| CVE Number | Description | Base Score | Reference |
|---|
| CVE-2016-9840 | inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-9840 |
| CVE-2016-9842 | The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-9842 |
| CVE-2019-5051 | An exploitable heap-based buffer overflow vulnerability exists when loading a PCX file in SDL2_image, version 2.0.4. A missing error handler can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5051 |
| CVE-2019-5052 | An exploitable integer overflow vulnerability exists when loading a PCX file in SDL2_image 2.0.4. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution. An attacker can provide a specially crafted image file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5052 |
| CVE-2019-5057 | An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5057 |
| CVE-2019-5058 | An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5058 |
| CVE-2019-5059 | An exploitable code execution vulnerability exists in the XPM image rendering functionality of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5059 |
| CVE-2019-5060 | An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2_image 2.0.4. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution. An attacker can display a specially crafted image to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5060 |
| CVE-2019-5038 | An exploitable command execution vulnerability exists in the print-tlv command of Weave tool. A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5038 |
| CVE-2019-5039 | An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5039 |
| CVE-2019-5033 | An exploitable out-of-bounds read vulnerability exists in the Number record parser of Aspose Aspose.Cells 19.1.0 library. A specially crafted XLS file can cause an out-of-bounds read, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger the vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5033 |
| CVE-2019-5041 | An exploitable Stack Based Buffer Overflow vulnerability exists in the EnumMetaInfo function of Aspose Aspose.Words library, version 18.11.0.0. A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5041 |
| CVE-2019-5069 | A code execution vulnerability exists in Epignosis eFront LMS v5.2.12. A specially crafted web request can cause unsafe deserialization potentially resulting in PHP code being executed. An attacker can send a crafted web parameter to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5069 |
| CVE-2019-5042 | An exploitable Use-After-Free vulnerability exists in the way FunctionType 0 PDF elements are processed in Aspose.PDF 19.2 for C++. A specially crafted PDF can cause a dangling heap pointer, resulting in a use-after-free. An attacker can send a malicious PDF to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5042 |
| CVE-2019-5122 | SQL injection vulnerabilities exists in the authenticated part of YouPHPTube 7.6. Specially crafted web requests can cause SQL injections. An attacker can send a web request with Parameter name in /objects/pluginSwitch.json.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5122 |
| CVE-2019-5123 | Specially crafted web requests can cause SQL injections in YouPHPTube 7.6. An attacker can send a web request with Parameter dir in /objects/pluginSwitch.json.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5123 |
| CVE-2022-25292 | A wgagent stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25292 |
| CVE-2022-25293 | A systemd stack-based buffer overflow in WatchGuard Firebox and XTM appliances allows an authenticated remote attacker to potentially execute arbitrary code by initiating a firmware update with a malicious upgrade image. This vulnerability impacts Fireware OS before 12.7.2_U2, 12.x before 12.1.3_U8, and 12.2.x through 12.5.x before 12.5.9_U2. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25293 |
| CVE-2022-29281 | Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29281 |
| CVE-2022-2063 | Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2063 |
| CVE-2022-2064 | Insufficient Session Expiration in GitHub repository nocodb/nocodb prior to 0.91.7+. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2064 |
| CVE-2022-1758 | The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1758 |
| CVE-2022-32278 | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32278 |
| CVE-2022-32562 | An issue was discovered in Couchbase Server before 7.0.4. Operations may succeed on a collection using stale RBAC permission. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32562 |
| CVE-2022-2077 | A vulnerability was found in Microsoft O365 and classified as critical. This issue affects the Conditional Access Policy which leads to improper access controls. By default the policy is not verified for every request. The attack may be initiated remotely. Exploit details have been disclosed to the public. It is recommended to change the configuration settings. NOTE: Vendor claims that pre-requisites are very high, the feature works as intended, and that configuration settings might mitigate the issue. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2077 |
| CVE-2021-35123 | Buffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon Industrial IOT | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35123 |
| CVE-2022-26476 | A vulnerability has been identified in Spectrum Power 4 (All versions using Shared HIS), Spectrum Power 7 (All versions using Shared HIS), Spectrum Power MGMS (All versions using Shared HIS). An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26476 |
| CVE-2022-31619 | A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions < V13.1.0.9), Teamcenter V13.2 (All versions), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions). Java EE Server Manager HTML Adaptor in Teamcenter consists of default hardcoded credentials. Access to the application allows a user to perform a series of actions that could potentially lead to remote code execution with elevated permissions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31619 |
| CVE-2021-40633 | A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40633 |
| CVE-2022-31595 | SAP Financial Consolidation - version 1010,?does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31595 |
| CVE-2022-29241 | Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter Notebook. Prior to version 1.17.1, if notebook server is started with a value of `root_dir` that contains the starting user's home directory, then the underlying REST API can be used to leak the access token assigned at start time by guessing/brute forcing the PID of the jupyter server. While this requires an authenticated user session, this URL can be used from a cross-site scripting payload or from a hooked or otherwise compromised browser to leak this access token to a malicious third party. This token can be used along with the REST API to interact with Jupyter services/notebooks such as modifying or overwriting critical files, such as .bashrc or .ssh/authorized_keys, allowing a malicious user to read potentially sensitive data and possibly gain control of the impacted system. This issue is patched in version 1.17.1. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29241 |
| CVE-2022-1958 | A vulnerability classified as critical has been found in FileCloud. Affected is the NTFS handler which leads to improper access controls. It is possible to launch the attack remotely but it demands some form of authentication. Upgrading to version 21.3.5.18513 is able to address this issue. It is recommended to upgrade the affected component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1958 |
| CVE-2022-2086 | A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with malicious input leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2086 |
| CVE-2021-33036 | In Apache Hadoop 2.2.0 to 2.10.1, 3.0.0-alpha1 to 3.1.4, 3.2.0 to 3.2.2, and 3.3.0 to 3.3.1, a user who can escalate to yarn user can possibly run arbitrary commands as root user. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33036 |
| CVE-2022-33140 | The optional ShellUserGroupProvider in Apache NiFi 1.10.0 to 1.16.2 and Apache NiFi Registry 0.6.0 to 1.16.2 does not neutralize arguments for group resolution commands, allowing injection of operating system commands on Linux and macOS platforms. The ShellUserGroupProvider is not included in the default configuration. Command injection requires ShellUserGroupProvider to be one of the enabled User Group Providers in the Authorizers configuration. Command injection also requires an authenticated user with elevated privileges. Apache NiFi requires an authenticated user with authorization to modify access policies in order to execute the command. Apache NiFi Registry requires an authenticated user with authorization to read user groups in order to execute the command. The resolution removes command formatting based on user-provided arguments. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33140 |
| CVE-2022-29437 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29437 |
| CVE-2021-39820 | Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39820 |
| CVE-2022-32299 | YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the id parameter at /App/Lib/Action/Admin/SiteAction.class.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32299 |
| CVE-2022-32300 | YoudianCMS v9.5.0 was discovered to contain a SQL injection vulnerability via the MailSendID parameter at /App/Lib/Action/Admin/MailAction.class.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32300 |
| CVE-2022-32302 | Theme Park Ticketing System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at edit_ticket.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32302 |
| CVE-2022-32991 | Web Based Quiz System v1.0 was discovered to contain a SQL injection vulnerability via the eid parameter at welcome.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32991 |
| CVE-2017-20046 | A vulnerability classified as problematic has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. It is recommended to upgrade the affected component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20046 |
| CVE-2017-20048 | A vulnerability, which was classified as critical, has been found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this issue is some unknown functionality of the component Script Editor. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20048 |
| CVE-2022-29450 | Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Admin Management Xtended plugin <= 2.4.4 at WordPress. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29450 |
| CVE-2022-30153 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30161. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30153 |
| CVE-2022-30157 | Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30158. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30157 |
| CVE-2022-30158 | Microsoft SharePoint Server Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30157. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30158 |
| CVE-2022-30161 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30161 |
| CVE-2022-30165 | Windows Kerberos Elevation of Privilege Vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30165 |
| CVE-2022-31626 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31626 |
| CVE-2021-41402 | flatCore-CMS v2.0.8 has a code execution vulnerability, which could let a remote malicious user execute arbitrary PHP code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41402 |
| CVE-2022-30023 | Tenda ONT GPON AC1200 Dual band WiFi HG9 v1.0.1 is vulnerable to Command Injection via the Ping function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30023 |
| CVE-2022-31277 | Xiaomi Lamp 1 v2.0.4_0066 was discovered to be vulnerable to replay attacks. This allows attackers to to bypass the expected access restrictions and gain control of the switch and other functions via a crafted POST request. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31277 |
| CVE-2022-31849 | MERCURY MIPC451-4 1.0.22 Build 220105 Rel.55642n was discovered to contain a remote code execution (RCE) vulnerability which is exploitable via a crafted POST request. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31849 |
| CVE-2022-30670 | RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization vulnerability which could lead to privilege escalation. An authenticated attacker could leverage this vulnerability to achieve full administrator privileges. Exploitation of this issue does not require user interaction. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30670 |
| CVE-2020-35597 | Victor CMS 1.0 is vulnerable to SQL injection via c_id parameter of admin_edit_comment.php, p_id parameter of admin_edit_post.php, u_id parameter of admin_edit_user.php, and edit parameter of admin_update_categories.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-35597 |
| CVE-2022-26173 | JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26173 |
| CVE-2022-33753 | CA Automic Automation 12.2 and 12.3 contain an insecure file creation and handling vulnerability in the Automic agent that could allow a user to potentially elevate privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33753 |
| CVE-2022-30325 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The default pre-shared key for the Wi-Fi networks is the same for every router except for the last four digits. The device default pre-shared key for both 2.4 GHz and 5 GHz networks can be guessed or brute-forced by an attacker within range of the Wi-Fi network. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30325 |
| CVE-2018-25040 | A vulnerability was found in uTorrent Web. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HTTP RPC Server. The manipulation leads to privilege escalation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25040 |
| CVE-2018-25041 | A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25041 |
| CVE-2019-12352 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12352 |
| CVE-2019-12355 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12355 |
| CVE-2019-12356 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12356 |
| CVE-2019-12358 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12358 |
| CVE-2022-2111 | Unrestricted Upload of File with Dangerous Type in GitHub repository inventree/inventree prior to 0.7.2. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2111 |
| CVE-2017-20062 | A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20062 |
| CVE-2017-20063 | A vulnerability was found in Elefant CMS 1.3.12-RC. It has been classified as critical. Affected is an unknown function of the file /filemanager/upload/drop of the component File Upload. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20063 |
| CVE-2017-20064 | A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation leads to code injection. The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20064 |
| CVE-2017-20068 | A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/usermanagement.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20068 |
| CVE-2017-20069 | A vulnerability classified as critical has been found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/countrymanagement.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20069 |
| CVE-2017-20070 | A vulnerability classified as critical was found in Hindu Matrimonial Script. This vulnerability affects unknown code of the file /admin/communitymanagement.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20070 |
| CVE-2017-20071 | A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. This issue affects some unknown processing of the file /admin/renewaldue.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20071 |
| CVE-2017-20072 | A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/generalsettings.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20072 |
| CVE-2017-20073 | A vulnerability has been found in Hindu Matrimonial Script and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/cms.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20073 |
| CVE-2017-20074 | A vulnerability was found in Hindu Matrimonial Script and classified as critical. Affected by this issue is some unknown functionality of the file /admin/newsletter1.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20074 |
| CVE-2017-20075 | A vulnerability was found in Hindu Matrimonial Script. It has been classified as critical. This affects an unknown part of the file /admin/payment.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20075 |
| CVE-2017-20076 | A vulnerability was found in Hindu Matrimonial Script. It has been declared as critical. This vulnerability affects unknown code of the file /admin/searchview.php. The manipulation leads to improper privilege management. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20076 |
| CVE-2017-20077 | A vulnerability was found in Hindu Matrimonial Script. It has been rated as critical. This issue affects some unknown processing of the file /admin/success_story.php. The manipulation leads to improper privilege management. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20077 |
| CVE-2017-20078 | A vulnerability classified as critical has been found in Hindu Matrimonial Script. Affected is an unknown function of the file /admin/featured.php. The manipulation leads to improper privilege management. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20078 |
| CVE-2017-20079 | A vulnerability classified as critical was found in Hindu Matrimonial Script. Affected by this vulnerability is an unknown functionality of the file /admin/photo.php. The manipulation leads to improper privilege management. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20079 |
| CVE-2017-20080 | A vulnerability, which was classified as critical, has been found in Hindu Matrimonial Script. Affected by this issue is some unknown functionality of the file /admin/googleads.php. The manipulation leads to improper privilege management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20080 |
| CVE-2017-20081 | A vulnerability, which was classified as critical, was found in Hindu Matrimonial Script. This affects an unknown part of the file /admin/reports.php. The manipulation leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20081 |
| CVE-2022-32973 | An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32973 |
| CVE-2022-23079 | In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23079 |
| CVE-2022-32137 | In multiple CODESYS products, a low privileged remote attacker may craft a request, which may cause a heap-based buffer overflow, resulting in a denial-of-service condition or memory overwrite. User interaction is not required. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32137 |
| CVE-2022-32138 | In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32138 |
| CVE-2022-32143 | In multiple CODESYS products, file download and upload function allows access to internal files in the working directory e.g. firmware files of the PLC. All requests are processed on the controller only if no level 1 password is configured on the controller or if remote attacker has previously successfully authenticated himself to the controller. A successful Attack may lead to a denial of service, change of local files, or drain of confidential Information. User interaction is not required | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32143 |
| CVE-2022-30163 | Windows Hyper-V Remote Code Execution Vulnerability. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30163 |
| CVE-2017-10074 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2017-10074 |
| CVE-2018-2964 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u172 and 10.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-2964 |
| CVE-2018-3149 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JNDI). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-3149 |
| CVE-2018-3169 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-3169 |
| CVE-2018-3209 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: JavaFX). The supported version that is affected is Java SE: 8u182. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-3209 |
| CVE-2022-22021 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability. | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-22021 |
| CVE-2022-21824 | Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-21824 |
| CVE-2021-3750 | A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller's registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-3750 |
| CVE-2022-1824 | An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary code as there were insufficient checks on the executable being signed by McAfee. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-1824 |
| CVE-2017-10078 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Scripting). The supported version that is affected is Java SE: 8u131. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE accessible data as well as unauthorized access to critical data or complete access to all Java SE accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-10078 |
| CVE-2019-5150 | An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could potentially further lead to code execution. An attacker can send an HTTP request to trigger this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-5150 |
| CVE-2021-4156 | An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-4156 |
| CVE-2021-30347 | Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-30347 |
| CVE-2022-32153 | Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-32153 |
| CVE-2022-32154 | Dashboards in Splunk Enterprise versions before 9.0 might let an attacker inject risky search commands into a form token when the token is used in a query in a cross-origin request. The result bypasses SPL safeguards for risky commands. See New capabilities can limit access to some custom and potentially risky commands (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/SPLsafeguards#New_capabilities_can_limit_access_to_some_custom_and_potentially_risky_commands) for more information. Note that the attack is browser-based and an attacker cannot exploit it at will. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-32154 |
| CVE-2022-30139 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-30139 |
| CVE-2022-30141 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30143, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-30141 |
| CVE-2022-30145 | Windows Encrypting File System (EFS) Remote Code Execution Vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-30145 |
| CVE-2022-30150 | Windows Defender Remote Credential Guard Elevation of Privilege Vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-30150 |
| CVE-2021-37764 | Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/manufacturers.php. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-37764 |
| CVE-2021-46820 | Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via current_manufacturer_image parameter to /shop/admin/categories.php | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-46820 |
| CVE-2022-32142 | Multiple CODESYS Products are prone to a out-of bounds read or write access. A low privileged remote attacker may craft a request with invalid offset, which can cause an out-of-bounds read or write access, resulting in denial-of-service condition or local memory overwrite, which can lead to a change of local files. User interaction is not required. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-32142 |
| CVE-2019-5045 | A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5045 |
| CVE-2019-5046 | A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5046 |
| CVE-2019-5047 | An exploitable Use After Free vulnerability exists in the CharProcs parsing functionality of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a Use After Free. An attacker can craft a malicious PDF to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5047 |
| CVE-2019-5048 | A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5048 |
| CVE-2019-5050 | A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5050 |
| CVE-2019-5053 | An exploitable use-after-free vulnerability exists in the Length parsing function of NitroPDF. A specially crafted PDF can cause a type confusion, resulting in a use-after-free condition. An attacker can craft a malicious PDF to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5053 |
| CVE-2019-5088 | An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 14.0.7 x64. A specially crafted BMP file can cause an out-of-bounds memory write, allowing a potential attacker to execute arbitrary code on the victim machine. Can trigger this vulnerability by sending the user a specially crafted BMP file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5088 |
| CVE-2019-5089 | An exploitable memory corruption vulnerability exists in Investintech Able2Extract Professional 4.0.7 x64. A specially crafted JPEG file can cause an out-of-bounds memory write, allowing an attacker to execute arbitrary code on the victim machine. An attacker could exploit a vulnerability by providing the user with a specially crafted JPEG file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5089 |
| CVE-2022-23850 | xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23850 |
| CVE-2022-31214 | A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31214 |
| CVE-2022-32981 | An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32981 |
| CVE-2021-46816 | Adobe Premiere Pro version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46816 |
| CVE-2021-46817 | Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46817 |
| CVE-2021-46818 | Adobe Media Encoder version 15.4 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious M4A file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-46818 |
| CVE-2022-26302 | Heap-based buffer overflow exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26302 |
| CVE-2022-27176 | Incomplete filtering of special elements vulnerability exists in RevoWorks SCVX using 'File Sanitization Library' 1.043 and prior versions, RevoWorks Browser 2.2.67 and prior versions (when using 'File Sanitization Option'), and RevoWorks Desktop 2.1.84 and prior versions (when using 'File Sanitization Option'), which may allow an attacker to execute a malicious macro by having a user to download, import, and open a specially crafted file in the local environment. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27176 |
| CVE-2022-29506 | Out-of-bounds read vulnerability exist in the simulator module contained in the graphic editor 'V-SFT' v6.1.3.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29506 |
| CVE-2022-29522 | Use after free vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29522 |
| CVE-2022-29925 | Access of uninitialized pointer vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29925 |
| CVE-2021-30281 | Possible unauthorized access to secure space due to improper check of data allowed while flashing the no access control device configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30281 |
| CVE-2021-30334 | Possible use after free due to lack of null check of DRM file status after file structure is freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30334 |
| CVE-2021-30350 | Lack of MBN header size verification against input buffer can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30350 |
| CVE-2021-35072 | Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35072 |
| CVE-2021-35090 | Possible hypervisor memory corruption due to TOC TOU race condition when updating address mappings in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35090 |
| CVE-2021-35091 | Possible out of bounds read due to improper typecasting while handling page fault for global memory in Snapdragon Connectivity, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35091 |
| CVE-2021-35094 | Improper verification of timeout-based authentication in identity credential can lead to invalid authorization in HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35094 |
| CVE-2021-35102 | Possible buffer overflow due to lack of validation for the length of NAI string read from EFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35102 |
| CVE-2021-35112 | A user with user level permission can access graphics protected region due to improper access control in register configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35112 |
| CVE-2021-35114 | Improper buffer initialization on the backend driver can lead to buffer overflow in Snapdragon Auto | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35114 |
| CVE-2021-35126 | Memory corruption in DSP service due to improper validation of input parameters in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35126 |
| CVE-2021-35129 | Memory corruption in BT controller due to improper length check while processing vendor specific commands in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35129 |
| CVE-2021-35130 | Memory corruption in graphics support layer due to use after free condition in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-35130 |
| CVE-2022-22057 | Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22057 |
| CVE-2022-22068 | kernel event may contain unexpected content which is not generated by NPU software in asynchronous execution mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22068 |
| CVE-2022-22071 | Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22071 |
| CVE-2022-22072 | Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22072 |
| CVE-2022-22082 | Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22082 |
| CVE-2022-22084 | Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22084 |
| CVE-2022-22085 | Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22085 |
| CVE-2022-22090 | Memory corruption in audio due to use after free while managing buffers from internal cache in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22090 |
| CVE-2022-22103 | Memory corruption in multimedia driver due to double free while processing data from user in Snapdragon Auto | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22103 |
| CVE-2022-31465 | A vulnerability has been identified in Xpedition Designer (All versions < VX.2.11). The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31465 |
| CVE-2022-32252 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The application does not perform the integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting root privileges to an attacker. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32252 |
| CVE-2022-31590 | SAP PowerDesigner Proxy - version 16.7, allows an attacker with low privileges and has local access, with the ability to work around system’s root disk access restrictions to Write/Create a program file on system disk root path, which could then be executed with elevated privileges of the application during application start up or reboot, potentially compromising Confidentiality, Integrity and Availability of the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31590 |
| CVE-2021-41413 | ok-file-formats master 2021-9-12 is affected by a buffer overflow in ok_jpg_convert_data_unit_grayscale and ok_jpg_convert_YCbCr_to_RGB. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41413 |
| CVE-2022-20124 | In deletePackageX of DeletePackageHelper.java, there is a possible way for a Guest user to reset pre-loaded applications for other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-170646036 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20124 |
| CVE-2022-20133 | In setDiscoverableTimeout of AdapterService.java, there is a possible bypass of user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206807679 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20133 |
| CVE-2022-20134 | In readArguments of CallSubjectDialog.java, there is a possible way to trick the user to call the wrong phone number due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-218341397 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20134 |
| CVE-2022-20135 | In writeToParcel of GateKeeperResponse.java, there is a possible parcel format mismatch. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220303465 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20135 |
| CVE-2021-39806 | In closef of label_backends_android.c, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege during startup of servicemanager, if an attacker can trigger an initialization failure, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215387420 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39806 |
| CVE-2022-20138 | In ACTION_MANAGED_PROFILE_PROVISIONED of DevicePolicyManagerService.java, there is a possible way for unprivileged app to send MANAGED_PROFILE_PROVISIONED intent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-210469972 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20138 |
| CVE-2022-20141 | In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20141 |
| CVE-2022-20142 | In createFromParcel of GeofenceHardwareRequestParcelable.java, there is a possible arbitrary code execution due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216631962 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20142 |
| CVE-2022-20144 | In multiple functions of AvatarPhotoController.java, there is a possible access to content owned by system content providers due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-187702830 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20144 |
| CVE-2022-20147 | In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221216105 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20147 |
| CVE-2022-20156 | In unflatten of GraphicBuffer.cpp, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212803946References: N/A | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20156 |
