709Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/edit_book_details.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36709
CVE-2022-36711Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bookdetails.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36711
CVE-2022-36712Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/studentdetails.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36712
CVE-2022-36713Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36713
CVE-2022-36714Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /staff/lab.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36714
CVE-2022-38784Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf.https://nvd.nist.gov/vuln/detail/CVE-2022-38784
CVE-2022-24106In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.https://nvd.nist.gov/vuln/detail/CVE-2022-24106
CVE-2022-24107Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.https://nvd.nist.gov/vuln/detail/CVE-2022-24107
CVE-2022-25635Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service.https://nvd.nist.gov/vuln/detail/CVE-2022-25635
CVE-2022-25646All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells.https://nvd.nist.gov/vuln/detail/CVE-2022-25646
CVE-2022-25857The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.https://nvd.nist.gov/vuln/detail/CVE-2022-25857
CVE-2022-25887The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.https://nvd.nist.gov/vuln/detail/CVE-2022-25887
CVE-2022-39028telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.https://nvd.nist.gov/vuln/detail/CVE-2022-39028
CVE-2021-46837res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation.https://nvd.nist.gov/vuln/detail/CVE-2021-46837
CVE-2022-2330Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 and 11.6.600 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.https://nvd.nist.gov/vuln/detail/CVE-2022-2330
CVE-2022-37149WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter.https://nvd.nist.gov/vuln/detail/CVE-2022-37149
CVE-2022-36552Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request.https://nvd.nist.gov/vuln/detail/CVE-2022-36552
CVE-2022-37176Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard.https://nvd.nist.gov/vuln/detail/CVE-2022-37176
CVE-2022-37237An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327.https://nvd.nist.gov/vuln/detail/CVE-2022-37237
CVE-2021-29864IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089https://nvd.nist.gov/vuln/detail/CVE-2021-29864
CVE-2022-31232SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system.https://nvd.nist.gov/vuln/detail/CVE-2022-31232
CVE-2022-33935Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.https://nvd.nist.gov/vuln/detail/CVE-2022-33935
CVE-2022-34368Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources.https://nvd.nist.gov/vuln/detail/CVE-2022-34368
CVE-2022-34374Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system.https://nvd.nist.gov/vuln/detail/CVE-2022-34374
CVE-2022-34375Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory.https://nvd.nist.gov/vuln/detail/CVE-2022-34375
CVE-2022-36561XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.https://nvd.nist.gov/vuln/detail/CVE-2022-36561
CVE-2022-36562Incorrect access control in the install directory (C:\\Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.https://nvd.nist.gov/vuln/detail/CVE-2022-36562
CVE-2022-36563Incorrect access control in the install directory (C:\\RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.https://nvd.nist.gov/vuln/detail/CVE-2022-36563
CVE-2022-36564Incorrect access control in the install directory (C:\\Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.https://nvd.nist.gov/vuln/detail/CVE-2022-36564
CVE-2022-36565Incorrect access control in the install directory (C:\\Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.https://nvd.nist.gov/vuln/detail/CVE-2022-36565
CVE-2022-36657Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36657
CVE-2022-36730Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36730
CVE-2022-36731Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36731
CVE-2022-36732Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36732
CVE-2022-36733Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36733
CVE-2022-36734Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36734
CVE-2022-36735Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36735
CVE-2022-37172Incorrect access control in the install directory (C:\\msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory.https://nvd.nist.gov/vuln/detail/CVE-2022-37172
CVE-2022-37173An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:\\Program.exe.https://nvd.nist.gov/vuln/detail/CVE-2022-37173
CVE-2022-3037Use After Free in GitHub repository vim/vim prior to 9.0.0321.https://nvd.nist.gov/vuln/detail/CVE-2022-3037
CVE-2022-27560HCL VersionVault Express exposes administrator credentials.https://nvd.nist.gov/vuln/detail/CVE-2022-27560
CVE-2022-27563An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-27563
CVE-2022-36745LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36745
CVE-2022-36746LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36746
CVE-2022-36747Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel().https://nvd.nist.gov/vuln/detail/CVE-2022-36747
CVE-2022-36748PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php.https://nvd.nist.gov/vuln/detail/CVE-2022-36748
CVE-2022-36749RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file.https://nvd.nist.gov/vuln/detail/CVE-2022-36749