| CVE-2022-20186 | In kbase_mem_alias of mali_kbase_mem_linux.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-215001024References: N/A | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20186 |
| CVE-2022-20192 | In grantEmbeddedWindowFocus of WindowManagerService.java, there is a possible way to change an input channel for embedded hierarchy due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215912712 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20192 |
| CVE-2022-20194 | In onCreate of ChooseLockGeneric.java, there is a possible permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-222684510 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20194 |
| CVE-2022-20197 | In recycle of Parcel.java, there is a possible way to start foreground activity from background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-208279300 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20197 |
| CVE-2022-20204 | In registerRemoteBugreportReceivers of DevicePolicyManagerService.java, there is a possible reporting of falsified bug reports due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-171495100 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20204 |
| CVE-2022-20207 | In static definitions of GattServiceConfig.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-185513714 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20207 |
| CVE-2021-40727 | Access of Memory Location After End of Buffer (CWE-788 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40727 |
| CVE-2021-42732 | Access of Memory Location After End of Buffer (CWE-788) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42732 |
| CVE-2021-43754 | Adobe Prelude version 22.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43754 |
| CVE-2021-43756 | Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by a memory corruption vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43756 |
| CVE-2022-26057 | Vulnerabilities in the Mint WorkBench allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Mint WorkBench installer file allows a low-privileged user to run a "repair" operation on the product | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26057 |
| CVE-2022-31216 | Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31216 |
| CVE-2022-31217 | Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31217 |
| CVE-2022-31218 | Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31218 |
| CVE-2022-31219 | Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31219 |
| CVE-2021-25261 | Local privilege vulnerability in Yandex Browser for Windows prior to 22.5.0.862 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-25261 |
| CVE-2021-42735 | Adobe Photoshop version 22.5.1 (and earlier versions ) is affected by an Access of Memory Location After End of Buffer vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42735 |
| CVE-2021-43755 | Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43755 |
| CVE-2022-28225 | Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.684 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating symlinks to installation file during Yandex Browser update process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28225 |
| CVE-2022-28226 | Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local, low privileged, attacker to execute arbitary code with the SYSTEM privileges through manipulating temporary files in directory with insecure permissions during Yandex Browser update process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28226 |
| CVE-2022-28839 | Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28839 |
| CVE-2022-28840 | Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28840 |
| CVE-2022-28841 | Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28841 |
| CVE-2022-28842 | Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28842 |
| CVE-2022-28843 | Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28843 |
| CVE-2022-28844 | Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28844 |
| CVE-2022-28845 | Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28845 |
| CVE-2022-28846 | Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28846 |
| CVE-2022-28847 | Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28847 |
| CVE-2022-28848 | Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28848 |
| CVE-2022-28849 | Adobe Bridge version 12.0.1 (and earlier versions) is affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28849 |
| CVE-2022-22788 | The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. The Zoom Opener installer for Zoom Client for Meetings before version 5.10.3 and Zoom Rooms for Conference Room for Windows before version 5.10.3 are susceptible to a DLL injection attack. This vulnerability could be used to run arbitrary code on the victims host. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22788 |
| CVE-2022-30647 | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30647 |
| CVE-2022-30648 | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30648 |
| CVE-2022-30649 | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30649 |
| CVE-2022-20203 | In multiple locations of the nanopb library, there is a possible way to corrupt memory when decoding untrusted protobuf files. This could lead to local escalation of privilege,with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20203 |
| CVE-2022-22018 | HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-29111, CVE-2022-29119, CVE-2022-30188. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-22018 |
| CVE-2022-29111 | HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22018, CVE-2022-29119, CVE-2022-30188. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29111 |
| CVE-2022-29119 | HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22018, CVE-2022-29111, CVE-2022-30188. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29119 |
| CVE-2022-29149 | Azure Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29149 |
| CVE-2022-30131 | Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30131 |
| CVE-2022-30132 | Windows Container Manager Service Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30132 |
| CVE-2022-30135 | Windows Media Center Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30135 |
| CVE-2022-30147 | Windows Installer Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30147 |
| CVE-2022-30160 | Windows Advanced Local Procedure Call Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30160 |
| CVE-2022-30164 | Kerberos AppContainer Security Feature Bypass Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30164 |
| CVE-2022-30166 | Local Security Authority Subsystem Service Elevation of Privilege Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30166 |
| CVE-2022-30167 | AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30193. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30167 |
| CVE-2022-30168 | Microsoft Photos App Remote Code Execution Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30168 |
| CVE-2022-30173 | Microsoft Excel Remote Code Execution Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30173 |
| CVE-2022-30174 | Microsoft Office Remote Code Execution Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30174 |
| CVE-2022-30177 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30178, CVE-2022-30179. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30177 |
| CVE-2022-30178 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30177, CVE-2022-30179. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30178 |
| CVE-2022-30179 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30177, CVE-2022-30178. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30179 |
| CVE-2022-30180 | Azure RTOS GUIX Studio Information Disclosure Vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30180 |
| CVE-2022-30188 | HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22018, CVE-2022-29111, CVE-2022-29119. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30188 |
| CVE-2022-30193 | AV1 Video Extension Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30167. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30193 |
| CVE-2022-30538 | Out-of-bounds write vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30538 |
| CVE-2022-30546 | Out-of-bounds read vulnerability exists in the simulator module contained in the graphic editor 'V-SFT' versions prior to v6.1.6.0, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30546 |
| CVE-2022-30549 | Out-of-bounds read vulnerability exists in V-Server v4.0.11.0 and earlier and V-Server Lite v4.0.13.0 and earlier, which may allow an attacker to obtain information and/or execute arbitrary code by having a user to open a specially crafted image file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30549 |
| CVE-2017-20051 | A vulnerability was found in InnoSetup Installer. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to uncontrolled search path. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20051 |
| CVE-2017-20052 | A vulnerability classified as problematic was found in Python 2.7.13. This vulnerability affects unknown code of the component pgAdmin4. The manipulation leads to uncontrolled search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20052 |
| CVE-2022-27531 | A maliciously crafted TIF file can be forced to read beyond allocated boundaries in Autodesk 3ds Max 2022, and 2021 when parsing the TIF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27531 |
| CVE-2022-27532 | A maliciously crafted TIF file in Autodesk 3ds Max 2022 and 2021 can be used to write beyond the allocated buffer while parsing TIF files. This vulnerability in conjunction with other vulnerabilities could lead to arbitrary code execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-27532 |
| CVE-2022-30658 | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30658 |
| CVE-2022-30659 | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30659 |
| CVE-2022-30660 | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30660 |
| CVE-2022-30661 | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30661 |
| CVE-2022-30662 | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30662 |
| CVE-2022-30663 | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30663 |
| CVE-2022-30665 | Adobe InDesign versions 17.2.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30665 |
| CVE-2022-30650 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30650 |
| CVE-2022-30651 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30651 |
| CVE-2022-30652 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30652 |
| CVE-2022-30653 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30653 |
| CVE-2022-30654 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30654 |
| CVE-2022-30655 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30655 |
| CVE-2022-30656 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30656 |
| CVE-2022-30657 | Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30657 |
| CVE-2022-30664 | Adobe Animate version 22.0.5 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30664 |
| CVE-2022-31464 | Insecure permissions configuration in Adaware Protect v1.2.439.4251 allows attackers to escalate privileges via changing the service binary path. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31464 |
| CVE-2022-33912 | A permission issue affects users that deployed the shipped version of the Checkmk Debian package. Packages created by the agent bakery (enterprise editions only) were not affected. Using the shipped version of the agents, the maintainer scripts located at /var/lib/dpkg/info/ will be owned by the user and the group with ID 1001. If such a user exists on the system, they can change the content of these files (which are then executed by root). This leads to a local privilege escalation on the monitored host. Version 1.6 through 1.6.9p29, version 2.0 through 2.0.0p26, version 2.1 through 2.1.0p3, and version 2.2.0i1 are affected. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33912 |
| CVE-2014-125011 | A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2014-125011 |
| CVE-2014-125015 | A vulnerability classified as critical has been found in FFmpeg 2.0. Affected is the function read_var_block_data. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2014-125015 |
| CVE-2014-125017 | A vulnerability classified as critical was found in FFmpeg 2.0. This vulnerability affects the function rpza_decode_stream. The manipulation leads to memory corruption. The attack can be initiated remotely. The name of the patch is Fixes Invalid Writes. It is recommended to apply a patch to fix this issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2014-125017 |
| CVE-2014-125020 | A vulnerability has been found in FFmpeg 2.0 and classified as critical. This vulnerability affects the function decode_update_thread_context. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2014-125020 |
| CVE-2014-125024 | A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function lag_decode_frame. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2014-125024 |
| CVE-2022-2124 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2124 |
| CVE-2022-2125 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2125 |
| CVE-2022-2126 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2126 |
| CVE-2022-2129 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2129 |
| CVE-2022-1823 | Improper privilege management vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local user to modify a configuration file and perform a LOLBin (Living off the land) attack. This could result in the user gaining elevated permissions and being able to execute arbitrary code, through not correctly checking the integrity of the configuration file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1823 |
| CVE-2021-41682 | There is a heap-use-after-free at ecma-helpers-string.c:1940 in ecma_compare_ecma_non_direct_strings in JerryScript 2.4.0 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41682 |
| CVE-2021-41683 | There is a stack-overflow at ecma-helpers.c:326 in ecma_get_lex_env_type in JerryScript 2.4.0 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41683 |
| CVE-2022-1720 | Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1720 |
| CVE-2017-20066 | A vulnerability has been found in Adminer Login 1.4.4 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-20066 |
| CVE-2022-34008 | Comodo Antivirus 12.2.2.8012 has a quarantine flaw that allows privilege escalation. To escalate privilege, a low-privileged attacker can use an NTFS directory junction to restore a malicious DLL from quarantine into the System32 folder. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34008 |
| CVE-2022-20664 | A vulnerability in the web management interface of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), and Cisco Email Security Appliance (ESA) could allow an authenticated, remote attacker to retrieve sensitive information from a Lightweight Directory Access Protocol (LDAP) external authentication server connected to an affected device. This vulnerability is due to a lack of proper input sanitization while querying the external authentication server. An attacker could exploit this vulnerability by sending a crafted query through an external authentication web page. A successful exploit could allow the attacker to gain access to sensitive information, including user credentials from the external authentication server. To exploit this vulnerability, an attacker would need valid operator-level (or higher) credentials. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20664 |
| CVE-2017-10067 | Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-10067 |
| CVE-2018-1272 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-1272 |
| CVE-2018-0227 | A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco Adaptive Security Appliance (ASA) could allow an unauthenticated, remote attacker to establish an SSL VPN connection and bypass certain SSL certificate verification steps. The vulnerability is due to incorrect verification of the SSL Client Certificate. An attacker could exploit this vulnerability by connecting to the ASA VPN without a proper private key and certificate pair. A successful exploit could allow the attacker to establish an SSL VPN connection to the ASA when the connection should have been rejected. This vulnerability affects Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Software that is running on the following Cisco products: 3000 Series Industrial Security Appliances (ISA), ASA 5500 Series Adaptive Security Appliances, ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliances (ASAv), Firepower 4110 Security Appliances, Firepower 9300 ASA Security Modules. Cisco Bug IDs: CSCvg40155. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-0227 |
| CVE-2018-11040 | Spring Framework, versions 5.0.x prior to 5.0.7 and 4.3.x prior to 4.3.18 and older unsupported versions, allows web applications to enable cross-domain requests via JSONP (JSON with Padding) through AbstractJsonpResponseBodyAdvice for REST controllers and MappingJackson2JsonView for browser requests. Both are not enabled by default in Spring Framework nor Spring Boot, however, when MappingJackson2JsonView is configured in an application, JSONP support is automatically ready to use through the "jsonp" and "callback" JSONP parameters, enabling cross-domain requests. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-11040 |
| CVE-2019-5037 | An exploitable denial-of-service vulnerability exists in the Weave certificate loading functionality of Nest Cam IQ Indoor camera, version 4620002. A specially crafted weave packet can cause an integer overflow and an out-of-bounds read on unmapped memory to occur, resulting in a denial of service. An attacker can send a specially crafted packet to trigger. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5037 |
| CVE-2019-5036 | An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially crafted packet to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5036 |
| CVE-2019-5054 | An exploitable denial-of-service vulnerability exists in the session handling functionality of the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) HTTP server. An HTTP request with an empty User-Agent string sent to a page requiring authentication can cause a null pointer dereference, resulting in the HTTP service crashing. An unauthenticated attacker can send a specially crafted HTTP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5054 |
| CVE-2019-5055 | An exploitable denial-of-service vulnerability exists in the Host Access Point Daemon (hostapd) on the NETGEAR N300 (WNR2000v5 with Firmware Version V1.0.0.70) wireless router. A SOAP request sent in an invalid sequence to the <WFAWLANConfig:1#PutMessage> service can cause a null pointer dereference, resulting in the hostapd service crashing. An unauthenticated attacker can send a specially-crafted SOAP request to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5055 |
| CVE-2019-5043 | An exploitable denial-of-service vulnerability exists in the Weave daemon of the Nest Cam IQ Indoor, version 4620002. A set of TCP connections can cause unrestricted resource allocation, resulting in a denial of service. An attacker can connect multiple times to trigger this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5043 |
| CVE-2020-5398 | In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-5398 |
| CVE-2021-38562 | Best Practical Request Tracker (RT) 4.2 before 4.2.17, 4.4 before 4.4.5, and 5.0 before 5.0.2 allows sensitive information disclosure via a timing attack against lib/RT/REST2/Middleware/Auth.pm. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-38562 |
| CVE-2022-0742 | Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0742 |
| CVE-2018-25032 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-25032 |
| CVE-2022-24423 | Dell iDRAC8 versions prior to 2.83.83.83 contain a denial of service vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to cause resource exhaustion in the webserver, resulting in a denial of service condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24423 |
| CVE-2022-28739 | There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28739 |
| CVE-2022-27780 | The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27780 |
| CVE-2022-31649 | ownCloud owncloud/core before 10.10.0 Improperly Removes Sensitive Information Before Storage or Transfer. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31649 |
| CVE-2022-26377 | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26377 |
| CVE-2022-29404 | In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29404 |
| CVE-2022-30522 | If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30522 |
| CVE-2022-30556 | Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30556 |
| CVE-2022-29244 | npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` inside a workspace, as of v7.9.0 and v7.13.0 respectively, may be affected and have published files into the npm registry they did not intend to include. Users should upgrade to the latest, patched version of npm v8.11.0, run: npm i -g npm@latest . Node.js versions v16.15.1, v17.19.1, and v18.3.0 include the patched v8.11.0 version of npm. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29244 |
| CVE-2021-46813 | Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46813 |
| CVE-2022-31055 | kCTF is a Kubernetes-based infrastructure for capture the flag (CTF) competitions. Prior to version 1.6.0, the kctf cluster set-src-ip-ranges was broken and allowed traffic from any IP. The problem has been patched in v1.6.0. As a workaround, those who want to test challenges privately can mark them as `public: false` and use `kctf chal debug port-forward` to connect. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31055 |
| CVE-2022-31753 | The voice wakeup module has a vulnerability of using externally-controlled format strings. Successful exploitation of this vulnerability may affect system availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31753 |
| CVE-2022-31757 | The setting module has a vulnerability of improper use of APIs. Successful exploitation of this vulnerability may affect data confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31757 |
| CVE-2022-33174 | Power Distribution Units running on Powertek firmware (multiple brands) before 3.30.30 allows remote authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to an empty string followed by a semicolon. This bypasses an active session authorization check. This can be then used to fetch the values of protected sys.passwd and sys.su.name fields that contain the username and password in cleartext. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33174 |
| CVE-2022-31054 | Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several `HandleRoute` endpoints make use of the deprecated `ioutil.ReadAll()`. `ioutil.ReadAll()` reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server will be able to crash it and cause denial of service. A patch for this vulnerability has been released in Argo Events version 1.7.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31054 |
| CVE-2022-32558 | An issue was discovered in Couchbase Server before 7.0.4. Sample bucket loading may leak internal user passwords during a failure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32558 |
| CVE-2022-32560 | An issue was discovered in Couchbase Server before 7.0.4. XDCR lacks role checking when changing internal settings. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32560 |
| CVE-2022-32564 | An issue was discovered in Couchbase Server before 7.0.4. In couchbase-cli, server-eshell leaks the Cluster Manager cookie. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32564 |
| CVE-2022-32192 | Couchbase Server 5.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32192 |
| CVE-2022-32565 | An issue was discovered in Couchbase Server before 7.0.4. The Backup Service log leaks unredacted usernames and document ids. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32565 |
| CVE-2022-31447 | An XML external entity (XXE) injection vulnerability in Magicpin v3.4 allows attackers to access sensitive database information via a crafted SVG file. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31447 |
| CVE-2022-29509 | Directory traversal vulnerability in T&D Data Server (Japanese Edition) Ver.2.22 and earlier, T&D Data Server (English Edition) Ver.2.30 and earlier, THERMO RECORDER DATA SERVER (Japanese Edition) Ver.2.13 and earlier, and THERMO RECORDER DATA SERVER (English Edition) Ver.2.13 and earlier allows a remote attacker to view an arbitrary file on the server via unspecified vectors. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29509 |
| CVE-2021-30340 | Reachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30340 |
| CVE-2021-30344 | Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30344 |
| CVE-2021-35073 | Possible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35073 |
| CVE-2021-35076 | Possible null pointer dereference due to improper validation of RRC connection reconfiguration message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35076 |
| CVE-2021-35078 | Possible memory leak due to improper validation of certificate chain length while parsing server certificate chain in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35078 |
| CVE-2021-35086 | Possible buffer over read due to improper validation of SIB type when processing a NR system Information message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35086 |
| CVE-2021-35087 | Possible null pointer access due to improper validation of system information message to be processed in Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35087 |
| CVE-2021-35096 | Improper memory allocation during counter check DLM handling can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35096 |
| CVE-2021-35100 | Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35100 |
| CVE-2021-37182 | A vulnerability has been identified in SCALANCE XM408-4C (All versions < V6.5), SCALANCE XM408-4C (L3 int.) (All versions < V6.5), SCALANCE XM408-8C (All versions < V6.5), SCALANCE XM408-8C (L3 int.) (All versions < V6.5), SCALANCE XM416-4C (All versions < V6.5), SCALANCE XM416-4C (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 1x230V (All versions < V6.5), SCALANCE XR524-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 24V (All versions < V6.5), SCALANCE XR524-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR524-8C, 2x230V (All versions < V6.5), SCALANCE XR524-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 1x230V (All versions < V6.5), SCALANCE XR526-8C, 1x230V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 24V (All versions < V6.5), SCALANCE XR526-8C, 24V (L3 int.) (All versions < V6.5), SCALANCE XR526-8C, 2x230V (All versions < V6.5), SCALANCE XR526-8C, 2x230V (L3 int.) (All versions < V6.5), SCALANCE XR528-6M (All versions < V6.5), SCALANCE XR528-6M (2HR2) (All versions < V6.5), SCALANCE XR528-6M (2HR2, L3 int.) (All versions < V6.5), SCALANCE XR528-6M (L3 int.) (All versions < V6.5), SCALANCE XR552-12M (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2) (All versions < V6.5), SCALANCE XR552-12M (2HR2, L3 int.) (All versions < V6.5). The OSPF protocol implementation in affected devices fails to verify the checksum and length fields in the OSPF LS Update messages. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37182 |
| CVE-2022-22064 | Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22064 |
| CVE-2022-22065 | Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22065 |
| CVE-2022-22083 | Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22083 |
| CVE-2022-30937 | A vulnerability has been identified in EN100 Ethernet module DNP3 IP variant (All versions), EN100 Ethernet module IEC 104 variant (All versions), EN100 Ethernet module IEC 61850 variant (All versions < V4.37), EN100 Ethernet module Modbus TCP variant (All versions), EN100 Ethernet module PROFINET IO variant (All versions). Affected applications contains a memory corruption vulnerability while parsing specially crafted HTTP packets to /txtrace endpoint. This could allow an attacker to crash the affected application leading to a denial of service condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30937 |
| CVE-2022-32253 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). Due to improper input validation, the OpenSSL certificate's password could be printed to a file reachable by an attacker. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32253 |
| CVE-2022-32254 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32254 |
| CVE-2022-32258 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains an older feature that allows to import device configurations via a specific endpoint. An attacker could use this vulnerability for information disclosure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32258 |
| CVE-2022-32261 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32261 |
| CVE-2022-32285 | A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). The affected module is vulnerable to XML External Entity (XXE) attacks due to insufficient input sanitation. This may allow an attacker to disclose confidential data under certain circumstances. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32285 |
| CVE-2021-40660 | An issue was discovered in Delight Nashorn Sandbox 0.2.0. There is an ReDoS vulnerability that can be exploited to launching a denial of service (DoS) attack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40660 |
| CVE-2022-31308 | A vulnerability in live_mfg.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.191012 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31308 |
| CVE-2022-31309 | A vulnerability in live_check.shtml of WAVLINK AERIAL X 1200M M79X3.V5030.180719 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31309 |
| CVE-2022-31845 | A vulnerability in live_check.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31845 |
| CVE-2022-31846 | A vulnerability in live_mfg.shtml of WAVLINK WN535 G3 M35G3R.V5030.180927 allows attackers to obtain sensitive router information via execution of the exec cmd function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31846 |
| CVE-2022-31847 | A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31847 |
| CVE-2022-32557 | An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce authentication for TCP/TLS servers. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32557 |
| CVE-2022-32230 | Microsoft Windows SMBv3 suffers from a null pointer dereference in versions of Windows prior to the April, 2022 patch set. By sending a malformed FileNormalizedNameInformation SMBv3 request over a named pipe, an attacker can cause a Blue Screen of Death (BSOD) crash of the Windows kernel. For most systems, this attack requires authentication, except in the special case of Windows Domain Controllers, where unauthenticated users can always open named pipes as long as they can establish an SMB session. Typically, after the BSOD, the victim SMBv3 server will reboot. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32230 |
| CVE-2022-20123 | In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221852424 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20123 |
| CVE-2022-20131 | In nci_proc_rf_management_ntf of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221856662 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20131 |
| CVE-2022-20149 | Product: AndroidVersions: Android kernelAndroid ID: A-211685939References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20149 |
| CVE-2022-20151 | Product: AndroidVersions: Android kernelAndroid ID: A-210712565References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20151 |
| CVE-2022-20168 | Product: AndroidVersions: Android kernelAndroid ID: A-210594998References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20168 |
| CVE-2022-20169 | Product: AndroidVersions: Android kernelAndroid ID: A-211162353References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20169 |
| CVE-2022-20175 | Product: AndroidVersions: Android kernelAndroid ID: A-209252491References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20175 |
| CVE-2022-20177 | Product: AndroidVersions: Android kernelAndroid ID: A-209906686References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20177 |
| CVE-2022-20179 | Product: AndroidVersions: Android kernelAndroid ID: A-211683760References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20179 |
| CVE-2022-20181 | Product: AndroidVersions: Android kernelAndroid ID: A-210936609References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20181 |
| CVE-2022-20184 | Product: AndroidVersions: Android kernelAndroid ID: A-209153114References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20184 |
| CVE-2022-20188 | Product: AndroidVersions: Android kernelAndroid ID: A-207254598References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20188 |
| CVE-2022-20190 | Product: AndroidVersions: Android kernelAndroid ID: A-208744915References: N/A | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20190 |
| CVE-2022-20209 | In hme_add_new_node_to_a_sorted_array of hme_utils.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-207502397 | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20209 |
| CVE-2022-32155 | In universal forwarder versions before 9.0, management services are available remotely by default. When not required, it introduces a potential exposure, but it is not a vulnerability. If exposed, we recommend each customer assess the potential severity specific to your environment. In 9.0, the universal forwarder now binds the management port to localhost preventing remote logins by default. If management services are not required in versions before 9.0, set disableDefaultPort = true in server.conf OR allowRemoteLogin = never in server.conf OR mgmtHostPort = localhost in web.conf. See Configure universal forwarder management security (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_universal_forwarder_management_security) for more information on disabling the remote management services. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32155 |
| CVE-2022-32157 | Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of forwarder bundles. Remediation requires you to update the deployment server to version 9.0 and Configure authentication for deployment servers and clients (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/ConfigDSDCAuthEnhancements#Configure_authentication_for_deployment_servers_and_clients). Once enabled, deployment servers can manage only Universal Forwarder versions 9.0 and higher. Though the vulnerability does not directly affect Universal Forwarders, remediation requires updating all Universal Forwarders that the deployment server manages to version 9.0 or higher prior to enabling the remediation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32157 |
| CVE-2022-31044 | Rundeck is an open source automation service with a web console, command line tools and a WebAPI. The Key Storage converter plugin mechanism was not enabled correctly in Rundeck 4.2.0 and 4.2.1, resulting in use of the encryption layer for Key Storage possibly not working. Any credentials created or overwritten using Rundeck 4.2.0 or 4.2.1 might result in them being written in plaintext to the backend storage. This affects those using any `Storage Converter` plugin. Rundeck 4.3.1 and 4.2.2 have fixed the code and upon upgrade will re-encrypt any plain text values. Version 4.3.0 does not have the vulnerability, but does not include the patch to re-encrypt plain text values if 4.2.0 or 4.2.1 were used. To prevent plaintext credentials from being stored in Rundeck 4.2.0/4.2.1, write access to key storage can be disabled via ACLs. After upgrading to 4.3.1 or later, write access can be restored. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31044 |
| CVE-2022-21935 | A vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 allows unverified password change. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21935 |
| CVE-2022-24946 | Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC-Q Series Q03UDECPU all versions, Mitsubishi Electric MELSEC-Q Series Q04/06/10/13/20/26/50/100UDEHCPU all versions, Mitsubishi Electric MELSEC-Q Series Q03/04/06/13/26UDVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-Q Series Q04/06/13/26UDPVCPU the first 5 digits of serial number "24051" and prior, Mitsubishi Electric MELSEC-L series L02/06/26CPU(-P) the first 5 digits of serial number "24051" and prior and Mitsubishi Electric MELSEC-L series L26CPU-(P)BT the first 5 digits of serial number "24051" and prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition in Ethernet communications by sending specially crafted packets. A system reset of the products is required for recovery. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24946 |
| CVE-2022-29143 | Microsoft SQL Server Remote Code Execution Vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29143 |
| CVE-2022-30140 | Windows iSCSI Discovery Service Remote Code Execution Vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30140 |
| CVE-2022-30142 | Windows File History Remote Code Execution Vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30142 |
| CVE-2022-30143 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30146, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30143 |
| CVE-2022-30146 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30149, CVE-2022-30153, CVE-2022-30161. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30146 |
| CVE-2022-30149 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-30139, CVE-2022-30141, CVE-2022-30143, CVE-2022-30146, CVE-2022-30153, CVE-2022-30161. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30149 |
| CVE-2022-30152 | Windows Network Address Translation (NAT) Denial of Service Vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30152 |
| CVE-2022-31372 | Wiris Mathtype v7.28.0 was discovered to contain a path traversal vulnerability in the resourceFile parameter. This vulnerability is exploited via a crafted request to the resource handler. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31372 |
| CVE-2022-31291 | An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31291 |
| CVE-2022-29862 | An infinite loop in OPC UA .NET Standard Stack 1.04.368 allows a remote attackers to cause the application to hang via a crafted message. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29862 |
| CVE-2022-29865 | OPC UA .NET Standard Stack allows a remote attacker to bypass the application authentication check via crafted fake credentials. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29865 |
| CVE-2022-29863 | OPC UA .NET Standard Stack 1.04.368 allows remote attacker to cause a crash via a crafted message that triggers excessive memory allocation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29863 |
| CVE-2022-29864 | OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to cause a server to crash via a large number of messages that trigger Uncontrolled Resource Consumption. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29864 |
| CVE-2022-29866 | OPC UA .NET Standard Stack 1.04.368 allows a remote attacker to exhaust the memory resources of a server via a crafted request that triggers Uncontrolled Resource Consumption. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29866 |
| CVE-2022-31295 | An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31295 |
| CVE-2020-25459 | An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-25459 |
| CVE-2020-28865 | An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-28865 |
| CVE-2018-18907 | An issue was discovered on D-Link DIR-850L 1.21WW devices. A partially completed WPA handshake is sufficient for obtaining full access to the wireless network. A client can access the network by sending packets on Data Frames to the AP without encryption. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-18907 |
| CVE-2022-33739 | CA Clarity 15.8 and below and 15.9.0 contain an insecure XML parsing vulnerability that could allow a remote attacker to potentially view the contents of any file on the system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33739 |
| CVE-2022-33751 | CA Automic Automation 12.2 and 12.3 contain an insecure memory handling vulnerability in the Automic agent that could allow a remote attacker to potentially access sensitive data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33751 |
| CVE-2022-33756 | CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33756 |
| CVE-2021-41490 | Memory leaks in LazyPRM.cpp of OMPL v1.5.0 can cause unexpected behavior. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-41490 |
| CVE-2021-45025 | ASG technologies ( A Rocket Software Company) ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cleartext Storage of Sensitive Information in a Cookie. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-45025 |
| CVE-2022-22138 | All versions of package fast-string-search are vulnerable to Denial of Service (DoS) when computations are incorrect for non-string inputs. One can cause the V8 to attempt reading from non-permitted locations and cause a segmentation fault due to the violation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22138 |
| CVE-2022-25345 | All versions of package @discordjs/opus are vulnerable to Denial of Service (DoS) when trying to encode using an encoder with zero channels, or a non-initialized buffer. This leads to a hard crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25345 |
| CVE-2022-25856 | The package github.com/argoproj/argo-events/sensors/artifacts before 1.7.1 are vulnerable to Directory Traversal in the (g *GitArtifactReader).Read() API in git.go. This could allow arbitrary file reads if the GitArtifactReader is provided a pathname containing a symbolic link or an implicit directory name such as ... | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25856 |
| CVE-2022-25871 | All versions of package querymen are vulnerable to Prototype Pollution if the parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. Note: This vulnerability derives from an incomplete fix of [CVE-2020-7600](https://security.snyk.io/vuln/SNYK-JS-QUERYMEN-559867). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25871 |
| CVE-2021-45918 | NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-45918 |
| CVE-2022-1614 | The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1614 |
| CVE-2022-1801 | The Very Simple Contact Form WordPress plugin before 11.6 exposes the solution to the captcha in the rendered contact form, both as hidden input fields and as plain text in the page, making it very easy for bots to bypass the captcha check, rendering the page a likely target for spam bots. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1801 |
| CVE-2022-33913 | In Mahara 21.04 before 21.04.6, 21.10 before 21.10.4, and 22.04.2, files can sometimes be downloaded through thumb.php with no permission check. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33913 |
| CVE-2022-22979 | In Spring Cloud Function versions prior to 3.2.6, it is possible for a user who directly interacts with framework provided lookup functionality to cause a denial-of-service condition due to the caching issue in the Function Catalog component of the framework. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22979 |
| CVE-2022-33995 | A path traversal issue in entry attachments in Devolutions Remote Desktop Manager before 2022.2 allows attackers to create or overwrite files in an arbitrary location. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33995 |
| CVE-2021-40510 | XML eXternal Entity (XXE) in OBDA systems’ Mastro 1.0 allows remote attackers to read system files via custom DTDs. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40510 |
| CVE-2021-40511 | OBDA systems’ Mastro 1.0 is vulnerable to XML Entity Expansion (aka “billion laughs”) attack allowing denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40511 |
| CVE-2022-31804 | The CODESYS Gateway Server V2 does not verifiy that the size of a request is within expected limits. An unauthenticated attacker may allocate an arbitrary amount of memory, which may lead to a crash of the Gateway due to an out-of-memory condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31804 |
| CVE-2021-44531 | Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.Versions of Node.js with the fix for this disable the URI SAN type when checking a certificate against a hostname. This behavior can be reverted through the --security-revert command-line option. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-44531 |
| CVE-2022-20817 | A vulnerability in Cisco Unified IP Phones could allow an unauthenticated, remote attacker to impersonate another user's phone if the Cisco Unified Communications Manager (CUCM) is in secure mode. This vulnerability is due to improper key generation during the manufacturing process that could result in duplicated manufactured keys installed on multiple devices. An attacker could exploit this vulnerability by performing a machine-in-the-middle attack on the secure communication between the phone and the CUCM. A successful exploit could allow the attacker to impersonate another user's phone. This vulnerability cannot be addressed with software updates. There is a workaround that addresses this vulnerability. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20817 |
| CVE-2021-39691 | In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-157929241 | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-39691 |
| CVE-2022-20126 | In setScanMode of AdapterService.java, there is a possible way to enable Bluetooth discovery mode without user interaction due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203431023 | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20126 |
| CVE-2022-20137 | In onCreateContextMenu of NetworkProviderSettings.java, there is a possible way for non-owner users to change WiFi settings due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-206986392 | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20137 |
| CVE-2022-20193 | In getUniqueUsagesWithLabels of PermissionUsageHelper.java, there is a possible incorrect permission attribution due to a logic error in the code. This could lead to local escalation of privilege by conflating apps with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212434116 | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20193 |
| CVE-2021-39402 | MaianAffiliate v.1.0 is suffers from code injection by adding a new product via the admin panel. The injected payload is reflected on the affiliate main page for all authenticated and unauthenticated visitors. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2021-39402 |
| CVE-2022-28704 | Improper access control vulnerability in Rakuten Casa version AP_F_V1_4_1 or AP_F_V2_0_0 allows a remote attacker to log in with the root privilege and perform an arbitrary operation if the product is in its default settings in which is set to accept SSH connections from the WAN side, and is also connected to the Internet with the authentication information unchanged from the default settings. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-28704 |
| CVE-2022-23169 | attacker needs to craft a SQL payload. the vulnerable parameter is "agentid" must be authenticated to the admin panel. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-23169 |
| CVE-2022-29257 | Electron is a framework for writing cross-platform desktop applications using JavaScript (JS), HTML, and CSS. A vulnerability in versions prior to 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 allows attackers who have control over a given apps update server / update storage to serve maliciously crafted update packages that pass the code signing validation check but contain malicious code in some components. This kind of attack would require significant privileges in a potential victim's own auto updating infrastructure and the ease of that attack entirely depends on the potential victim's infrastructure security. Electron versions 18.0.0-beta.6, 17.2.0, 16.2.6, and 15.5.5 contain a fix for this issue. There are no known workarounds. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-29257 |
| CVE-2022-32364 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/manage_product&id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32364 |
| CVE-2022-32365 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/manage_field.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32365 |
| CVE-2022-32366 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/fields/view_field.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32366 |
| CVE-2022-32367 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=inquiries/view_inquiry&id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32367 |
| CVE-2022-31050 | TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, Admin Tool sessions initiated via the TYPO3 backend user interface had not been revoked even if the corresponding user account was degraded to lower permissions or disabled completely. This way, sessions in the admin tool theoretically could have been prolonged without any limit. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-31050 |
| CVE-2022-32353 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_field_order.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32353 |
| CVE-2022-32354 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=user/manage_user&id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32354 |
| CVE-2022-32355 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/?page=products/view_product&id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32355 |
| CVE-2022-32358 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_inquiry. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32358 |
| CVE-2022-32359 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/classes/Master.php?f=delete_category. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32359 |
| CVE-2022-32362 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/manage_category.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32362 |
| CVE-2022-32363 | Product Show Room Site v1.0 is vulnerable to SQL Injection via /psrs/admin/categories/view_category.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32363 |
| CVE-2022-32152 | Splunk Enterprise peers in Splunk Enterprise versions before 9.0 and Splunk Cloud Platform versions before 8.2.2203 did not validate the TLS certificates during Splunk-to-Splunk communications by default. Splunk peer communications configured properly with valid certificates were not vulnerable. However, an attacker with administrator credentials could add a peer without a valid certificate and connections from misconfigured nodes without valid certificates did not fail by default. For Splunk Enterprise, update to Splunk Enterprise version 9.0 and Configure TLS host name validation for Splunk-to-Splunk communications (https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation) to enable the remediation. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32152 |
| CVE-2022-32992 | Online Tours And Travels Management System v1.0 was discovered to contain a SQL injection vulnerability via the tname parameter at /admin/operations/tax.php. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32992 |
| CVE-2022-32375 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_timetable.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32375 |
| CVE-2022-32376 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_events.php?event_id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32376 |
| CVE-2022-32377 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam_timetable.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32377 |
| CVE-2022-32378 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher_profile.php?my_index=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32378 |
| CVE-2022-32379 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_parents_profile.php?my_index=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32379 |
| CVE-2022-32380 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_student_subject.php?index=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32380 |
| CVE-2022-32381 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_admin_profile.php?my_index=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32381 |
| CVE-2022-32433 | itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via ip/school/view/all_teacher.php. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32433 |
| CVE-2022-32368 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_grade.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32368 |
| CVE-2022-32373 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_exam.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32373 |
| CVE-2022-32374 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject_routing.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32374 |
| CVE-2022-32370 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_classroom.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32370 |
| CVE-2022-32371 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_teacher.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32371 |
| CVE-2022-32372 | itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_subject.php?id=. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-32372 |
| CVE-2022-31908 | Student Registration and Fee Payment System v1.0 is vulnerable to SQL Injection via /scms/student.php. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-31908 |
| CVE-2022-31911 | Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-31911 |
| CVE-2022-31912 | Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=delete_team. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-31912 |
| CVE-2019-12353 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-12353 |
| CVE-2019-12354 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-12354 |
| CVE-2019-12357 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-12357 |
| CVE-2019-12359 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-12359 |
| CVE-2022-1939 | The Allow svg files WordPress plugin before 1.1 does not properly validate uploaded files, which could allow high privilege users such as admin to upload PHP files even when they are not allowed to | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-1939 |
| CVE-2022-33048 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/reservations/view_details.php. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-33048 |
| CVE-2022-33049 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/?page=user/manage_user. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-33049 |
| CVE-2022-33055 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/trains/manage_train.php. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-33055 |
| CVE-2022-33056 | Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /orrs/admin/schedules/manage_schedule.php. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-33056 |
| CVE-2022-26659 | Docker Desktop installer on Windows in versions before 4.6.0 allows an attacker to overwrite any administrator writable files by creating a symlink in place of where the installer writes its log file. Starting from version 4.6.0, the Docker Desktop installer, when run elevated, will write its log files to a location not writable by non-administrator users. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-26659 |
| CVE-2021-35084 | Possible out of bound read due to lack of length check of data length for a DIAG event in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-35084 |
| CVE-2021-35085 | Possible buffer overflow due to lack of buffer length check during management frame Rx handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-35085 |
| CVE-2021-35116 | APK can load a crafted model into the CDSP which can lead to a compromise of CDSP and other APK`s data executing there in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-35116 |
| CVE-2021-35095 | Improper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register with same label in Snapdragon Connectivity, Snapdragon Mobile | 7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35095 |
| CVE-2022-20155 | In ipu_core_jqs_msg_transport_kernel_write_sync of ipu-core-jqs-msg-transport.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176754369References: N/A | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20155 |
| CVE-2022-30151 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2022-30151 |
| CVE-2021-4203 | A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-4203 |
| CVE-2022-30784 | A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30784 |
| CVE-2022-30786 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30786 |
| CVE-2022-30788 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30788 |
| CVE-2022-30789 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30789 |
| CVE-2021-30327 | Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon Voice & Music | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-30327 |
| CVE-2022-20125 | In GBoard, there is a possible way to bypass factory reset protections due to a sandbox escape. This could lead to local escalation of privilege if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-194402515 | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20125 |
| CVE-2019-5094 | An exploitable code execution vulnerability exists in the quota file functionality of E2fsprogs 1.45.3. A specially crafted ext4 partition can cause an out-of-bounds write on the heap, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2019-5094 |
| CVE-2022-30783 | An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-30783 |
| CVE-2022-30785 | A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-30785 |
| CVE-2022-30787 | An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-30787 |
| CVE-2022-26363 | x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-26363 |
| CVE-2022-26364 | x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for CPU-induced cache non-coherency; cases where the CPU can cause the content of the cache to be different to the content in main memory. In such cases, Xen's safety logic can incorrectly conclude that the contents of a page is safe. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-26364 |
| CVE-2021-30349 | Improper access control sequence for AC database after memory allocation can lead to possible memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-30349 |
| CVE-2021-35092 | Processing DCB/AVB algorithm with an invalid queue index from IOCTL request could lead to arbitrary address modification in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35092 |
| CVE-2021-35098 | Improper validation of session id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35098 |
| CVE-2021-35118 | An out-of-bounds write can occur due to an incorrect input check in the camera driver in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35118 |
| CVE-2021-35120 | Improper handling between export and release functions on the same handle from client can lead to use after free in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35120 |
| CVE-2021-35121 | An array index is improperly used to lock and unlock a mutex which can lead to a Use After Free condition In the Synx driver in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-35121 |
| CVE-2022-31594 | A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-31594 |
| CVE-2022-20152 | In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006198References: N/A | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20152 |
| CVE-2022-20153 | In rcu_cblist_dequeue of rcu_segcblist.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222091980References: Upstream kernel | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20153 |
| CVE-2022-20166 | In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-182388481References: Upstream kernel | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20166 |
| CVE-2022-20178 | In ioctl_dpm_qos_update and ioctl_event_control_set of (TBD), there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-224932775References: N/A | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20178 |
| CVE-2022-20183 | In hypx_create_blob_dmabuf of faceauth_hypx.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188911154References: N/A | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20183 |
| CVE-2022-20185 | In TBD of TBD, there is a possible use after free bug. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208842348References: N/A | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20185 |
| CVE-2022-20201 | In getAppSize of InstalldNativeService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220733817 | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20201 |
| CVE-2022-20233 | In param_find_digests_internal and related functions of the Titan-M source, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222472803References: N/A | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-20233 |
| CVE-2022-30137 | Azure Service Fabric Container Elevation of Privilege Vulnerability. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-30137 |
| CVE-2018-3211 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Serviceability). Supported versions that are affected are Java SE: 8u182 and 11; Java SE Embedded: 8u181. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Java SE, Java SE Embedded executes to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data as well as unauthorized access to critical data or complete access to all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). This vulnerability can only be exploited when Java Usage Tracker functionality is being used. CVSS 3.0 Base Score 6.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N). | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2018-3211 |
| CVE-2018-1257 | Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-1257 |
| CVE-2018-13785 | In libpng 1.6.34, a wrong calculation of row_factor in the png_check_chunk_length function (pngrutil.c) may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-13785 |
| CVE-2018-14048 | An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-14048 |
| CVE-2019-5070 | An exploitable SQL injection vulnerability exists in the unauthenticated portion of eFront LMS, versions v5.2.12 and earlier. Specially crafted web request to login page can cause SQL injections, resulting in data compromise. An attacker can use a browser to trigger these vulnerabilities, and no special tools are required. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-5070 |
| CVE-2020-5421 | In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-5421 |
| CVE-2021-22960 | The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-22960 |
| CVE-2021-22959 | The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-22959 |
| CVE-2022-22950 | n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22950 |
| CVE-2021-3611 | A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3611 |
| CVE-2017-20041 | A vulnerability was found in Ucweb UC Browser 11.2.5.932. It has been classified as critical. Affected is an unknown function of the component HTML Handler. The manipulation of the argument title leads to improper restriction of rendered ui layers (URL). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-20041 |
| CVE-2022-31041 | Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users (e.g. only PDF / Excel / ...). The input validation of uploaded files is insufficient in versions prior to 1.0.9 and 1.1.1. Users could alter or strip file extensions to bypass this validation. This results in files being uploaded to the server that are of a different file type than indicated by the file name extension. These files may be downloaded (manually or automatically) by staff and/or other applications for further processing. Malicious files can therefore find their way into internal/trusted networks. Versions 1.0.9 and 1.1.1 contain patches for this issue. As a workaround, an API gateway or intrusion detection solution in front of open-forms may be able to scan for and block malicious content before it reaches the Open Forms application. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31041 |
| CVE-2022-28217 | Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system’s Availability by causing system to crash. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28217 |
| CVE-2022-32193 | Couchbase Server 6.6.x through 7.x before 7.0.4 exposes Sensitive Information to an Unauthorized Actor. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32193 |
| CVE-2022-31415 | Online Fire Reporting System v1.0 was discovered to contain a SQL injection vulnerability via the GET parameter in /report/list.php. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31415 |
| CVE-2021-35101 | Improper handling of writes to virtual GICR control can lead to assertion failure in the hypervisor in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35101 |
| CVE-2021-40616 | thinkcmf v5.1.7 has an unauthorized vulnerability. The attacker can modify the password of the administrator account with id 1 through the background user management group permissions. The use condition is that the background user management group authority is required. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40616 |
| CVE-2021-40649 | In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the HttpOnly flag set. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40649 |
| CVE-2021-40650 | In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have the secure flag set. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40650 |
| CVE-2022-30228 | A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not apply cross-origin resource sharing (CORS) restrictions for critical operations. In case an attacker tricks a legitimate user into accessing a special resource a malicious request could be executed. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30228 |
| CVE-2022-32256 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to low privileged users accessing privileged information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32256 |
| CVE-2022-32259 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32259 |
| CVE-2022-30931 | Employee Leaves Management System (ELMS) V 2.1 is vulnerable to Cross Site Request Forgery (CSRF) via /myprofile.php. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30931 |
| CVE-2022-31589 | Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31589 |
| CVE-2022-31047 | TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, system internal credentials or keys (e.g. database credentials) can be logged as plaintext in exception handlers, when logging the complete exception stack trace. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 contain a fix for the problem. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31047 |
| CVE-2022-20202 | In ih264_resi_trans_quant_4x4_sse42 of ih264_resi_trans_quant_sse42.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-204704614 | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20202 |
| CVE-2021-41672 | PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-41672 |
| CVE-2022-20819 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administrative privilege levels for sensitive data are not properly enforced. An attacker with read-only privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information about the system configuration. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20819 |
| CVE-2022-24436 | Observable behavioral in power management throttling for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via network access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24436 |
| CVE-2022-30189 | Windows Autopilot Device Management and Enrollment Client Spoofing Vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30189 |
| CVE-2022-22953 | VMware HCX update addresses an information disclosure vulnerability. A malicious actor with network user access to the VMware HCX appliance may be able to gain access to sensitive information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22953 |
| CVE-2022-31294 | An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31294 |
| CVE-2022-30327 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The web interface is vulnerable to CSRF. An attacker can change the pre-shared key of the Wi-Fi router if the interface's IP address is known. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30327 |
| CVE-2022-30328 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The username and password setup for the web interface does not require entering the existing password. A malicious user can change the username and password of the interface. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30328 |
| CVE-2022-30607 | IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30607 |
| CVE-2021-46823 | python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP schema parser. By sending crafted regex input, a remote authenticated attacker could exploit this vulnerability to cause a denial of service condition. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46823 |
| CVE-2022-23071 | In Recipes, versions 0.9.1 through 1.2.5 are vulnerable to Server Side Request Forgery (SSRF), in the “Import Recipe” functionality. When an attacker enters the localhost URL, a low privileged attacker can access/read the internal file system to access sensitive information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23071 |
| CVE-2022-34000 | libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init() in render_pipeline/low_memory_render_pipeline.cc. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34000 |
| CVE-2022-26668 | ASUS Control Center API has a broken access control vulnerability. An unauthenticated remote attacker can call privileged API functions to perform partial system operations or cause partial disrupt of service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26668 |
| CVE-2022-26669 | ASUS Control Center is vulnerable to SQL injection. An authenticated remote attacker with general user privilege can inject SQL command to specific API parameters to acquire database schema or access data. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26669 |
| CVE-2022-1610 | The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1610 |
| CVE-2022-1630 | The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1630 |
| CVE-2022-1826 | The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF attack | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1826 |
| CVE-2022-1827 | The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1827 |
| CVE-2022-1828 | The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1828 |
| CVE-2022-1829 | The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1829 |
| CVE-2022-1830 | The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1830 |
| CVE-2022-1831 | The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1831 |
| CVE-2022-1832 | The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied protection. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1832 |
| CVE-2022-2134 | Denial of Service in GitHub repository inventree/inventree prior to 0.8.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2134 |
| CVE-2022-32974 | An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32974 |
| CVE-2022-1965 | Multiple products of CODESYS implement a improper error handling. A low privilege remote attacker may craft a request, which is not properly processed by the error handling. In consequence, the file referenced by the request could be deleted. User interaction is not required. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1965 |
| CVE-2022-32139 | In multiple CODESYS products, a low privileged remote attacker may craft a request, which cause an out-of-bounds read, resulting in a denial-of-service condition. User Interaction is not required. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32139 |
| CVE-2022-32140 | Multiple CODESYS products are affected to a buffer overflow.A low privileged remote attacker may craft a request, which can cause a buffer copy without checking the size of the service, resulting in a denial-of-service condition. User Interaction is not required. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32140 |
| CVE-2022-32141 | Multiple CODESYS Products are prone to a buffer over read. A low privileged remote attacker may craft a request with an invalid offset, which can cause an internal buffer over-read, resulting in a denial-of-service condition. User interaction is not required. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32141 |
| CVE-2022-26362 | x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write mapping before writeability is prohibited. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-26362 |
| CVE-2022-20148 | In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-219513976References: Upstream kernel | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20148 |
| CVE-2022-20154 | In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20154 |
| CVE-2022-28202 | An XSS issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. The widthheight, widthheightpage, and nbytes properties of messages are not escaped when used in galleries or Special:RevisionDelete. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28202 |
| CVE-2022-29548 | A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29548 |
| CVE-2022-1756 | The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-1756 |
| CVE-2022-1985 | The Download Manager Plugin for WordPress is vulnerable to reflected Cross-Site Scripting in versions up to, and including 3.2.42. This is due to insufficient input sanitization and output escaping on the 'frameid' parameter found in the ~/src/Package/views/shortcode-iframe.php file. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-1985 |
| CVE-2022-2066 | Cross-site Scripting (XSS) - Reflected in GitHub repository neorazorx/facturascripts prior to 2022.06. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-2066 |
| CVE-2022-29455 | DOM-based Reflected Cross-Site Scripting (XSS) vulnerability in Elementor's Elementor Website Builder plugin <= 3.5.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29455 |
| CVE-2021-41663 | A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-41663 |
| CVE-2022-29485 | Cross-site scripting vulnerability in SHIRASAGI v1.0.0 to v1.14.2, and v1.15.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29485 |
| CVE-2022-29034 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An error message pop up window in the web interface of the affected application does not prevent injection of JavaScript code. This could allow attackers to perform reflected cross-site scripting (XSS) attacks. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29034 |
| CVE-2022-32145 | A vulnerability has been identified in Teamcenter Active Workspace V5.2 (All versions < V5.2.9), Teamcenter Active Workspace V6.0 (All versions < V6.0.3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-32145 |
| CVE-2022-32286 | A vulnerability has been identified in Mendix SAML Module (Mendix 7 compatible) (All versions < V1.16.6), Mendix SAML Module (Mendix 8 compatible) (All versions < V2.2.2), Mendix SAML Module (Mendix 9 compatible) (All versions < V3.2.3). In certain configurations SAML module is vulnerable to Cross Site Scripting (XSS) attacks due to insufficient error message sanitation. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-32286 |
| CVE-2022-31403 | ITOP v3.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via /itop/pages/ajax.render.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-31403 |
| CVE-2022-29618 | Due to insufficient input validation, SAP NetWeaver Development Infrastructure (Design Time Repository) - versions 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to inject script into the URL and execute code in the user’s browser. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-29618 |
| CVE-2021-36901 | Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Phil Baker's Age Gate plugin <= 2.17.0 at WordPress. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-36901 |
| CVE-2021-40910 | There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-40910 |
| CVE-2021-40776 | Adobe Lightroom Classic 10.3 (and earlier) are affected by a privilege escalation vulnerability in the Offline Lightroom Classic installer. An authenticated attacker could leverage this vulnerability to escalate privileges. User interaction is required before product installation to abuse this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-40776 |
| CVE-2021-41415 | Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-41415 |
| CVE-2022-31299 | Haraj v3.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the User Upgrade Form. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-31299 |
| CVE-2021-45026 | ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-45026 |
| CVE-2022-32442 | u5cms version 8.3.5 is vulnerable to Cross Site Scripting (XSS). When a user accesses the default home page if the parameter passed in is 'http://127.0.0.1/? "Onmouseover=%27tzgl (96502)%27bad="';, it can cause html injection. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-32442 |
| CVE-2022-32444 | An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can cause a user's browser to be redirected to another site via /loginsave.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-32444 |
| CVE-2022-31873 | Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an XSS vulnerability via the prefix parameter in /admin/general.cgi. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-31873 |
| CVE-2022-31875 | Trendnet IP-110wn camera fw_tv-ip110wn_v2(1.2.2.68) has an xss vulnerability via the proname parameter in /admin/scheprofile.cgi | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-31875 |
| CVE-2017-20057 | A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-20057 |
| CVE-2017-20058 | A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting (Persistent). The attack can be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2017-20058 |
| CVE-2022-2130 | Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.17. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-2130 |
| CVE-2022-25772 | A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25772 |
| CVE-2021-41924 | Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-41924 |
| CVE-2022-31786 | IdeaLMS 2022 allows reflected Cross Site Scripting (XSS) via the IdeaLMS/Class/Assessment/ PATH_INFO. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-31786 |
| CVE-2022-23077 | In habitica versions v4.119.0 through v4.232.2 are vulnerable to DOM XSS via the login page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23077 |
| CVE-2022-23078 | In habitica versions v4.119.0 through v4.232.2 are vulnerable to open redirect via the login page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23078 |
| CVE-2022-2174 | Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.2.18. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-2174 |
| CVE-2022-23081 | In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Reflected XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-23081 |
| CVE-2018-1271 | Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2018-1271 |
| CVE-2018-11039 | Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2018-11039 |
| CVE-2018-2973 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2018-2973 |
| CVE-2021-30342 | Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-30342 |
| CVE-2021-30343 | Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-30343 |
| CVE-2021-35111 | Improper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon Mobile | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-35111 |
| CVE-2022-27221 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-27221 |
| CVE-2018-3180 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JSSE). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181; JRockit: R28.3.19. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SSL/TLS to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded, JRockit accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L). | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2018-3180 |
| CVE-2021-4149 | A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-4149 |
| CVE-2021-4150 | A use-after-free flaw was found in the add_partition in block/partitions/core.c in the Linux kernel. A local attacker with user privileges could cause a denial of service on the system. The issue results from the lack of code cleanup when device_add call fails when adding a partition to the disk. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-4150 |
| CVE-2022-0322 | A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0322 |
| CVE-2022-1622 | LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1622 |
| CVE-2022-1623 | LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1623 |
| CVE-2022-30126 | In Apache Tika, a regular expression in our StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.2 and 2.4.0 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30126 |
| CVE-2022-30973 | We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30973 |
| CVE-2021-30338 | Improper input validation in TrustZone memory transfer interface can lead to information disclosure in Snapdragon Compute | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30338 |
| CVE-2021-30339 | Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30339 |
| CVE-2021-30345 | RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30345 |
| CVE-2021-30346 | RPM secure Stream can access any secure resource due to improper SMMU configuration in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-30346 |
| CVE-2021-35070 | RPM secure Stream can access any secure resource due to improper SMMU configuration and can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35070 |
| CVE-2021-35071 | Possible buffer over read due to lack of size validation while copying data from DBR buffer to RX buffer and can lead to Denial of Service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35071 |
| CVE-2021-35079 | Improper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35079 |
| CVE-2021-35080 | Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35080 |
| CVE-2021-35119 | Potential out of Bounds read in FIPS event processing due to improper validation of the length from the firmware in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-35119 |
| CVE-2022-21504 | The code in UEK6 U3 was missing an appropiate file descriptor count to be missing. This resulted in a use count error that allowed a file descriptor to a socket to be closed and freed while it was still in use by another portion of the kernel. An attack with local access can operate on the socket, and cause a denial of service. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21504 |
| CVE-2022-32235 | When a user opens manipulated AutoCAD (.dwg, TeighaTranslator.exe) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32235 |
| CVE-2022-32236 | When a user opens manipulated Windows Bitmap (.bmp, 2d.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32236 |
| CVE-2022-32237 | When a user opens manipulated Computer Graphics Metafile (.cgm, CgmCore.dll) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32237 |
| CVE-2022-32238 | When a user opens manipulated Encapsulated Post Script (.eps, ai.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32238 |
| CVE-2022-32240 | When a user opens manipulated Jupiter Tesselation (.jt, JTReader.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32240 |
| CVE-2022-32241 | When a user opens manipulated Portable Document Format (.pdf, PDFView.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32241 |
| CVE-2022-32242 | When a user opens manipulated Radiance Picture (.hdr, hdr.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32242 |
| CVE-2022-32243 | When a user opens manipulated Scalable Vector Graphics (.svg, svg.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32243 |
| CVE-2022-20129 | In registerPhoneAccount of PhoneAccountRegistrar.java, there is a possible way to prevent the user from selecting a phone account due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-217934478 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20129 |
| CVE-2022-20143 | In addAutomaticZenRule of ZenModeHelper.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-220735360 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20143 |
| CVE-2022-20146 | In uploadFile of FileUploadServiceImpl.java, there is a possible incorrect file access due to a confused deputy. This could lead to local information disclosure of private files with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-211757677References: N/A | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20146 |
| CVE-2022-20172 | In onbind of ShannonRcsService.java, there is a possible access to protect data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206987222References: N/A | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20172 |
| CVE-2022-20200 | In updateApState of SoftApManager.java, there is a possible leak of hotspot state due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-212695058 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20200 |
| CVE-2022-20205 | In isFileUri of FileUtil.java, there is a possible way to bypass the check for a file:// scheme due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-215212561 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20205 |
| CVE-2022-20206 | In setPackageOrComponentEnabled of NotificationManagerService.java, there is a missing permission check. This could lead to local information disclosure about enabled notification listeners with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-220737634 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20206 |
| CVE-2022-22444 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a local user to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 224444. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22444 |
| CVE-2022-21123 | Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21123 |
| CVE-2022-21125 | Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21125 |
| CVE-2022-21127 | Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21127 |
| CVE-2022-28850 | Adobe Bridge version 12.0.1 (and earlier versions) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-28850 |
| CVE-2022-21166 | Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-21166 |
| CVE-2022-30666 | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30666 |
| CVE-2022-30667 | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30667 |
| CVE-2022-30668 | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30668 |
| CVE-2022-30669 | Adobe Illustrator versions 26.0.2 (and earlier) and 25.4.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30669 |
| CVE-2022-30148 | Windows Desired State Configuration (DSC) Information Disclosure Vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30148 |
| CVE-2022-30155 | Windows Kernel Denial of Service Vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30155 |
| CVE-2022-30159 | Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30171, CVE-2022-30172. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30159 |
| CVE-2022-30162 | Windows Kernel Information Disclosure Vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30162 |
| CVE-2022-30171 | Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30159, CVE-2022-30172. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30171 |
| CVE-2022-30172 | Microsoft Office Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-30159, CVE-2022-30171. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30172 |
| CVE-2022-30184 | .NET and Visual Studio Information Disclosure Vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30184 |
| CVE-2021-41458 | In GPAC MP4Box v1.1.0, there is a stack buffer overflow at src/utils/error.c:1769 which leads to a denial of service vulnerability. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-41458 |
| CVE-2022-2085 | A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2085 |
| CVE-2022-31246 | paymentrequest.py in Electrum before 4.2.2 allows a file:// URL in the r parameter of a payment request (e.g., within QR code data). On Windows, this can lead to capture of credentials over SMB. On Linux and UNIX, it can lead to a denial of service by specifying the /dev/zero filename. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31246 |
| CVE-2014-125002 | A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125002 |
| CVE-2014-125003 | A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function get_siz of the file libavcodec/jpeg2000dec.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125003 |
| CVE-2014-125004 | A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decode_hextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125004 |
| CVE-2014-125005 | A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_vol_header of the file libavcodec/mpeg4videodec.c. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125005 |
| CVE-2014-125006 | A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function output_frame of the file libavcodec/h264.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125006 |
| CVE-2014-125007 | A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is the function intra_pred of the file libavcodec/hevcpred_template.c. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125007 |
| CVE-2014-125008 | A vulnerability classified as problematic has been found in FFmpeg 2.0. Affected is the function vorbis_header of the file libavformat/oggparsevorbis.c. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125008 |
| CVE-2014-125009 | A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function add_yblock of the file libavcodec/snow.h. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125009 |
| CVE-2014-125010 | A vulnerability was found in FFmpeg 2.0. It has been rated as critical. Affected by this issue is the function decode_slice_header of the file libavcodec/h64.c. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125010 |
| CVE-2014-125012 | A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125012 |
| CVE-2014-125013 | A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function msrle_decode_frame of the file libavcodec/msrle.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125013 |
| CVE-2014-125014 | A vulnerability classified as problematic was found in FFmpeg 2.0. Affected by this vulnerability is an unknown functionality of the component HEVC Video Decoder. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125014 |
| CVE-2014-125016 | A vulnerability was found in FFmpeg 2.0. It has been rated as problematic. This issue affects the function ff_init_buffer_info of the file utils.c. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125016 |
| CVE-2021-46822 | The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46822 |
| CVE-2014-125018 | A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decode_slice_header. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125018 |
| CVE-2014-125019 | A vulnerability, which was classified as problematic, was found in FFmpeg 2.0. This affects the function decode_nal_unit of the component Slice Segment Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125019 |
| CVE-2014-125021 | A vulnerability was found in FFmpeg 2.0 and classified as problematic. This issue affects the function cmv_process_header. The manipulation leads to memory corruption. The attack may be initiated remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125021 |
| CVE-2014-125022 | A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function shorten_decode_frame of the component Bitstream Buffer. The manipulation leads to memory corruption. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125022 |
| CVE-2014-125023 | A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function truemotion1_decode_header of the component Truemotion1 Handler. The manipulation leads to memory corruption. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125023 |
| CVE-2014-125025 | A vulnerability classified as problematic has been found in FFmpeg 2.0. This affects the function decode_pulses. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to apply a patch to fix this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2014-125025 |
| CVE-2022-22414 | IBM Robotic Process Automation 21.0.2 could allow a local user to obtain sensitive web service configuration credentials from system memory. IBM X-Force ID: 223026. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22414 |
| CVE-2016-1229 | Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 through 0.20.1 and 1.0.0-beta before 1.0.0-beta.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2016-1229 |
| CVE-2017-2601 | Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting in parameter names and descriptions (SECURITY-353). Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-2601 |
| CVE-2022-1759 | The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-1759 |
| CVE-2022-2065 | Cross-site Scripting (XSS) - Stored in GitHub repository neorazorx/facturascripts prior to 2022.06. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-2065 |
| CVE-2022-2079 | Cross-site Scripting (XSS) - Stored in GitHub repository nocodb/nocodb prior to 0.91.7+. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-2079 |
| CVE-2021-40678 | In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-40678 |
| CVE-2022-31059 | Discourse Calendar is a calendar plugin for Discourse, an open-source messaging app. Prior to version 1.0.1, parsing and rendering of Event names can be susceptible to cross-site scripting (XSS) attacks. This vulnerability only affects sites which have modified or disabled Discourse’s default Content Security Policy. This issue is patched in version 1.0.1 of the Discourse Calendar plugin. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-31059 |
| CVE-2022-31048 | TYPO3 is an open source web content management system. Prior to versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the Form Designer backend module of the Form Framework is vulnerable to cross-site scripting. A valid backend user account with access to the form module is needed to exploit this vulnerability. TYPO3 versions 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-31048 |
| CVE-2022-31049 | TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11 contain a fix for the problem. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-31049 |
| CVE-2022-27859 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark d.o.o. Travel Management plugin <= 2.0 at WordPress. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-27859 |
| CVE-2022-29406 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in DynamicWebLab's WordPress Team Manager plugin <= 1.6.9 at WordPress. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29406 |
| CVE-2022-29440 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Promotion Slider plugin <= 3.3.4 at WordPress. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29440 |
| CVE-2022-29442 | Authenticated (subscriber or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Messages For WordPress <= 2.1.10 at WordPress. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29442 |
| CVE-2017-20047 | A vulnerability classified as problematic was found in AXIS P1204, P3225, P3367, M3045, M3005 and M3007. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-20047 |
| CVE-2022-24004 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in Messenger/messenger_ajax.php in REDCap 12.0.11. This issue allows any authenticated user to inject arbitrary code into the messenger title (aka new_title) field when editing an existing conversation. The payload executes in the browser of any conversation participant with the sidebar shown. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-24004 |
| CVE-2022-24127 | A Stored Cross-Site Scripting (XSS) vulnerability was discovered in ProjectGeneral/edit_project_settings.php in REDCap 12.0.11. This issue allows any user with project management permissions to inject arbitrary code into the project title (app_title) field when editing an existing project. The payload is then reflected within the title tag of the page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-24127 |
| CVE-2022-29443 | Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Nicdark's Hotel Booking plugin <= 3.0 at WordPress. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29443 |
| CVE-2022-21937 | Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the web interface. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-21937 |
| CVE-2022-28612 | Improper Access Control vulnerability leading to multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerabilities in Muneeb's Custom Popup Builder plugin <= 1.3.1 at WordPress. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-28612 |
| CVE-2022-32280 | Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro's XO Slider plugin <= 3.3.2 at WordPress. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-32280 |
| CVE-2022-21938 | Under certain circumstances, a vulnerability in Metasys ADS/ADX/OAS 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS 11 versions prior to 11.0.2 could allow a user to inject malicious code into the MUI Graphics web interface. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-21938 |
| CVE-2022-30533 | Cross-site scripting vulnerability in Modern Events Calendar Lite versions prior to 6.3.0 allows remote an authenticated attacker to inject an arbitrary script via unspecified vectors. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30533 |
| CVE-2017-20054 | A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-20054 |
| CVE-2017-20055 | A vulnerability classified as problematic has been found in BestWebSoft Contact Form Plugin 4.0.0. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0.2 is able to address this issue. It is recommended to upgrade the affected component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-20055 |
| CVE-2017-20056 | A vulnerability was found in weblizar User Login Log Plugin 2.2.1. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Stored). It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-20056 |
| CVE-2022-31300 | A cross-site scripting vulnerability in the DM Section component of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-31300 |
| CVE-2022-31914 | Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via zms/admin/public_html/save_animal?an_id=24. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-31914 |
| CVE-2021-41420 | A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-41420 |
| CVE-2022-31298 | A cross-site scripting vulnerability in the ads comment section of Haraj v3.7 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-31298 |
| CVE-2022-31301 | Haraj v3.7 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Post Ads component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-31301 |
| CVE-2021-33295 | Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-33295 |
| CVE-2021-36608 | Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-36608 |
| CVE-2021-36609 | Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-36609 |
| CVE-2022-30326 | An issue was found on TRENDnet TEW-831DR 1.0 601.130.1.1356 devices. The network pre-shared key field on the web interface is vulnerable to XSS. An attacker can use a simple XSS payload to crash the basic.config page of the web interface. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30326 |
| CVE-2022-2113 | Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-2113 |
| CVE-2017-20059 | A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input </title><img src=no onerror=alert(1)> leads to basic cross site scripting (Persistent). The attack may be launched remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-20059 |
| CVE-2017-20060 | A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting (Persistent). It is possible to initiate the attack remotely. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-20060 |
| CVE-2017-20061 | A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with malicious input leads to basic cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.3.13 is able to address this issue. It is recommended to upgrade the affected component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2017-20061 |
| CVE-2022-1818 | The Multi-page Toolkit WordPress plugin through 2.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-1818 |
| CVE-2022-23072 | In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in “Add to Cart” functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the Add to Shopping Cart icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-23072 |
| CVE-2022-23073 | In Recipes, versions 1.0.5 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in copy to clipboard functionality. When a victim accesses the food list page, then adds a new Food with a malicious javascript payload in the ‘Name’ parameter and clicks on the clipboard icon, an XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-23073 |
| CVE-2022-23074 | In Recipes, versions 0.17.0 through 1.2.5 are vulnerable to Stored Cross-Site Scripting (XSS), in the ‘Name’ field of Keyword, Food and Unit components. When a victim accesses the Keyword/Food/Unit endpoints, the XSS payload will trigger. A low privileged attacker will have the victim's API key and can lead to admin's account takeover. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-23074 |
| CVE-2022-31302 | maccms8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Server Group text field. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-31302 |
| CVE-2022-25585 | Unioncms v1.0.13 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Default settings. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25585 |
| CVE-2022-30874 | There is a Cross Site Scripting Stored (XSS) vulnerability in NukeViet CMS before 4.5.02. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-30874 |
| CVE-2022-23056 | In ERPNext, versions v13.0.0-beta.13 through v13.30.0 are vulnerable to Stored XSS at the Patient History page which allows a low privilege user to conduct an account takeover attack. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-23056 |
| CVE-2022-23057 | In ERPNext, versions v12.0.9--v13.0.3 are vulnerable to Stored Cross-Site-Scripting (XSS), due to user input not being validated properly. A low privileged attacker could inject arbitrary code into input fields when editing his profile. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-23057 |
| CVE-2022-23058 | ERPNext in versions v12.0.9-v13.0.3 are affected by a stored XSS vulnerability that allows low privileged users to store malicious scripts in the ‘username’ field in ‘my settings’ which can lead to full account takeover. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-23058 |
| CVE-2022-23055 | In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the chat rooms functionality. A low privileged attacker can send a direct message or a group message to any member or group, impersonating themselves as the administrator. The attacker can also read chat messages of groups that they do not belong to, and of other users. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-23055 |
| CVE-2022-32159 | In openlibrary versions deploy-2016-07-0 through deploy-2021-12-22 are vulnerable to Stored XSS. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-32159 |
| CVE-2017-10053 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131; JRockit: R28.3.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2017-10053 |
| CVE-2018-1199 | Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before 4.2.4, and 5.0.x before 5.0.1; and Spring Framework 4.3.x before 4.3.14 and 5.0.x before 5.0.3) does not consider URL path parameters when processing security constraints. By adding a URL path parameter with special encodings, an attacker may be able to bypass a security constraint. The root cause of this issue is a lack of clarity regarding the handling of path parameters in the Servlet Specification. Some Servlet containers include path parameters in the value returned for getPathInfo() and some do not. Spring Security uses the value returned by getPathInfo() as part of the process of mapping requests to security constraints. In this particular attack, different character encodings used in path parameters allows secured Spring MVC static resource URLs to be bypassed. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-1199 |
| CVE-2018-3214 | Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Sound). Supported versions that are affected are Java SE: 6u201, 7u191 and 8u182; Java SE Embedded: 8u181; JRockit: R28.3.19. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g. through a web service which supplies data to the APIs. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2018-3214 |
| CVE-2019-5034 | An exploitable information disclosure vulnerability exists in the Weave Legacy Pairing functionality of Nest Cam IQ Indoor version 4620002. A set of specially crafted weave packets can cause an out of bounds read, resulting in information disclosure. An attacker can send packets to trigger this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-5034 |
| CVE-2019-5065 | An exploitable information disclosure vulnerability exists in the packet-parsing functionality of Blynk-Library v0.6.1. A specially crafted packet can cause an unterminated strncpy, resulting in information disclosure. An attacker can send a packet to trigger this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-5065 |
| CVE-2021-28116 | Squid through 4.14 and 5.x through 5.0.5, in some configurations, allows information disclosure because of an out-of-bounds read in WCCP protocol data. This can be leveraged as part of a chain for remote code execution as nobody. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-28116 |
| CVE-2021-44532 | Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.Versions of Node.js with the fix for this escape SANs containing the problematic characters in order to prevent the injection. This behavior can be reverted through the --security-revert command-line option. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-44532 |
| CVE-2021-44533 | Node.js < 12.22.9, < 14.18.3, < 16.13.2, and < 17.3.1 did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.Affected versions of Node.js that do not accept multi-value Relative Distinguished Names and are thus not vulnerable to such attacks themselves. However, third-party code that uses node's ambiguous presentation of certificate subjects may be vulnerable. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-44533 |
| CVE-2022-27779 | libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-27779 |
| CVE-2022-28330 | Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-28330 |
| CVE-2022-28614 | The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-28614 |
| CVE-2022-32739 | When Secure::DisableBanner system configuration has been disabled and agent shares his calendar via public URL, received ICS file contains OTRS release number. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-32739 |
| CVE-2022-32740 | A reply to a forwarded email article by a 3rd party could unintensionally expose the email content to the ticket customer under certain circumstances. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-32740 |
| CVE-2022-32741 | Attacker is able to determine if the provided username exists (and it's valid) using Request New Password feature, based on the response time. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-32741 |
| CVE-2021-46811 | HwSEServiceAPP has a vulnerability in permission management. Successful exploitation of this vulnerability may cause disclosure of the Card Production Life Cycle (CPLC) information. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-46811 |
| CVE-2022-30229 | A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software does not require authenticated access for privileged functions. This could allow an unauthenticated attacker to change data of an user, such as credentials, in case that user's id is known. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30229 |
| CVE-2022-32255 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). The affected application consists of a web service that lacks proper access control for some of the endpoints. This could lead to unauthorized access to limited information. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-32255 |
| CVE-2022-31060 | Discourse is an open-source discussion platform. Prior to version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches, banner topic data is exposed on login-required sites. This issue is patched in version 2.8.4 in the `stable` branch and version `2.9.0.beta5` in the `beta` and `tests-passed` branches of Discourse. As a workaround, one may disable banners. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-31060 |
| CVE-2022-20736 | A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software could allow an unauthenticated, remote attacker to access a configuration file and the login page for an administrative console that they would not normally have authorization to access. This vulnerability is due to improper authorization checking for HTTP requests that are submitted to the affected web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected instance of AppDynamics Controller. A successful exploit could allow the attacker to access the login page for an administrative console. AppDynamics has released software updates that address this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20736 |
| CVE-2022-30154 | Microsoft File Server Shadow Copy Agent Service (RVSS) Elevation of Privilege Vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30154 |
| CVE-2022-33755 | CA Automic Automation 12.2 and 12.3 contain an insecure input handling vulnerability in the Automic Agent that could allow a remote attacker to potentially enumerate users. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-33755 |
| CVE-2022-25872 | All versions of package fast-string-search are vulnerable to Out-of-bounds Read due to incorrect memory freeing and length calculation for any non-string input as the source. This allows the attacker to read previously allocated memory. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25872 |
| CVE-2022-31876 | netgear wnap320 router WNAP320_V2.0.3_firmware is vulnerable to Incorrect Access Control via /recreate.php, which can leak all users cookies. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-31876 |
| CVE-2022-33987 | The got package before 12.1.0 (also fixed in 11.8.5) for Node.js allows a redirect to a UNIX socket. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-33987 |
| CVE-2022-32983 | Knot Resolver through 5.5.1 may allow DNS cache poisoning when there is an attempt to limit forwarding actions by filters. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-32983 |
| CVE-2022-31062 | ### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-31062 |
| CVE-2021-39006 | IBM QRadar WinCollect Agent 10.0 and 10.0.1 could allow an attacker to obtain sensitive information due to missing best practices. IBM X-Force ID: 213549. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-39006 |
| CVE-2021-36761 | The GeoAnalytics feature in Qlik Sense April 2020 patch 4 allows SSRF. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-36761 |
| CVE-2022-31803 | In CODESYS Gateway Server V2 an insufficient check for the activity of TCP client connections allows an unauthenticated attacker to consume all available TCP connections and prevent legitimate users or clients from establishing a new connection to the CODESYS Gateway Server V2. Existing connections are not affected and therefore remain intact. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-31803 |
| CVE-2022-29614 | SAP startservice - of SAP NetWeaver Application Server ABAP, Application Server Java, ABAP Platform and HANA Database - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, SAPHOSTAGENT 7.22, - on Unix systems, s-bit helper program sapuxuserchk, can be abused physically resulting in a privilege escalation of an attacker leading to low impact on confidentiality and integrity, but a profound impact on availability. | 5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29614 |
| CVE-2022-20195 | In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-213172664 | 5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20195 |
| CVE-2022-20196 | In gallery3d and photos, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535148 | 5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20196 |
| CVE-2022-23080 | In directus versions v9.0.0-beta.2 through 9.6.0 are vulnerable to server-side request forgery (SSRF) in the media upload functionality which allows a low privileged user to perform internal network port scans. | 5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23080 |
| CVE-2022-29930 | SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value. The issue was fixed in Ktor version 2.0.1. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-29930 |
| CVE-2022-1691 | The Realty Workstation WordPress plugin before 1.0.15 does not sanitise and escape the trans_edit parameter before using it in a SQL statement when an agent edit a transaction, leading to an SQL injection | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-1691 |
| CVE-2022-32561 | An issue was discovered in Couchbase Server before 6.6.5 and 7.x before 7.0.4. Previous mitigations for CVE-2018-15728 were found to be insufficient when it was discovered that diagnostic endpoints could still be accessed from the network. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-32561 |
| CVE-2022-21503 | Vulnerability in the Oracle Cloud Infrastructure product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to Oracle Cloud Infrastructure accessible data. All affected customers were notified of CVE-2022-21503 by Oracle. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N) | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-21503 |
| CVE-2022-29894 | Strapi v3.x.x versions and earlier contain a stored cross-site scripting vulnerability in file upload function. By exploiting this vulnerability, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29894 |
| CVE-2021-40658 | Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40658 |
| CVE-2022-30903 | Nokia "G-2425G-A" Bharti Airtel Routers Hardware version "3FE48299DEAA" Software Version "3FE49362IJHK42" is vulnerable to Cross-Site Scripting (XSS) via the admin->Maintenance>Device Management. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30903 |
| CVE-2022-2087 | A vulnerability, which was classified as problematic, was found in SourceCodester Bank Management System 1.0. This affects the file /mnotice.php?id=2. The manipulation of the argument notice with the input --redacted-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2087 |
| CVE-2022-29438 | Authenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29438 |
| CVE-2022-32550 | An issue was discovered in AgileBits 1Password, involving the method various 1Password apps and integrations used to create connections to the 1Password service. In specific circumstances, this issue allowed a malicious server to convince a 1Password app or integration it is communicating with the 1Password service. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-32550 |
| CVE-2022-29452 | Authenticated (editor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Export All URLs plugin <= 4.1 at WordPress. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29452 |
| CVE-2022-31906 | Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ofrs/classes/Master.php. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31906 |
| CVE-2022-31910 | Online Tutor Portal Site v1.0 is vulnerable to Cross Site Scripting (XSS). via /otps/classes/Master.php. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31910 |
| CVE-2022-31913 | Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31913 |
| CVE-2021-41421 | A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41421 |
| CVE-2021-36827 | Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label". | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36827 |
| CVE-2022-1717 | The Custom Share Buttons with Floating Sidebar WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1717 |
| CVE-2022-1889 | The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1889 |
| CVE-2022-1896 | The underConstruction WordPress plugin before 1.21 does not sanitise or escape the "Display a custom page using your own HTML" setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1896 |
| CVE-2022-1915 | The WP Zillow Review Slider WordPress plugin before 2.4 does not escape a settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite) | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1915 |
| CVE-2022-1945 | The Coming Soon & Maintenance Mode by Colorlib WordPress plugin before 1.0.99 does not sanitize and escape some settings, allowing high privilege users such as admin to perform Stored Cross-Site Scripting when unfiltered_html is disallowed (for example in multisite setup) | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1945 |
| CVE-2022-20132 | In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-20132 |
| CVE-2022-1342 | A lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-1342 |
| CVE-2022-31066 | EdgeX Foundry is an open source project for building a common open framework for Internet of Things edge computing. Prior to version 2.1.1, the /api/v2/config endpoint exposes message bus credentials to local unauthenticated users. In security-enabled mode, message bus credentials are supposed to be kept in the EdgeX secret store and require authentication to access. This vulnerability bypasses the access controls on message bus credentials when running in security-enabled mode. (No credentials are required when running in security-disabled mode.) As a result, attackers could intercept data or inject fake data into the EdgeX message bus. Users should upgrade to EdgeXFoundry Kamakura release (2.2.0) or to the June 2022 EdgeXFoundry LTS Jakarta release (2.1.1) to receive a patch. More information about which go modules, docker containers, and snaps contain patches is available in the GitHub Security Advisory. There are currently no known workarounds for this issue. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-31066 |
| CVE-2022-20159 | In asn1_ec_pkey_parse of acropora/crypto/asn1_common.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210971465References: N/A | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20159 |
| CVE-2022-20162 | In asn1_p256_int of crypto/asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-223492713References: N/A | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20162 |
| CVE-2022-20165 | In asn1_parse of asn1.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-220868345References: N/A | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20165 |
| CVE-2022-20174 | In exynos_secEnv_init of mach-gs101.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210847407References: N/A | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20174 |
| CVE-2022-20176 | In auth_store of sjtag-driver.c, there is a possible read of uninitialized memory due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-197787879References: N/A | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20176 |
| CVE-2022-20182 | In handle_ramdump of pixel_loader.c, there is a possible way to create a ramdump of non-secure memory due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-222348453References: N/A | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20182 |
| CVE-2022-20198 | In llcp_dlc_proc_connect_pdu of llcp_dlc.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure from the NFC stack with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-221851879 | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20198 |
| CVE-2022-20208 | In parseRecursively of cppbor_parse.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-192743373 | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-20208 |
| CVE-2017-10081 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 6u151, 7u141 and 8u131; Java SE Embedded: 8u131. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2017-10081 |
| CVE-2022-30115 | Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around - by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30115 |
| CVE-2022-27174 | Cross-site request forgery (CSRF) vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-27174 |
| CVE-2022-27219 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 443. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-27219 |
| CVE-2022-27220 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). Affected application is missing general HTTP security headers in the web server configured on port 6220. This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-27220 |
| CVE-2022-30231 | A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6), SICAM GridEdge Essential Intel (All versions < V2.6.6), SICAM GridEdge Essential with GDS ARM (All versions < V2.6.6), SICAM GridEdge Essential with GDS Intel (All versions < V2.6.6). The affected software discloses password hashes of other users upon request. This could allow an authenticated user to retrieve another users password hash. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30231 |
| CVE-2022-29612 | SAP NetWeaver, ABAP Platform and SAP Host Agent - versions KERNEL 7.22, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, 7.88, 8.04, KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC 7.22, 7.22EXT, 7.49, 7.53, 8.04, SAPHOSTAGENT 7.22, allows an authenticated user to misuse a function of sapcontrol webfunctionality(startservice) in Kernel which enables malicious users to retrieve information. On successful exploitation, an attacker can obtain technical information like system number or physical address, which is otherwise restricted, causing a limited impact on the confidentiality of the application. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29612 |
| CVE-2022-30930 | Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF). | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-30930 |
| CVE-2022-29238 | Jupyter Notebook is a web-based notebook environment for interactive computing. Prior to version 6.4.12, authenticated requests to the notebook server with `ContentsManager.allow_hidden = False` only prevented listing the contents of hidden directories, not accessing individual hidden files or files in hidden directories (i.e. hidden files were 'hidden' but not 'inaccessible'). This could lead to notebook configurations allowing authenticated access to files that may reasonably be expected to be disallowed. Because fully authenticated requests are required, this is of relatively low impact. But if a server's root directory contains sensitive files whose only protection from the server is being hidden (e.g. `~/.ssh` while serving $HOME), then any authenticated requests could access files if their names are guessable. Such contexts also necessarily have full access to the server and therefore execution permissions, which also generally grants access to all the same files. So this does not generally result in any privilege escalation or increase in information access, only an additional, unintended means by which the files could be accessed. Version 6.4.12 contains a patch for this issue. There are currently no known workarounds. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29238 |
| CVE-2022-31046 | TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details of database tables they already have access to. TYPO3 versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, 11.5.11 fix the problem described above. In order to address this issue, access to mentioned export functionality is completely denied for regular backend users. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-31046 |
| CVE-2022-29439 | Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29439 |
| CVE-2022-29441 | Cross-Site Request Forgery (CSRF) vulnerability in Private Messages For WordPress plugin <= 2.1.10 at WordPress allows attackers to send messages. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29441 |
| CVE-2022-29453 | Cross-Site Request Forgery (CSRF) vulnerability in API KEY for Google Maps plugin <= 1.2.1 at WordPress leading to Google Maps API key update. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29453 |
| CVE-2021-36891 | Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-36891 |
| CVE-2022-28749 | Zooms On-Premise Meeting Connector MMR before version 4.8.113.20220526 fails to properly check the permissions of a Zoom meeting attendee. As a result, a threat actor in the Zooms waiting room can join the meeting without the consent of the host. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-28749 |
| CVE-2017-20053 | A vulnerability was found in XYZScripts Contact Form Manager Plugin. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2017-20053 |
| CVE-2022-1895 | The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-1895 |
| CVE-2017-20065 | A vulnerability was found in Supsystic Popup Plugin 1.7.6 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2017-20065 |
| CVE-2022-31478 | The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-31478 |
| CVE-2022-29482 | 'Mobaoku-Auction&Flea Market' App for iOS versions prior to 5.5.16 improperly verifies server certificates, which may allow an attacker to eavesdrop on an encrypted communication via a man-in-the-middle attack. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-29482 |
| CVE-2018-3136 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Security). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.4 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N). | 3.4 | https://nvd.nist.gov/vuln/detail/CVE-2018-3136 |
| CVE-2022-29615 | SAP NetWeaver Developer Studio (NWDS) - version 7.50, is based on Eclipse, which contains the logging framework log4j in version 1.x. The application's confidentiality and integrity could have a low impact due to the vulnerabilities associated with version 1.x. | 3.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29615 |
| CVE-2022-2061 | Heap-based Buffer Overflow in GitHub repository hpjansson/chafa prior to 1.12.0. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-2061 |
| CVE-2022-32239 | When a user opens manipulated JPEG 2000 (.jp2, jp2k.x3d) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-32239 |
| CVE-2022-31071 | Octopoller is a micro gem for polling and retrying. Version 0.2.0 of the octopoller gem was published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octopoller 0.3.0. Two workarounds are available. Users can use the previous version of the gem, v0.1.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-31071 |
| CVE-2022-31072 | Octokit is a Ruby toolkit for the GitHub API. Versions 4.23.0 and 4.24.0 of the octokit gem were published containing world-writeable files. Specifically, the gem was packed with files having their permissions set to `-rw-rw-rw-` (i.e. 0666) instead of `rw-r--r--` (i.e. 0644). This means everyone who is not the owner (Group and Public) with access to the instance where this release had been installed could modify the world-writable files from this gem. This issue is patched in Octokit 4.25.0. Two workarounds are available. Users can use the previous version of the gem, v4.22.0. Alternatively, users can modify the file permissions manually until they are able to upgrade to the latest version. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-31072 |
| CVE-2022-33981 | drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-33981 |
| CVE-2018-3139 | Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | 3.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-3139 |
| CVE-2001-1104 | SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. | – | https://nvd.nist.gov/vuln/detail/CVE-2001-1104 |
| CVE-2002-0059 | The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data. | – | https://nvd.nist.gov/vuln/detail/CVE-2002-0059 |
| CVE-2003-0107 | Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2003-0107 |
| CVE-2004-0797 | The error handling in the (1) inflate and (2) inflateBack functions in ZLib compression library 1.2.x allows local users to cause a denial of service (application crash). | – | https://nvd.nist.gov/vuln/detail/CVE-2004-0797 |
| CVE-2005-1006 | Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file. | – | https://nvd.nist.gov/vuln/detail/CVE-2005-1006 |
| CVE-2005-2096 | zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | – | https://nvd.nist.gov/vuln/detail/CVE-2005-2096 |
| CVE-2005-1849 | inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. | – | https://nvd.nist.gov/vuln/detail/CVE-2005-1849 |
| CVE-2008-1887 | Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow. | – | https://nvd.nist.gov/vuln/detail/CVE-2008-1887 |
| CVE-2012-2750 | Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown impact and attack vectors related to a "Security Fix", aka Bug #59533. NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816, Oracle has not commented on this possibility. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-2750 |
| CVE-2012-3163 | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. | – | https://nvd.nist.gov/vuln/detail/CVE-2012-3163 |
| CVE-2022-21180 | Improper input validation for some Intel(R) Processors may allow an authenticated user to potentially cause a denial of service via local access. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21180 |
| CVE-2022-34005 | An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. There is Remote Code Execution due to a hardcoded password for the sa account on the Microsoft SQL Express 2019 instance installed by default during TitanFTP NextGen installation, aka NX-I674 (sub-issue 1). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34005 |
| CVE-2022-34006 | An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing, Microsoft SQL Express 2019 installs by default with an SQL instance running as SYSTEM with BUILTIN\\Users as sysadmin, thus enabling unprivileged Windows users to execute commands locally as NT AUTHORITY\\SYSTEM, aka NX-I674 (sub-issue 2). NOTE: as of 2022-06-21, the 1.2.1050 release corrects this vulnerability in a new installation, but not in an upgrade installation. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34006 |
| CVE-2022-2068 | In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2068 |
| CVE-2022-31095 | discourse-chat is a chat plugin for the Discourse application. Versions prior to 0.4 are vulnerable to an exposure of sensitive information, where an attacker who knows the message ID for a channel they do not have access to can view that message using the chat message lookup endpoint, primarily affecting direct message channels. There are no known workarounds for this issue, and users are advised to update the plugin. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31095 |
| CVE-2017-20082 | A vulnerability, which was classified as problematic, has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. This issue affects some unknown processing. The manipulation leads to backdoor. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20082 |
| CVE-2017-20083 | A vulnerability, which was classified as critical, was found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832. Affected is an unknown function of the component SSH Server. The manipulation leads to backdoor. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20083 |
| CVE-2017-20084 | A vulnerability has been found in JUNG Smart Visu Server 1.0.804/1.0.830/1.0.832 and classified as critical. Affected by this vulnerability is an unknown functionality of the component KNX Group Address. The manipulation leads to backdoor. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 1.0.900 is able to address this issue. It is recommended to upgrade the affected component. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20084 |
| CVE-2022-21952 | An Uncontrolled Resource Consumption vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21952 |
| CVE-2022-31248 | A Observable Response Discrepancy vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to discover valid usernames. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46-1. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37-1. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31248 |
| CVE-2022-20651 | A vulnerability in the logging component of Cisco Adaptive Security Device Manager (ASDM) could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. Cisco ADSM must be deployed in a shared workstation environment for this issue to be exploited. This vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view the credentials of other users of the shared device. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-20651 |
| CVE-2022-32549 | Apache Sling Commons Log <= 5.4.0 and Apache Sling API <= 2.25.0 are vulnerable to log injection. The ability to forge logs may allow an attacker to cover tracks by injecting fake logs and potentially corrupt log files. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32549 |
| CVE-2017-20085 | A vulnerability has been found in Atahualpa Theme and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20085 |
| CVE-2017-20086 | A vulnerability, which was classified as critical, was found in VaultPress Plugin 1.8.4. This affects an unknown part. The manipulation leads to code injection. It is possible to initiate the attack remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20086 |
| CVE-2017-20087 | A vulnerability, which was classified as problematic, has been found in Alpine PhotoTile for Instagram Plugin 1.2.7.7. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20087 |
| CVE-2017-20088 | A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20088 |
| CVE-2017-20089 | A vulnerability was found in Gwolle Guestbook Plugin 1.7.4. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20089 |
| CVE-2017-20090 | A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20090 |
| CVE-2017-20091 | A vulnerability was found in File Manager Plugin 3.0.1. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20091 |
| CVE-2022-31009 | wire-ios is an iOS client for the Wire secure messaging application. Invalid accent colors of Wire communication partners may render the iOS Wire Client partially unusable by causing it to crash multiple times on launch. These invalid accent colors can be used by and sent between Wire users. The root cause was an unnecessary assert statement when converting an integer value into the corresponding enum value, causing an exception instead of a fallback to a default value. This issue is fixed in [wire-ios](https://github.com/wireapp/wire-ios/commit/caa0e27dbe51f9edfda8c7a9f017d93b8cfddefb) and in Wire for iOS 3.100. There is no workaround available, but users may use other Wire clients (such as the [web app](https://app.wire.com)) to continue using Wire, or upgrade their client. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31009 |
| CVE-2022-34305 | In Apache Tomcat 10.1.0-M1 to 10.1.0-M16, 10.0.0-M1 to 10.0.22, 9.0.30 to 9.0.64 and 8.5.50 to 8.5.81 the Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34305 |
| CVE-2022-2175 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2175 |
| CVE-2021-26636 | Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26636 |
| CVE-2021-26637 | There is no account authentication and permission check logic in the firmware and existing apps of SiHAS's SGW-300, ACM-300, GCM-300, so unauthorized users can remotely control the device. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26637 |
| CVE-2021-26638 | Improper Authentication vulnerability in S&D smarthome(smartcare) application can cause authentication bypass and information exposure. Remote attackers can use this vulerability to take control of the home environment including indoor control. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26638 |
| CVE-2021-29055 | Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-29055 |
| CVE-2021-40954 | Laiketui 3.5.0 is affected by an arbitrary file upload vulnerability that can allow an attacker to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40954 |
| CVE-2021-40955 | SQL injection exists in LaiKetui v3.5.0 the background administrator list. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40955 |
| CVE-2021-40956 | LaiKetui v3.5.0 has SQL injection in the background through the menu management function, and sensitive data can be obtained. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40956 |
| CVE-2021-41432 | A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41432 |
| CVE-2021-46824 | Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46824 |
| CVE-2022-22967 | An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22967 |
| CVE-2022-22980 | A Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22980 |
| CVE-2022-29526 | Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29526 |
| CVE-2022-31395 | Algo Communication Products Ltd. 8373 IP Zone Paging Adapter Firmware 1.7.6 allows attackers to perform a directory traversal via a web request sent to /fm-data.lua. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31395 |
| CVE-2022-31787 | IdeaTMS 2022 is vulnerable to SQL Injection via the PATH_INFO | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31787 |
| CVE-2022-32124 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the component /index/jobfairol/show/. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32124 |
| CVE-2022-32125 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /job. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32125 |
| CVE-2022-32126 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32126 |
| CVE-2022-32127 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/view_be_browsed/total. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32127 |
| CVE-2022-32128 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/service/increment/add/im. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32128 |
| CVE-2022-32129 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/account/safety/trade. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32129 |
| CVE-2022-32130 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /company/down_resume/total/nature. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32130 |
| CVE-2022-32131 | 74cmsSE v3.5.1 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the path /index/notice/show. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32131 |
| CVE-2022-32534 | The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 and earlier was found to be vulnerable to command injection through its diagnostics web interface. This allows execution of shell commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32534 |
| CVE-2022-32535 | The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root privilege. In combination with CVE-2022-23534 this could give an attacker root access to the switch. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32535 |
| CVE-2022-32536 | The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32536 |
| CVE-2022-32552 | Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32552 |
| CVE-2022-32553 | Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32553 |
| CVE-2022-32554 | Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32554 |
| CVE-2022-33024 | There is an Assertion `int decode_preR13_entities(BITCODE_RL, BITCODE_RL, unsigned int, BITCODE_RL, BITCODE_RL, Bit_Chain *, Dwg_Data *' failed at dwg2dxf: decode.c:5801 in libredwg v0.12.4.4608. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33024 |
| CVE-2022-33025 | LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33025 |
| CVE-2022-33026 | LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function bit_calc_CRC at bits.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33026 |
| CVE-2022-33027 | LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function dwg_add_handleref at dwg.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33027 |
| CVE-2022-33028 | LibreDWG v0.12.4.4608 was discovered to contain a heap buffer overflow via the function dwg_add_object at decode.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33028 |
| CVE-2022-33032 | LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33032 |
| CVE-2022-33033 | LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33033 |
| CVE-2022-33034 | LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33034 |
| CVE-2022-33067 | Lrzip v0.651 was discovered to contain multiple invalid arithmetic shifts via the functions get_magic in lrzip.c and Predictor::init in libzpaq/libzpaq.cpp. These vulnerabilities allow attackers to cause a Denial of Service via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33067 |
| CVE-2022-33068 | An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33068 |
| CVE-2022-33069 | Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment() at SMTEncoder.cpp. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33069 |
| CVE-2022-33070 | Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parse_tag_and_wiretype in protobuf-c/protobuf-c.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33070 |
| CVE-2022-33092 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/index. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33092 |
| CVE-2022-33093 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the key parameter at /freelance/resume_list. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33093 |
| CVE-2022-33094 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/job/map. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33094 |
| CVE-2022-33095 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33095 |
| CVE-2022-33096 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/resume/index. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33096 |
| CVE-2022-33097 | 74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/campus/campus_job. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33097 |
| CVE-2022-33105 | Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33105 |
| CVE-2022-33113 | Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the keyword text field under the publish blog module. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33113 |
| CVE-2022-33114 | Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33114 |
| CVE-2022-33127 | The function that calls the diff tool in Diffy 3.4.1 does not properly handle double quotes in a filename when run in a windows environment. This allows attackers to execute arbitrary commands via a crafted string. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33127 |
| CVE-2022-34011 | OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the parameter entryUrls. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34011 |
| CVE-2022-34012 | Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of high-level administrators who hold greater privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34012 |
| CVE-2022-34013 | OneBlog v2.3.4 was discovered to contain a Server-Side Request Forgery (SSRF) vulnerability via the Logo parameter under the Link module. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34013 |
| CVE-2022-34170 | In Jenkins 2.320 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the help icon does not escape the feature name that is part of its tooltip, effectively undoing the fix for SECURITY-1955, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34170 |
| CVE-2022-34171 | In Jenkins 2.321 through 2.355 (both inclusive) and LTS 2.332.1 through LTS 2.332.3 (both inclusive) the HTML output generated for new symbol-based SVG icons includes the 'title' attribute of 'l:ionicon' (until Jenkins 2.334) and 'alt' attribute of 'l:icon' (since Jenkins 2.335) without further escaping, resulting in a cross-site scripting (XSS) vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34171 |
| CVE-2022-34172 | In Jenkins 2.340 through 2.355 (both inclusive) symbol-based icons unescape previously escaped values of 'tooltip' parameters, resulting in a cross-site scripting (XSS) vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34172 |
| CVE-2022-34173 | In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34173 |
| CVE-2022-34174 | In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34174 |
| CVE-2022-34175 | Jenkins 2.335 through 2.355 (both inclusive) allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34175 |
| CVE-2022-34176 | Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34176 |
| CVE-2022-34177 | Jenkins Pipeline: Input Step Plugin 448.v37cea_9a_10a_70 and earlier archives files uploaded for `file` parameters for Pipeline `input` steps on the controller as part of build metadata, using the parameter name without sanitization as a relative path inside a build-related directory, allowing attackers able to configure Pipelines to create or replace arbitrary files on the Jenkins controller file system with attacker-specified content. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34177 |
| CVE-2022-34178 | Jenkins Embeddable Build Status Plugin 2.0.3 allows specifying a 'link' query parameter that build status badges will link to, without restricting possible values, resulting in a reflected cross-site scripting (XSS) vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34178 |
| CVE-2022-34179 | Jenkins Embeddable Build Status Plugin 2.0.3 and earlier allows specifying a `style` query parameter that is used to choose a different SVG image style without restricting possible values, resulting in a relative path traversal vulnerability that allows attackers without Overall/Read permission to specify paths to other SVG images on the Jenkins controller file system. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34179 |
| CVE-2022-34180 | Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34180 |
| CVE-2022-34181 | Jenkins xUnit Plugin 3.0.8 and earlier implements an agent-to-controller message that creates a user-specified directory if it doesn't exist, and parsing files inside it as test results, allowing attackers able to control agent processes to create an arbitrary directory on the Jenkins controller or to obtain test results from existing files in an attacker-specified directory. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34181 |
| CVE-2022-34182 | Jenkins Nested View Plugin 1.20 through 1.25 (both inclusive) does not escape search parameters, resulting in a reflected cross-site scripting (XSS) vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34182 |
| CVE-2022-34183 | Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34183 |
| CVE-2022-34184 | Jenkins CRX Content Package Deployer Plugin 1.9 and earlier does not escape the name and description of CRX Content Package Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34184 |
| CVE-2022-34185 | Jenkins Date Parameter Plugin 0.0.4 and earlier does not escape the name and description of Date parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34185 |
| CVE-2022-34186 | Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier does not escape the name and description of Moded Extended Choice parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34186 |
| CVE-2022-34187 | Jenkins Filesystem List Parameter Plugin 0.0.7 and earlier does not escape the name and description of File system objects list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34187 |
| CVE-2022-34188 | Jenkins Hidden Parameter Plugin 0.0.4 and earlier does not escape the name and description of Hidden Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34188 |
| CVE-2022-34189 | Jenkins Image Tag Parameter Plugin 1.10 and earlier does not escape the name and description of Image Tag parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34189 |
| CVE-2022-34190 | Jenkins Maven Metadata Plugin for Jenkins CI server Plugin 2.1 and earlier does not escape the name and description of List maven artifact versions parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34190 |
| CVE-2022-34191 | Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.77 and earlier does not escape the name of NetStorm Test parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34191 |
| CVE-2022-34192 | Jenkins ontrack Jenkins Plugin 4.0.0 and earlier does not escape the name of Ontrack: Multi Parameter choice, Ontrack: Parameter choice, and Ontrack: SingleParameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34192 |
| CVE-2022-34193 | Jenkins Package Version Plugin 1.0.1 and earlier does not escape the name of Package version parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34193 |
| CVE-2022-34194 | Jenkins Readonly Parameter Plugin 1.0.0 and earlier does not escape the name and description of Readonly String and Readonly Text parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34194 |
| CVE-2022-34195 | Jenkins Repository Connector Plugin 2.2.0 and earlier does not escape the name and description of Maven Repository Artifact parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34195 |
| CVE-2022-34196 | Jenkins REST List Parameter Plugin 1.5.2 and earlier does not escape the name and description of REST list parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34196 |
| CVE-2022-34197 | Jenkins Sauce OnDemand Plugin 1.204 and earlier does not escape the name and description of Sauce Labs Browsers parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34197 |
| CVE-2022-34198 | Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier does not escape the name and description of Stash Branch parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34198 |
| CVE-2022-34199 | Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34199 |
| CVE-2022-34200 | A cross-site request forgery (CSRF) vulnerability in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers to connect to an attacker-specified URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34200 |
| CVE-2022-34201 | A missing permission check in Jenkins Convertigo Mobile Platform Plugin 1.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34201 |
| CVE-2022-34202 | Jenkins EasyQA Plugin 1.0 and earlier stores user passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34202 |
| CVE-2022-34203 | A cross-site request forgery (CSRF) vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34203 |
| CVE-2022-34204 | A missing permission check in Jenkins EasyQA Plugin 1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34204 |
| CVE-2022-34205 | A cross-site request forgery (CSRF) vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34205 |
| CVE-2022-34206 | A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34206 |
| CVE-2022-34207 | A cross-site request forgery (CSRF) vulnerability in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers to connect to an attacker-specified URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34207 |
| CVE-2022-34208 | A missing permission check in Jenkins Beaker builder Plugin 1.10 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34208 |
| CVE-2022-34209 | A cross-site request forgery (CSRF) vulnerability in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers to connect to an attacker-specified URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34209 |
| CVE-2022-34210 | A missing permission check in Jenkins ThreadFix Plugin 1.5.4 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34210 |
| CVE-2022-34211 | A cross-site request forgery (CSRF) vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34211 |
| CVE-2022-34212 | A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34212 |
| CVE-2022-34213 | Jenkins Squash TM Publisher (Squash4Jenkins) Plugin 1.0.0 and earlier stores passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34213 |
| CVE-2022-34295 | totd before 1.5.3 does not properly randomize mesg IDs. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34295 |
| CVE-2022-34296 | In Zalando Skipper before 0.13.218, a query predicate could be bypassed via a prepared request. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34296 |
| CVE-2022-34298 | The NT auth module in OpenAM before 14.6.6 allows a "replace Samba username attack." | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34298 |
| CVE-2022-34299 | There is a heap-based buffer over-read in libdwarf 0.4.0. This issue is related to dwarf_global_formref_b. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34299 |
| CVE-2022-34300 | In tinyexr 1.0.1, there is a heap-based buffer over-read in tinyexr::DecodePixelData. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34300 |
| CVE-2022-34328 | PMB 7.3.10 allows reflected XSS via the id parameter in an lvl=author_see request to index.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34328 |
| CVE-2022-26862 | Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26862 |
| CVE-2022-26863 | Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26863 |
| CVE-2022-26864 | Prior Dell BIOS versions contain an Input Validation vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability by sending malicious input to an SMI in order to bypass security controls in SMM. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26864 |
| CVE-2022-2182 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2182 |
| CVE-2022-2183 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2183 |
| CVE-2022-32987 | Multiple cross-site scripting (XSS) vulnerabilities in /bsms/?page=manage_account of Simple Bakery Shop Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Username or Full Name fields. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32987 |
| CVE-2022-2147 | Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2147 |
| CVE-2022-32391 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/view_action.php:4 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32391 |
| CVE-2022-32392 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/actions/manage_action.php:4 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32392 |
| CVE-2022-32393 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/view_cell.php:4 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32393 |
| CVE-2022-32394 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/view_inmate.php:3 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32394 |
| CVE-2022-32395 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/manage_crime.php:4 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32395 |
| CVE-2022-32396 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/manage_visit.php:4 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32396 |
| CVE-2022-32397 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/visits/view_visit.php:4 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32397 |
| CVE-2022-32398 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/cells/manage_cell.php:4 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32398 |
| CVE-2022-32399 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/crimes/view_crime.php:4 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32399 |
| CVE-2022-32400 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/user/manage_user.php:4. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32400 |
| CVE-2022-32401 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_privilege.php:4 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32401 |
| CVE-2022-32402 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/manage_prison.php:4 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32402 |
| CVE-2022-32403 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_record.php:4 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32403 |
| CVE-2022-32404 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/inmates/manage_inmate.php:3 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32404 |
| CVE-2022-32405 | Prison Management System v1.0 was discovered to contain a SQL injection vulnerability via the 'id' parameter at /pms/admin/prisons/view_prison.php:4 | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32405 |
| CVE-2017-20092 | A vulnerability classified as problematic was found in Google Analytics Dashboard Plugin 2.1.1. Affected by this vulnerability is an unknown functionality. The manipulation leads to basic cross site scripting. The attack can be launched remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20092 |
| CVE-2017-20093 | A vulnerability, which was classified as problematic, was found in Download Manager Plugin 2.8.99. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20093 |
| CVE-2017-20094 | A vulnerability, which was classified as problematic, has been found in NewStatPress Plugin 1.2.4. This issue affects some unknown processing. The manipulation leads to basic cross site scripting (Persistent). The attack may be initiated remotely. Upgrading to version 1.2.5 is able to address this issue. It is recommended to upgrade the affected component. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20094 |
| CVE-2017-20095 | A vulnerability classified as critical was found in Simple Ads Manager Plugin. This vulnerability affects unknown code. The manipulation leads to code injection. The attack can be initiated remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20095 |
| CVE-2017-20096 | A vulnerability classified as problematic has been found in WP-SpamFree Anti-Spam Plugin 2.1.1.4. This affects an unknown part. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20096 |
| CVE-2017-20097 | A vulnerability was found in WP-Filebase Download Manager Plugin 3.4.4. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20097 |
| CVE-2022-32136 | In multiple CODESYS products, a low privileged remote attacker may craft a request that cause a read access to an uninitialized pointer, resulting in a denial-of-service. User interaction is not required. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32136 |
| CVE-2021-41634 | A user enumeration vulnerability in MELAG FTP Server 2.2.0.4 allows an attacker to identify valid FTP usernames. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41634 |
| CVE-2021-41635 | When installed as Windows service MELAG FTP Server 2.2.0.4 is run as SYSTEM user, which grants remote attackers to abuse misconfigurations or vulnerabilities with administrative access over the entire host system. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41635 |
| CVE-2021-41636 | MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41636 |
| CVE-2021-41637 | Weak access control permissions in MELAG FTP Server 2.2.0.4 allow the "Everyone" group to read the local FTP configuration file, which includes among other information the unencrypted passwords of all FTP users. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41637 |
| CVE-2021-41638 | The authentication checks of the MELAG FTP Server in version 2.2.0.4 are incomplete, which allows a remote attacker to access local files only by using a valid username. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41638 |
| CVE-2021-41639 | MELAG FTP Server 2.2.0.4 stores unencrpyted passwords of FTP users in a local configuration file. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41639 |
| CVE-2022-32530 | A CWE-668 Exposure of Resource to Wrong Sphere vulnerability exists that could cause users to be misled, hiding alarms, showing the wrong server connection option or the wrong control request when a mobile device has been compromised by a malicious application. Affected Product: Geo SCADA Mobile (Build 222 and prior) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32530 |
| CVE-2021-40892 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-color v2.1.0 when handling crafted invalid rgb(a) strings. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40892 |
| CVE-2022-32990 | An issue in gimp_layer_invalidate_boundary of GNOME GIMP 2.10.30 allows attackers to trigger an unhandled exception via a crafted XCF file, causing a Denial of Service (DoS). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32990 |
| CVE-2013-1891 | In OpenCart 1.4.7 to 1.5.5.1, implemented anti-traversal code in filemanager.php is ineffective and can be bypassed. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-1891 |
| CVE-2013-1916 | In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-1916 |
| CVE-2021-30651 | A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-30651 |
| CVE-2022-1517 | LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1517 |
| CVE-2022-1518 | LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1518 |
| CVE-2022-1519 | LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including executable code that allows for a remote code exploit. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1519 |
| CVE-2022-1521 | LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1521 |
| CVE-2022-1524 | LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1524 |
| CVE-2022-1666 | The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password using a widely available open-source tool. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1666 |
| CVE-2022-1667 | Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the corresponding, browser accessible PHP script | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1667 |
| CVE-2022-1668 | Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1668 |
| CVE-2022-1739 | The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate ensures software installed on a device is traceable to, or verifiable against, a cryptographic key provided by the manufacturer to detect tampering. An attacker could leverage this vulnerability to install malicious code, which could also be spread to other vulnerable ImageCast X devices via removable media. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1739 |
| CVE-2022-1740 | The tested version of Dominion Voting Systems ImageCast X’s on-screen application hash display feature, audit log export, and application export functionality rely on self-attestation mechanisms. An attacker could leverage this vulnerability to disguise malicious applications on a device. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1740 |
| CVE-2022-1741 | The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1741 |
| CVE-2022-1742 | The tested version of Dominion Voting Systems ImageCast X allows for rebooting into Android Safe Mode, which allows an attacker to directly access the operating system. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1742 |
| CVE-2022-1743 | The tested version of Dominion Voting System ImageCast X can be manipulated to cause arbitrary code execution by specially crafted election definition files. An attacker could leverage this vulnerability to spread malicious code to ImageCast X devices from the EMS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1743 |
| CVE-2022-1744 | Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability to escalate privileges on a device and/or install malicious code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1744 |
| CVE-2022-1745 | The authentication mechanism used by technicians on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker with physical access may use this to gain administrative privileges on a device and install malicious code or perform arbitrary administrative actions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1745 |
| CVE-2022-1746 | The authentication mechanism used by poll workers to administer voting using the tested version of Dominion Voting Systems ImageCast X can expose cryptographic secrets used to protect election information. An attacker could leverage this vulnerability to gain access to sensitive information and perform privileged actions, potentially affecting other election equipment. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1746 |
| CVE-2022-1747 | The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnerability to print an arbitrary number of ballots without authorization. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1747 |
| CVE-2022-21829 | Concrete CMS Versions 9.0.0 through 9.0.2 and 8.5.7 and below can download zip files over HTTP and execute code from those zip files which could lead to an RCE. Fixed by enforcing ‘concrete_secure’ instead of ‘concrete’. Concrete now only makes requests over https even a request comes in via http. Concrete CMS security team ranked this 8 with CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H Credit goes to Anna for reporting HackerOne 1482520. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21829 |
| CVE-2022-23170 | SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. Any SysAid environment that uses the Okta SSO integration might be vulnerable. An unauthenticated attacker could exploit the XXE vulnerability by sending a malformed POST request to the identity provider endpoint. An attacker can extract the identity provider endpoint by decoding the SAMLRequest parameter's value and searching for the AssertionConsumerServiceURL parameter's value. It often allows an attacker to view files on the application server filesystem and interact with any back-end or external systems that the application can access. In some situations, an attacker can escalate an XXE attack to compromise the underlying server or other back-end infrastructure by leveraging the XXE vulnerability to perform server-side request forgery (SSRF) attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-23170 |
| CVE-2022-28619 | A potential security vulnerability has been identified in the installer of HPE Version Control Repository Manager. The vulnerability could allow local escalation of privilege. HPE has made the following software update to resolve the vulnerability in HPE Version Control Repository Manager installer 7.6.14.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28619 |
| CVE-2022-28620 | A remote authentication bypass vulnerability was discovered in HPE Cray Legacy Shasta System Solutions; HPE Slingshot; and HPE Cray EX supercomputers versions: Prior to node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27; All Slingshot versions prior to 1.7.2; All versions of node controller firmware associated with HPE Cray EX liquid cooled blades, and all versions of chassis controller firmware associated with HPE Cray EX liquid cooled cabinets prior to 1.6.27/1.5.33/1.4.27. HPE has provided a software update to resolve this vulnerability in HPE Cray Legacy Shasta System Solutions, HPE Slingshot, and HPE Cray EX Supercomputers. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28620 |
| CVE-2022-2102 | Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code can be forwarded and used by a script loaded later in the sequence, allowing for arbitrary file upload into a location where PHP scripts may be executed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2102 |
| CVE-2022-2103 | An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2103 |
| CVE-2022-2104 | The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2104 |
| CVE-2022-2105 | Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a “root” user level meant only for the vendor. Web server root level access allows for changing of safety critical parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2105 |
| CVE-2022-2119 | OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2119 |
| CVE-2022-2120 | OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. This could allow remote code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2120 |
| CVE-2022-2121 | OFFIS DCMTK's (All versions prior to 3.6.7) has a NULL pointer dereference vulnerability while processing DICOM files, which may result in a denial-of-service condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2121 |
| CVE-2022-30117 | Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 allow traversal in /index.php/ccm/system/file/upload which could result in an Arbitrary File Delete exploit. This was remediated by sanitizing /index.php/ccm/system/file/upload to ensure Concrete doesn’t allow traversal and by changing isFullChunkFilePresent to have an early false return when input doesn't match expectations.Concrete CMS Security team ranked this 5.8 with CVSS v3.1 vector AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H. Credit to Siebene for reporting. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30117 |
| CVE-2022-30118 | Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30118 |
| CVE-2022-30119 | XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 2 with CVSS v3.1 Vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N. Thanks zeroinside for reporting. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30119 |
| CVE-2022-30120 | XSS in /dashboard/blocks/stacks/view_details/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vulnerability 3.1with CVSS v3.1 Vector AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N. Sanitation has been added where built urls are output. Credit to Credit to Bogdan Tiron from FORTBRIDGE (https://www.fortbridge.co.uk/ ) for reporting | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30120 |
| CVE-2022-32209 | # Possible XSS Vulnerability in Rails::Html::SanitizerThere is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.This vulnerability has been assigned the CVE identifier CVE-2022-32209.Versions Affected: ALLNot affected: NONEFixed Versions: v1.4.3## ImpactA possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both `select` and `style` elements.Code is only impacted if allowed tags are being overridden. This may be done via application configuration:```ruby# In config/application.rbconfig.action_view.sanitized_allowed_tags = ["select", "style"]```see https://guides.rubyonrails.org/configuring.html#configuring-action-viewOr it may be done with a `:tags` option to the Action View helper `sanitize`:```<%= sanitize @comment.body, tags: ["select", "style"] %>```see https://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-sanitizeOr it may be done with Rails::Html::SafeListSanitizer directly:```ruby# class-level optionRails::Html::SafeListSanitizer.allowed_tags = ["select", "style"]```or```ruby# instance-level optionRails::Html::SafeListSanitizer.new.sanitize(@article.body, tags: ["select", "style"])```All users overriding the allowed tags by any of the above mechanisms to include both "select" and "style" should either upgrade or use one of the workarounds immediately.## ReleasesThe FIXED releases are available at the normal locations.## WorkaroundsRemove either `select` or `style` from the overridden allowed tags.## CreditsThis vulnerability was responsibly reported by [windshock](https://hackerone.com/windshock?type=user). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32209 |
| CVE-2020-21046 | A local privilege escalation vulnerability was identified within the "luminati_net_updater_win_eagleget_com" service in EagleGet Downloader version 2.1.5.20 Stable. This issue allows authenticated non-administrative user to escalate their privilege and conduct code execution as a SYSTEM privilege. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-21046 |
| CVE-2021-29768 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a low level user to obtain sensitive information from the details of the 'Cloud Storage' page for which they should not have access. IBM X-Force ID: 202682. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-29768 |
| CVE-2021-38945 | IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 could allow a remote attacker to upload arbitrary files, caused by improper content validation. IBM X-Force ID: 211238. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-38945 |
| CVE-2021-39047 | IBM Planning Analytics 2.0 and IBM Cognos Analytics 11.2.1, 11.2.0, and 11.1.7 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214349. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-39047 |
| CVE-2022-20828 | A vulnerability in the CLI parser of Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected ASA FirePOWER module as the root user. This vulnerability is due to improper handling of undefined command parameters. An attacker could exploit this vulnerability by using a crafted command on the CLI or by submitting a crafted HTTPS request to the web-based management interface of the Cisco ASA that is hosting the ASA FirePOWER module. Note: To exploit this vulnerability, the attacker must have administrative access to the Cisco ASA. A user who has administrative access to a particular Cisco ASA is also expected to have administrative access to the ASA FirePOWER module that is hosted by that Cisco ASA. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-20828 |
| CVE-2022-20829 | A vulnerability in the packaging of Cisco Adaptive Security Device Manager (ASDM) images and the validation of those images by Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious code to a device that is running Cisco ASA Software. This vulnerability is due to insufficient validation of the authenticity of an ASDM image during its installation on a device that is running Cisco ASA Software. An attacker could exploit this vulnerability by installing a crafted ASDM image on the device that is running Cisco ASA Software and then waiting for a targeted user to access that device using ASDM. A successful exploit could allow the attacker to execute arbitrary code on the machine of the targeted user with the privileges of that user on that machine. Notes: To successfully exploit this vulnerability, the attacker must have administrative privileges on the device that is running Cisco ASA Software. Potential targets are limited to users who manage the same device that is running Cisco ASA Software using ASDM. Cisco has released and will release software updates that address this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-20829 |
| CVE-2022-22502 | IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227124. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22502 |
| CVE-2022-27238 | BigBlueButton version 2.4.7 (or earlier) is vulnerable to stored Cross-Site Scripting (XSS) in the private chat functionality. A threat actor could inject JavaScript payload in his/her username. The payload gets executed in the browser of the victim each time the attacker sends a private message to the victim or when notification about the attacker leaving room is displayed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-27238 |
| CVE-2022-29330 | Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to access the PJSIP and SIP extension credentials, cryptographic keys and voicemails files via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29330 |
| CVE-2022-31767 | IBM CICS TX Standard and Advanced 11.1 could allow a remote attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 227980. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31767 |
| CVE-2022-33953 | IBM Robotic Process Automation 21.0.1 and 21.0.2 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected access tokens. IBM X-Force ID: 229198. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33953 |
| CVE-2021-20355 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 194891. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-20355 |
| CVE-2021-20421 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-20421 |
| CVE-2021-20543 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 198929. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-20543 |
| CVE-2021-20544 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 198931. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-20544 |
| CVE-2021-20551 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 199149. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-20551 |
| CVE-2021-29865 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 206091. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-29865 |
| CVE-2021-38871 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-38871 |
| CVE-2021-38879 | IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 209057. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-38879 |
| CVE-2021-39408 | Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file | – | https://nvd.nist.gov/vuln/detail/CVE-2021-39408 |
| CVE-2021-39409 | A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-39409 |
| CVE-2021-40893 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in validate-data v0.1.1 when validating crafted invalid emails. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40893 |
| CVE-2021-42056 | Thales Safenet Authentication Client (SAC) for Linux and Windows through 10.7.7 creates insecure temporary hid and lock files allowing a local attacker, through a symlink attack, to overwrite arbitrary files, and potentially achieve arbitrary command execution with high privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-42056 |
| CVE-2022-22389 | IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may terminate abnormally when executing specially crafted SQL statements by an authenticated user. IBM X-Force ID: 2219740. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22389 |
| CVE-2022-22390 | IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22390 |
| CVE-2022-29096 | Dell Wyse Management Suite 3.6.1 and below contains a Reflected Cross-Site Scripting Vulnerability in saveGroupConfigurations page. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29096 |
| CVE-2022-29097 | Dell WMS 3.6.1 and below contains a Path Traversal vulnerability in Device API. A remote attacker could potentially exploit this vulnerability, to gain unauthorized read access to the files stored on the server filesystem, with the privileges of the running web application. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29097 |
| CVE-2022-29578 | Meridian Cooperative Utility Software versions 22.02 and 22.03 allows remote attackers to obtain sensitive information such as name, address, and daily energy usage. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29578 |
| CVE-2022-30028 | Dradis Professional Edition before 4.3.0 allows attackers to change an account password via reusing a password reset token. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30028 |
| CVE-2022-33910 | An XSS vulnerability in MantisBT before 2.25.5 allows remote attackers to attach crafted SVG documents to issue reports or bugnotes. When a user or an admin clicks on the attachment, file_download.php opens the SVG document in a browser tab instead of downloading it as a file, causing the JavaScript code to execute. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33910 |
| CVE-2022-32996 | The django-navbar-client package of v0.9.50 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32996 |
| CVE-2022-32997 | The RootInteractive package in PyPI v0.0.5 to v0.0.19b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32997 |
| CVE-2022-32998 | The cryptoasset-data-downloader package in PyPI v1.0.0 to v1.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32998 |
| CVE-2022-32999 | The cloudlabeling package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32999 |
| CVE-2022-33000 | The ML-Scanner package in PyPI v0.1.0 to v0.1.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33000 |
| CVE-2022-33001 | The AAmiles package in PyPI v0.1.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33001 |
| CVE-2022-33002 | The KGExplore package in PyPI v0.1.1 to v0.1.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33002 |
| CVE-2022-33003 | The watools package in PyPI v0.0.1 to v0.0.8 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33003 |
| CVE-2022-33004 | The Beginner package in PyPI v0.0.2 to v0.0.4 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33004 |
| CVE-2022-33121 | A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33121 |
| CVE-2022-33122 | A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33122 |
| CVE-2022-34053 | The DR-Web-Engine package in PyPI v0.2.0b0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34053 |
| CVE-2022-34054 | The Perdido package in PyPI v0.0.1 to v0.0.2 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34054 |
| CVE-2022-34055 | The drxhello package in PyPI v0.0.1 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34055 |
| CVE-2022-34056 | The Watertools package in PyPI v0.0.0 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34056 |
| CVE-2022-34057 | The Scoptrial package in PyPI version v0.0.5 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34057 |
| CVE-2022-34059 | The Sixfab-Tool in PyPI v0.0.2 to v0.0.3 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34059 |
| CVE-2022-34060 | The Togglee package in PyPI version v0.0.8 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34060 |
| CVE-2022-34061 | The Catly-Translate package in PyPI v0.0.3 to v0.0.5 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34061 |
| CVE-2022-34064 | The Zibal package in PyPI v1.0.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34064 |
| CVE-2022-34065 | The Rondolu-YT-Concate package in PyPI v0.1.0 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34065 |
| CVE-2022-34066 | The Texercise package in PyPI v0.0.1 to v0.0.12 was discovered to contain a code execution backdoor. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34066 |
| CVE-2021-40894 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in underscore-99xp v1.7.2 when the deepValueSearch function is called. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40894 |
| CVE-2022-33128 | RG-EG series gateway EG350 EG_RGOS 11.1(6) was discovered to contain a SQL injection vulnerability via the function get_alarmAction at /alarm_pi/alarmService.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33128 |
| CVE-2019-25071 | A vulnerability was found in Apple iPhone up to 12.4.1. It has been declared as critical. Affected by this vulnerability is Siri. Playing an audio or video file might be able to initiate Siri on the same device which makes it possible to execute commands remotely. Exploit details have been disclosed to the public. The existence and implications of this vulnerability are doubted by Apple even though multiple public videos demonstrating the attack exist. Upgrading to version 13.0 migt be able to address this issue. It is recommended to upgrade affected devices. NOTE: Apple claims, that after examining the report they do not see any actual security implications. | – | https://nvd.nist.gov/vuln/detail/CVE-2019-25071 |
| CVE-2022-24893 | ESP-IDF is the official development framework for Espressif SoCs. In Espressif’s Bluetooth Mesh SDK (`ESP-BLE-MESH`), a memory corruption vulnerability can be triggered during provisioning, because there is no check for the `SegN` field of the Transaction Start PDU. This can result in memory corruption related attacks and potentially attacker gaining control of the entire system. Patch commits are available on the 4.1, 4.2, 4.3 and 4.4 branches and users are recommended to upgrade. The upgrade is applicable for all applications and users of `ESP-BLE-MESH` component from `ESP-IDF`. As it is implemented in the Bluetooth Mesh stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-24893 |
| CVE-2022-29168 | Wire is a secure messaging application. Wire is vulnerable to arbitrary HTML and Javascript execution via insufficient escaping when rendering `@mentions` in the wire-webapp. If a user receives and views a malicious message, arbitrary code is injected and executed in the context of the victim allowing the attacker to fully control the user account. Wire-desktop clients that are connected to a vulnerable wire-webapp version are also vulnerable to this attack. The issue has been fixed in wire-webapp 2022-05-04-production.0 and is already deployed on all Wire managed services. On-premise instances of wire-webapp need to be updated to docker tag 2022-05-04-production.0-v0.29.7-0-a6f2ded or wire-server 2022-05-04 (chart/4.11.0) or later. No known workarounds exist. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29168 |
| CVE-2022-31016 | Argo CD is a declarative continuous deployment for Kubernetes. Argo CD versions v0.7.0 and later are vulnerable to an uncontrolled memory consumption bug, allowing an authorized malicious user to crash the repo-server service, resulting in a Denial of Service. The attacker must be an authenticated Argo CD user authorized to deploy Applications from a repository which contains (or can be made to contain) a large file. The fix for this vulnerability is available in versions 2.3.5, 2.2.10, 2.1.16, and later. There are no known workarounds. Users are recommended to upgrade. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31016 |
| CVE-2022-31017 | Zulip is an open-source team collaboration tool. Versions 2.1.0 through and including 5.2 are vulnerable to a logic error. A stream configured as private with protected history, where new subscribers should not be allowed to see messages sent before they were subscribed, when edited causes the server to incorrectly send an API event that includes the edited message to all of the stream’s current subscribers. This API event is ignored by official clients, but can be observed by using a modified client or the browser’s developer tools. This bug will be fixed in Zulip Server 5.3. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31017 |
| CVE-2022-29931 | Raytion 7.2.0 allows reflected Cross-site Scripting (XSS). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29931 |
| CVE-2020-27509 | Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-27509 |
| CVE-2022-34494 | rpmsg_virtio_add_ctrl_dev in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34494 |
| CVE-2022-34495 | rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34495 |
| CVE-2022-2206 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2206 |
| CVE-2022-33146 | Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having a user to access a specially crafted URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33146 |
| CVE-2022-33202 | Authentication bypass vulnerability in the setup screen of L2Blocker(on-premise) Ver4.8.5 and earlier and L2Blocker(Cloud) Ver4.8.5 and earlier allows an adjacent attacker to perform an unauthorized login and obtain the stored information or cause a malfunction of the device by using alternative paths or channels for Sensor. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33202 |
| CVE-2020-9754 | NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-9754 |
| CVE-2022-2212 | A vulnerability was found in SourceCodester Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the component /card/index.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2212 |
| CVE-2022-2213 | A vulnerability was found in SourceCodester Library Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_admin_details.php?id=admin. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2213 |
| CVE-2022-2214 | A vulnerability was found in SourceCodester Library Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /librarian/bookdetails.php. The manipulation of the argument id with malicious input leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2214 |
| CVE-2022-0444 | The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-0444 |
| CVE-2022-0875 | The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2022-0875 |
| CVE-2022-1010 | The Login using WordPress Users ( WP as SAML IDP ) WordPress plugin before 1.13.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1010 |
| CVE-2022-1028 | The WordPress Security Firewall, Malware Scanner, Secure Login and Backup plugin before 4.2.1 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1028 |
| CVE-2022-1029 | The Limit Login Attempts WordPress plugin before 4.0.72 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1029 |
| CVE-2022-1095 | The Mihdan: No External Links WordPress plugin through 4.8.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1095 |
| CVE-2022-1113 | The Flower Delivery by Florist One WordPress plugin through 3.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setups) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1113 |
| CVE-2022-1321 | The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1321 |
| CVE-2022-1326 | The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1326 |
| CVE-2022-1327 | The Image Gallery - Grid Gallery WordPress plugin through 1.1.1 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1327 |
| CVE-2022-1470 | The Ultimate WooCommerce CSV Importer WordPress plugin through 2.0 does not sanitise and escape the imported data before outputting it back in the page, leading to a Reflected Cross-Site Scripting | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1470 |
| CVE-2022-1572 | The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1572 |
| CVE-2022-1573 | The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1573 |
| CVE-2022-1574 | The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when importing files, and does not validate them, as a result, unauthenticated attackers can upload arbitrary files (such as PHP) on the remote server | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1574 |
| CVE-2022-1593 | The Site Offline or Coming Soon WordPress plugin through 1.6.6 does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1593 |
| CVE-2022-1625 | The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes (for bypassing the provided restrictions) and to change plugin settings by tricking admin users into visiting specially crafted websites. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1625 |
| CVE-2022-1627 | The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1627 |
| CVE-2022-1653 | The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1653 |
| CVE-2022-1776 | The Popups, Welcome Bar, Optins and Lead Generation Plugin WordPress plugin before 2.1.8 does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1776 |
| CVE-2022-1842 | The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1842 |
| CVE-2022-1843 | The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1843 |
| CVE-2022-1844 | The WP Sentry WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1844 |
| CVE-2022-1845 | The WP Post Styling WordPress plugin before 1.3.1 does not have CSRF checks in various actions, which could allow attackers to make a logged in admin delete plugin's data, update the settings, add new entries and more via CSRF attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1845 |
| CVE-2022-1846 | The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1846 |
| CVE-2022-1847 | The Rotating Posts WordPress plugin through 1.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1847 |
| CVE-2022-1885 | The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1885 |
| CVE-2022-1903 | The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the administrator) due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1903 |
| CVE-2022-1904 | The Pricing Tables WordPress Plugin WordPress plugin before 3.2.1 does not sanitise and escape parameter before outputting it back in a page available to any user (both authenticated and unauthenticated) when a specific setting is enabled, leading to a Reflected Cross-Site Scripting | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1904 |
| CVE-2022-1913 | The Add Post URL WordPress plugin through 2.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1913 |
| CVE-2022-1914 | The Clean-Contact WordPress plugin through 1.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS due to the lack of sanitisation and escaping as well | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1914 |
| CVE-2022-1916 | The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store WordPress plugin before 1.0.5 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected cross-Site Scripting | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1916 |
| CVE-2022-1953 | The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary file deletion vulnerability via an AJAX action, accessible to unauthenticated users, which accepts user input that is being used in a path and passed to unlink() without validation first | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1953 |
| CVE-2022-1960 | The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1960 |
| CVE-2022-1964 | The Easy SVG Support WordPress plugin before 3.3.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1964 |
| CVE-2022-1971 | The NextCellent Gallery WordPress plugin through 1.9.35 does not sanitise and escape some of its image settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1971 |
| CVE-2022-1977 | The Import Export All WordPress Images, Users & Post Types WordPress plugin before 6.5.3 does not fully validate the file to be imported via an URL before making an HTTP request to it, which could allow high privilege users such as admin to perform Blind SSRF attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1977 |
| CVE-2022-1990 | The Nested Pages WordPress plugin before 3.1.21 does not escape and sanitize the some of its settings, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfiltered_html is disallowed | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1990 |
| CVE-2022-1994 | The Login With OTP Over SMS, Email, WhatsApp and Google Authenticator WordPress plugin before 1.0.8 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1994 |
| CVE-2022-1995 | The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2022-1995 |
| CVE-2022-2040 | The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2040 |
| CVE-2022-2041 | The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element content, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2041 |
| CVE-2021-40895 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in todo-regex v0.1.1 when matching crafted invalid TODO statements. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40895 |
| CVE-2021-40896 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in that-value v0.1.3 when validating crafted invalid emails. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40896 |
| CVE-2021-40897 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in split-html-to-chars v1.0.5 when splitting crafted invalid htmls. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40897 |
| CVE-2021-40898 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40898 |
| CVE-2021-40899 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40899 |
| CVE-2022-0722 | Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url prior to 7.0.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-0722 |
| CVE-2022-2217 | Cross-site Scripting (XSS) - Generic in GitHub repository ionicabizau/parse-url prior to 7.0.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2217 |
| CVE-2022-2207 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2207 |
| CVE-2022-2216 | Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 7.0.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2216 |
| CVE-2021-40900 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40900 |
| CVE-2021-40901 | A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40901 |
| CVE-2022-2208 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2208 |
| CVE-2022-2218 | Cross-site Scripting (XSS) - Stored in GitHub repository ionicabizau/parse-url prior to 7.0.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2218 |
| CVE-2017-20100 | A vulnerability was found in Air Transfer 1.0.14/1.2.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to basic cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20100 |
| CVE-2017-20101 | A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects an unknown part of the file process.php?do=zip_download. The manipulation of the argument client/file leads to information disclosure. It is possible to initiate the attack remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20101 |
| CVE-2017-20102 | A vulnerability was found in Album Lock 4.0 and classified as critical. Affected by this issue is some unknown functionality of the file /getImage. The manipulation of the argument filePaht leads to path traversal. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20102 |
| CVE-2020-21161 | Cross Site Scripting (XSS) vulnerability in Ruckus Wireless ZoneDirector 9.8.3.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-21161 |
| CVE-2022-2210 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2210 |
| CVE-2021-33647 | When performing the inference shape operation of the Tile operator, if the input data type is not int or int32, it will access data outside of bounds of heap allocated buffers. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33647 |
| CVE-2021-33648 | When performing the inference shape operation of Affine, Concat, MatMul, ArgMinMax, EmbeddingLookup, and Gather operators, if the input shape size is 0, it will access data outside of bounds of shape which allocated from heap buffers. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33648 |
| CVE-2021-33649 | When performing the inference shape operation of the Transpose operator, if the value in the perm element is greater than or equal to the size of the input_shape, it will access data outside of bounds of input_shape which allocated from heap buffers. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33649 |
| CVE-2021-33650 | When performing the inference shape operation of the SparseToDense operator, if the number of inputs is less than three, it will access data outside of bounds of inputs which allocated from heap buffers. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33650 |
| CVE-2021-33651 | When performing the analytical operation of the DepthwiseConv2D operator, if the attribute depth_multiplier is 0, it will cause a division by 0 exception. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33651 |
| CVE-2021-33652 | When the Reduce operator run operation is executed, if there is a value of 0 in the parameter axis_sizes element, it will cause a division by 0 exception. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33652 |
| CVE-2021-33653 | When performing the derivation shape operation of the SpaceToBatch operator, if there is a value of 0 in the parameter block_shape element, it will cause a division by 0 exception. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33653 |
| CVE-2021-33654 | When performing the initialization operation of the Split operator, if a dimension in the input shape is 0, it will cause a division by 0 exception. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-33654 |
| CVE-2022-2088 | An authenticated user with admin privileges may be able to terminate any process on the system running Elcomplus SmartICS v2.3.4.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2088 |
| CVE-2022-2106 | Elcomplus SmartICS v2.3.4.0 does not validate the filenames sufficiently, which enables authenticated administrator-level users to perform path traversal attacks and specify arbitrary files. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2106 |
| CVE-2022-2140 | Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an authenticated user to inject arbitrary code into specific parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2140 |
| CVE-2021-40941 | In Bento4 1.6.0-638, there is an allocator is out of memory in the function AP4_Array<AP4_TrunAtom::Entry>::EnsureCapacity in Ap4Array.h:172, as demonstrated by GPAC. This can cause a denial of service (DOS). | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40941 |
| CVE-2022-26477 | The Security Team noticed that the termination condition of the for loop in the readExternal method is a controllable variable, which, if tampered with, may lead to CPU exhaustion. As a fix, we added an upper bound and termination condition in the read and write logic. We classify it as a "low-priority but useful improvement". SystemDS is a distributed system and needs to serialize/deserialize data but in many code paths (e.g., on Spark broadcast/shuffle or writing to sequence files) the byte stream is anyway protected by additional CRC fingerprints. In this particular case though, the number of decoders is upper-bounded by twice the number of columns, which means an attacker would need to modify two entries in the byte stream in a consistent manner. By adding these checks robustness was strictly improved with almost zero overhead. These code changes are available in versions higher than 2.2.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-26477 |
| CVE-2022-28166 | In Brocade SANnav version before SANN2.2.0.2 and Brocade SANNav before 2.1.1.8, the implementation of TLS/SSL Server Supports the Use of Static Key Ciphers (ssl-static-key-ciphers) on ports 443 & 18082. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28166 |
| CVE-2022-28167 | Brocade SANnav before Brocade SANvav v. 2.2.0.2 and Brocade SANanv v.2.1.1.8 logs the Brocade Fabric OS switch password in plain text in asyncjobscheduler-manager.log | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28167 |
| CVE-2022-28168 | In Brocade SANnav before Brocade SANnav v2.2.0.2 and Brocade SANnav2.1.1.8, encoded scp-server passwords are stored using Base64 encoding, which could allow an attacker able to access log files to easily decode the passwords. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28168 |
| CVE-2022-28171 | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28171 |
| CVE-2022-28172 | The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to XSS attack by sending messages with malicious commands to the affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28172 |
| CVE-2017-20098 | A vulnerability was found in Admin Custom Login Plugin 2.4.5.2. It has been classified as problematic. Affected is an unknown function. The manipulation leads to basic cross site scripting (Persistent). It is possible to launch the attack remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20098 |
| CVE-2017-20099 | A vulnerability was found in Analytics Stats Counter Statistics Plugin 1.2.2.5 and classified as critical. This issue affects some unknown processing. The manipulation leads to code injection. The attack may be initiated remotely. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20099 |
| CVE-2022-28622 | A potential security vulnerability has been identified in HPE StoreOnce Software. The SSH server supports weak key exchange algorithms which could lead to remote unauthorized access. HPE has made the following software update to resolve the vulnerability in HPE StoreOnce Software 4.3.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28622 |
| CVE-2022-2221 | Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to 2022.1.8. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2221 |
| CVE-2022-31034 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v0.11.0 are vulnerable to a variety of attacks when an SSO login is initiated from the Argo CD CLI or UI. The vulnerabilities are due to the use of insufficiently random values in parameters in Oauth2/OIDC login flows. In each case, using a relatively-predictable (time-based) seed in a non-cryptographically-secure pseudo-random number generator made the parameter less random than required by the relevant spec or by general best practices. In some cases, using too short a value made the entropy even less sufficient. The attacks on login flows which are meant to be mitigated by these parameters are difficult to accomplish but can have a high impact potentially granting an attacker admin access to Argo CD. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no known workarounds for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31034 |
| CVE-2022-31035 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a `javascript\:` link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). The script would be capable of doing anything which is possible in the UI or via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. There are no completely-safe workarounds besides upgrading. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31035 |
| CVE-2022-31036 | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All versions of Argo CD starting with v1.3.0 are vulnerable to a symlink following bug allowing a malicious user with repository write access to leak sensitive YAML files from Argo CD's repo-server. A malicious Argo CD user with write access for a repository which is (or may be) used in a Helm-type Application may commit a symlink which points to an out-of-bounds file. If the target file is a valid YAML file, the attacker can read the contents of that file. Sensitive files which could be leaked include manifest files from other Applications' source repositories (potentially decrypted files, if you are using a decryption plugin) or any YAML-formatted secrets which have been mounted as files on the repo-server. Patches for this vulnerability has been released in the following Argo CD versions: v2.4.1, v2.3.5, v2.2.10 and v2.1.16. If you are using a version >=v2.3.0 and do not have any Helm-type Applications you may disable the Helm config management tool as a workaround. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31036 |
| CVE-2022-31039 | Greenlight is a simple front-end interface for your BigBlueButton server. In affected versions an attacker can view any room's settings even though they are not authorized to do so. Only the room owner and administrator should be able to view a room's settings. This issue has been patched in release version 2.12.6. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31039 |
| CVE-2022-31057 | Shopware is an open source e-commerce software made in Germany. Versions of Shopware 5 prior to version 5.7.12 are subject to an authenticated Stored XSS in Administration. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31057 |
| CVE-2022-31064 | BigBlueButton is an open source web conferencing system. Users in meetings with private chat enabled are vulnerable to a cross site scripting attack in affected versions. The attack occurs when the attacker (with xss in the name) starts a chat. in the victim's client the JavaScript will be executed. This issue has been addressed in version 2.4.8 and 2.5.0. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31064 |
| CVE-2022-31065 | BigBlueButton is an open source web conferencing system. In affected versions an attacker can embed malicious JS in their username and have it executed on the victim's client. When a user receives a private chat from the attacker (whose username contains malicious JavaScript), the script gets executed. Additionally when the victim receives a notification that the attacker has left the session. This issue has been patched in version 2.4.8 and 2.5.0. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31065 |
| CVE-2022-31076 | KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message can crash CloudCore by triggering a nil-pointer dereference in the UDS Server. Since the UDS Server only communicates with the CSI Driver on the cloud side, the attack is limited to the local host network. As such, an attacker would already need to be an authenticated user of the Cloud. Additionally it will be affected only when users turn on the unixsocket switch in the config file cloudcore.yaml. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. Users unable to upgrade should sisable the unixsocket switch of CloudHub in the config file cloudcore.yaml. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31076 |
| CVE-2021-40942 | In GPAC MP4Box v1.1.0, there is a heap-buffer-overflow in the function filter_parse_dyn_args function in filter_core/filter.c:1454, as demonstrated by GPAC. This can cause a denial of service (DOS). | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40942 |
| CVE-2022-31077 | KubeEdge is built upon Kubernetes and extends native containerized application orchestration and device management to hosts at the Edge. In affected versions a malicious message response from KubeEdge can crash the CSI Driver controller server by triggering a nil-pointer dereference panic. As a consequence, the CSI Driver controller will be in denial of service. This bug has been fixed in Kubeedge 1.11.0, 1.10.1, and 1.9.3. Users should update to these versions to resolve the issue. At the time of writing, no workaround exists. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31077 |
| CVE-2022-31081 | HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served on top of Nginx or Apache, not on the `HTTP::Daemon`. This library is commonly used for local development and tests. Users are advised to update to resolve this issue. Users unable to upgrade may add additional request handling logic as a mitigation. After calling `my $rqst = $conn->get_request()` one could inspect the returned `HTTP::Request` object. Querying the 'Content-Length' (`my $cl = $rqst->header('Content-Length')`) will show any abnormalities that should be dealt with by a `400` response. Expected strings of 'Content-Length' SHOULD consist of either a single non-negative integer, or, a comma separated repetition of that number. (that is `42` or `42, 42, 42`). Anything else MUST be rejected. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31081 |
| CVE-2022-31082 | GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. glpi-inventory-plugin is a plugin for GLPI to handle inventory management. In affected versions a SQL injection can be made using package deployment tasks. This issue has been resolved in version 1.0.2. Users are advised to upgrade. Users unable to upgrade should delete the `front/deploypackage.public.php` file if they are not using the `deploy tasks` feature. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31082 |
| CVE-2022-31084 | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 There are cases where LAM instantiates objects from arbitrary classes. An attacker can inject the first constructor argument. This can lead to code execution if non-LAM classes are instantiated that execute code during object creation. This issue has been fixed in version 8.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31084 |
| CVE-2022-31085 | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the session files include the LDAP user name and password in clear text if the PHP OpenSSL extension is not installed or encryption is disabled by configuration. This issue has been fixed in version 8.0. Users unable to upgrade should install the PHP OpenSSL extension and make sure session encryption is enabled in LAM main configuration. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31085 |
| CVE-2022-31086 | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the /config/templates/pdf/ directory is accessible for remote users. This is not a default configuration of LAM. This issue has been fixed in version 8.0. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31086 |
| CVE-2022-31087 | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the tmp directory, which is accessible by /lam/tmp/, allows interpretation of .php (and .php5/.php4/.phpt/etc) files. An attacker capable of writing files under www-data privileges can write a web-shell into this directory, and gain a Code Execution on the host. This issue has been fixed in version 8.0. Users unable to upgrade should disallow executing PHP scripts in (/var/lib/ldap-account-manager/)tmp directory. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31087 |
| CVE-2022-31088 | LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In versions prior to 8.0 the user name field at login could be used to enumerate LDAP data. This is only the case for LDAP search configuration. This issue has been fixed in version 8.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31088 |
| CVE-2022-31089 | Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. In affected versions certain types of invalid files requests are not handled properly and can crash the server. If you are running multiple Parse Server instances in a cluster, the availability impact may be low; if you are running Parse Server as single instance without redundancy, the availability impact may be high. This issue has been addressed in versions 4.10.12 and 5.2.3. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31089 |
| CVE-2022-31094 | ScratchTools is a web extension designed to make interacting with the Scratch programming language community (Scratching) easier. In affected versions anybody who uses the Recently Viewed Projects feature is vulnerable to having their account taken over if they view a project that tries to. The issue is that if a user visits a project that includes Javascript in the title, then when the Recently Viewed Projects feature displays it, it could run the Javascript. This issue has been addressed in the 2.5.2 release. Users having issues scratching should open an issue in the project issue tracker https://github.com/STForScratch/ScratchTools/ | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31094 |
| CVE-2022-33005 | A cross-site scripting (XSS) vulnerability in the System Settings/IOT Settings module of Delta Electronics DIAEnergie v1.08.00 allows attackers to execute arbitrary web scripts via a crafted payload injected into the Name text field. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33005 |
| CVE-2022-33116 | An issue in the jmpath variable in /modules/mindmap/index.php of GUnet Open eClass Platform (aka openeclass) v3.12.4 and below allows attackers to read arbitrary files via a directory traversal. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33116 |
| CVE-2017-20103 | A vulnerability classified as critical has been found in Kama Click Counter Plugin up to 3.4.8. This affects an unknown part of the file wp-admin/admin.php. The manipulation of the argument order_by/order with malicious input leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.4.9 is able to address this issue. It is recommended to upgrade the affected component. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20103 |
| CVE-2022-31090 | Guzzle, an extensible PHP HTTP client. `Authorization` headers on requests are sensitive information. In affected versions when using our Curl handler, it is possible to use the `CURLOPT_HTTPAUTH` option to specify an `Authorization` header. On making a request which responds with a redirect to a URI with a different origin (change in host, scheme or port), if we choose to follow it, we should remove the `CURLOPT_HTTPAUTH` option before continuing, stopping curl from appending the `Authorization` header to the new request. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. If you do not require or expect redirects to be followed, one should simply disable redirects all together. Alternatively, one can specify to use the Guzzle steam handler backend, rather than curl. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31090 |
| CVE-2022-31091 | Guzzle, an extensible PHP HTTP client. `Authorization` and `Cookie` headers on requests are sensitive information. In affected versions on making a request which responds with a redirect to a URI with a different port, if we choose to follow it, we should remove the `Authorization` and `Cookie` headers from the request, before containing. Previously, we would only consider a change in host or scheme. Affected Guzzle 7 users should upgrade to Guzzle 7.4.5 as soon as possible. Affected users using any earlier series of Guzzle should upgrade to Guzzle 6.5.8 or 7.4.5. Note that a partial fix was implemented in Guzzle 7.4.2, where a change in host would trigger removal of the curl-added Authorization header, however this earlier fix did not cover change in scheme or change in port. An alternative approach would be to use your own redirect middleware, rather than ours, if you are unable to upgrade. If you do not require or expect redirects to be followed, one should simply disable redirects all together. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31091 |
| CVE-2022-31092 | Pimcore is an Open Source Data & Experience Management Platform. Pimcore offers developers listing classes to make querying data easier. This listing classes also allow to order or group the results based on one or more columns which should be quoted by default. The actual issue is that quoting is not done properly in both cases, so there's the theoretical possibility to inject custom SQL if the developer is using this methods with input data and not doing proper input validation in advance and so relies on the auto-quoting being done by the listing classes. This issue has been resolved in version 10.4.4. Users are advised to upgrade or to apple the patch manually. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31092 |
| CVE-2022-31093 | NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31093 |
| CVE-2022-31096 | Discourse is an open source discussion platform. Under certain conditions, a logged in user can redeem an invite with an email that either doesn't match the invite's email or does not adhere to the email domain restriction of an invite link. The impact of this flaw is aggravated when the invite has been configured to add the user that accepts the invite into restricted groups. Once a user has been incorrectly added to a restricted group, the user may then be able to view content which that are restricted to the respective group. Users are advised to upgrade to the current stable releases. There are no known workarounds to this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31096 |
| CVE-2022-31098 | Weave GitOps is a simple open source developer platform for people who want cloud native applications, without needing Kubernetes expertise. A vulnerability in the logging of Weave GitOps could allow an authenticated remote attacker to view sensitive cluster configurations, aka KubeConfg, of registered Kubernetes clusters, including the service account tokens in plain text from Weave GitOps's pod logs on the management cluster. An unauthorized remote attacker can also view these sensitive configurations from external log storage if enabled by the management cluster. This vulnerability is due to the client factory dumping cluster configurations and their service account tokens when the cluster manager tries to connect to an API server of a registered cluster, and a connection error occurs. An attacker could exploit this vulnerability by either accessing logs of a pod of Weave GitOps, or from external log storage and obtaining all cluster configurations of registered clusters. A successful exploit could allow the attacker to use those cluster configurations to manage the registered Kubernetes clusters. This vulnerability has been fixed by commit 567356f471353fb5c676c77f5abc2a04631d50ca. Users should upgrade to Weave GitOps core version v0.8.1-rc.6 or newer. There is no known workaround for this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31098 |
| CVE-2022-31100 | rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, rulex may crash, possibly enabling a Denial of Service attack. This happens when the expression contains a multi-byte UTF-8 code point in a string literal or after a backslash, because rulex tries to slice into the code point and panics as a result. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the thread running rulex panics. The crashes are fixed in version **0.4.3**. Affected users are advised to update to this version. The only known workaround for this issue is to assume that regular expression parsing will panic and to add logic to catch panics. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31100 |
| CVE-2022-32092 | D-Link DIR-645 v1.03 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter at __ajax_explorer.sgi. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32092 |
| CVE-2022-33007 | TRENDnet Wi-Fi routers TEW751DR v1.03 and TEW-752DRU v1.03 were discovered to contain a stack overflow via the function genacgi_main. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33007 |
| CVE-2022-33879 | The initial fixes in CVE-2022-30126 and CVE-2022-30973 for regexes in the StandardsExtractingContentHandler were insufficient, and we found a separate, new regex DoS in a different regex in the StandardsExtractingContentHandler. These are now fixed in 1.28.4 and 2.4.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33879 |
| CVE-2022-31099 | rulex is a new, portable, regular expression language. When parsing untrusted rulex expressions, the stack may overflow, possibly enabling a Denial of Service attack. This happens when parsing an expression with several hundred levels of nesting, causing the process to abort immediately. This is a security concern for you, if your service parses untrusted rulex expressions (expressions provided by an untrusted user), and your service becomes unavailable when the process running rulex aborts due to a stack overflow. The crash is fixed in version **0.4.3**. Affected users are advised to update to this version. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31099 |
| CVE-2022-31101 | prestashop/blockwishlist is a prestashop extension which adds a block containing the customer's wishlists. In affected versions an authenticated customer can perform SQL injection. This issue is fixed in version 2.1.1. Users are advised to upgrade. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31101 |
| CVE-2022-31103 | lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule `@keyframes`. This package is depended on by [react-letter](https://github.com/mat-sz/react-letter), therefore everyone using react-letter is also at risk. The problem has been patched in version 1.0.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31103 |
| CVE-2022-32994 | Halo CMS v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the component /api/admin/attachments/upload. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32994 |
| CVE-2022-32995 | Halo CMS v1.5.3 was discovered to contain a Server-Side Request Forgery (SSRF) via the template remote download function. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-32995 |
| CVE-2022-33009 | A stored cross-site scripting (XSS) vulnerability in LightCMS v1.3.11 allows attackers to execute arbitrary web scripts or HTML via uploading a crafted PDF file. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33009 |
| CVE-2022-31104 | Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x86_64 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bugs were presented in the `i8x16.swizzle` and `select` WebAssembly instructions. The `select` instruction is only affected when the inputs are of `v128` type. The correspondingly affected Cranelift instructions were `swizzle` and `select`. The `swizzle` instruction lowering in Cranelift erroneously overwrote the mask input register which could corrupt a constant value, for example. This means that future uses of the same constant may see a different value than the constant itself. The `select` instruction lowering in Cranelift wasn't correctly implemented for vector types that are 128-bits wide. When the condition was 0 the wrong instruction was used to move the correct input to the output of the instruction meaning that only the low 32 bits were moved and the upper 96 bits of the result were left as whatever the register previously contained (instead of the input being moved from). The `select` instruction worked correctly if the condition was nonzero, however. This bug in Wasmtime's implementation of these instructions on x86_64 represents an incorrect implementation of the specified semantics of these instructions according to the WebAssembly specification. The impact of this is benign for hosts running WebAssembly but represents possible vulnerabilities within the execution of a guest program. For example a WebAssembly program could take unintended branches or materialize incorrect values internally which runs the risk of exposing the program itself to other related vulnerabilities which can occur from miscompilations. We have released Wasmtime 0.38.1 and cranelift-codegen (and other associated cranelift crates) 0.85.1 which contain the corrected implementations of these two instructions in Cranelift. If upgrading is not an option for you at this time, you can avoid the vulnerability by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other aarch64 hosts are not affected. Note that s390x hosts don't yet implement the simd proposal and are not affected. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31104 |
| CVE-2022-34132 | Benjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34132 |
| CVE-2022-34133 | Benjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34133 |
| CVE-2022-34134 | Benjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34134 |
| CVE-2017-20104 | A vulnerability was found in Simplessus 3.7.7. It has been declared as critical. This vulnerability affects unknown code of the component Cookie Handler. The manipulation of the argument UWA_SID leads to sql injection (Time). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20104 |
| CVE-2017-20105 | A vulnerability was found in Simplessus 3.7.7. It has been rated as critical. This issue affects some unknown processing. The manipulation of the argument path with malicious input leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.8.3 is able to address this issue. It is recommended to upgrade the affected component. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20105 |
| CVE-2017-20106 | A vulnerability, which was classified as critical, has been found in Lithium Forum 2017 Q1. This issue affects some unknown processing of the component Compose Message Handler. The manipulation of the argument upload_url leads to server-side request forgery. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20106 |
| CVE-2017-20107 | A vulnerability, which was classified as problematic, was found in ShadeYouVPN.com Client 2.0.1.11. Affected is an unknown function. The manipulation leads to improper privilege management. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.0.1.12 is able to address this issue. It is recommended to upgrade the affected component. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20107 |
| CVE-2022-0624 | Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-0624 |
| CVE-2021-40606 | The gf_bs_write_data function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40606 |
| CVE-2021-40607 | The schm_box_size function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40607 |
| CVE-2021-40608 | The gf_hinter_track_finalize function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40608 |
| CVE-2021-40609 | The GetHintFormat function in GPAC 1.0.1 allows attackers to cause a denial of service via a crafted file in the MP4Box command. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40609 |
| CVE-2021-40943 | In Bento4 1.6.0-638, there is a null pointer reference in the function AP4_DescriptorListInspector::Action function in Ap4Descriptor.h:124 , as demonstrated by GPAC. This can cause a denial of service (DOS). | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40943 |
| CVE-2021-40944 | In GPAC MP4Box 1.1.0, there is a Null pointer reference in the function gf_filter_pid_get_packet function in src/filter_core/filter_pid.c:5394, as demonstrated by GPAC. This can cause a denial of service (DOS). | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40944 |
| CVE-2021-41460 | ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41460 |
| CVE-2021-41687 | DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41687 |
| CVE-2021-41688 | DCMTK through 3.6.6 does not handle memory free properly. The object in the program is free but its address is still used in other locations. Sending specific requests to the dcmqrdb program will incur a double free. An attacker can use it to launch a DoS attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41688 |
| CVE-2021-41689 | DCMTK through 3.6.6 does not handle string copy properly. Sending specific requests to the dcmqrdb program, it would query its database and copy the result even if the result is null, which can incur a head-based overflow. An attacker can use it to launch a DoS attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41689 |
| CVE-2021-41690 | DCMTK through 3.6.6 does not handle memory free properly. The malloced memory for storing all file information are recorded in a global variable LST and are not freed properly. Sending specific requests to the dcmqrdb program can incur a memory leak. An attacker can use it to launch a DoS attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41690 |
| CVE-2022-23896 | Admidio 4.1.2 version is affected by stored cross-site scripting (XSS). | – | https://nvd.nist.gov/vuln/detail/CVE-2022-23896 |
| CVE-2022-29519 | Cleartext transmission of sensitive information vulnerability exists in STARDOM FCN Controller and FCJ Controller R1.01 to R4.31, which may allow an adjacent attacker to login the affected products and alter device configuration settings or tamper with device firmware. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29519 |
| CVE-2022-30707 | Violation of secure design principles exists in the communication of CAMS for HIS. Affected products and versions are CENTUM series where LHS4800 is installed (CENTUM CS 3000 and CENTUM CS 3000 Small R3.08.10 to R3.09.00), CENTUM series where CAMS function is used (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R4.01.00 to R4.03.00), CENTUM series regardless of the use of CAMS function (CENTUM VP, CENTUM VP Small, and CENTUM VP Basic R5.01.00 to R5.04.20 and R6.01.00 to R6.09.00), Exaopc R3.72.00 to R3.80.00 (only if NTPF100-S6 'For CENTUM VP Support CAMS for HIS' is installed), B/M9000 CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01). If an adjacent attacker successfully compromises a computer using CAMS for HIS software, they can use credentials from the compromised machine to access data from another machine using CAMS for HIS software. This can lead to a disabling of CAMS for HIS software functions on any affected machines, or information disclosure/alteration. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30707 |
| CVE-2022-30997 | Use of hard-coded credentials vulnerability exists in STARDOM FCN Controller and FCJ Controller R4.10 to R4.31, which may allow an attacker with an administrative privilege to read/change configuration settings or update the controller with tampered firmware. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30997 |
| CVE-2022-34750 | An issue was discovered in MediaWiki through 1.38.1. The lemma length of a Wikibase lexeme is currently capped at a thousand characters. Unfortunately, this length is not validated, allowing much larger lexemes to be created, which introduces various denial-of-service attack vectors within the Wikibase and WikibaseLexeme extensions. This is related to Special:NewLexeme and Special:NewProperty. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-34750 |
| CVE-2022-23763 | Origin validation error vulnerability in NeoRS’s ActiveX moudle allows attackers to download and execute arbitrary files. Remote attackers can use this vulerability to encourage users to access crafted web pages, causing damage such as malicious code infections. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-23763 |
| CVE-2022-30560 | When an attacker obtaining the administrative account and password, or through a man-in-the-middle attack, the attacker could send a specified crafted packet to the vulnerable interface then lead the device to crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30560 |
| CVE-2022-30561 | When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in, the attacker could log in to the device by replaying the user's login packet. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30561 |
| CVE-2022-30562 | If the user enables the https function on the device, an attacker can modify the user’s request data packet through a man-in-the-middle attack ,Injection of a malicious URL in the Host: header of the HTTP Request results in a 302 redirect to an attacker-controlled page. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30562 |
| CVE-2022-30563 | When an attacker uses a man-in-the-middle attack to sniff the request packets with success logging in through ONVIF, he can log in to the device by replaying the user's login packet. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30563 |
| CVE-2022-0085 | Server-Side Request Forgery (SSRF) in GitHub repository dompdf/dompdf prior to 2.0.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-0085 |
| CVE-2021-3779 | A malicious MySQL server can request local file content from a client using ruby-mysql prior to version 2.10.0 without explicit authorization from the user. This issue was resolved in version 2.10.0 and later. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3779 |
| CVE-2021-40553 | piwigo 11.5.0 is affected by a remote code execution (RCE) vulnerability in the LocalFiles Editor. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40553 |
| CVE-2022-0987 | A flaw was found in PackageKit in the way some of the methods exposed by the Transaction interface examines files. This issue allows a local user to measure the time the methods take to execute and know whether a file owned by root or other users exists. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-0987 |
| CVE-2022-33108 | XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-33108 |
| CVE-2022-28621 | A remote disclosure of sensitive information vulnerability was discovered in HPE NonStop DSM/SCM version: T6031H03^ADP. HPE has provided a software update to resolve this vulnerability in HPE NonStop DSM/SCM. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28621 |
| CVE-2022-2145 | Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2145 |
| CVE-2022-31056 | GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31056 |
| CVE-2022-31061 | GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31061 |
| CVE-2022-31068 | GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated. This issue has been addressed in version 10.0.2 and all affected users are advised to upgrade. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31068 |
| CVE-2022-31106 | Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31106 |
| CVE-2022-31108 | Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to "load" a background image that will let an attacker know what's the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc. This issue has been resolved in version 9.1.3. Users are advised to upgrade. Users unable to upgrade should ensure that user input is adequately escaped before embedding it in CSS blocks. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31108 |
| CVE-2022-31229 | Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31229 |
| CVE-2022-31230 | Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31230 |
| CVE-2021-3430 | Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3430 |
| CVE-2021-3431 | Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3431 |
| CVE-2021-3432 | Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4 | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3432 |
| CVE-2021-3433 | Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3433 |
| CVE-2021-3434 | Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3434 |
| CVE-2021-3435 | Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3435 |
| CVE-2022-2231 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-2231 |
| CVE-2022-31883 | Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31883 |
| CVE-2022-31885 | Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31885 |
| CVE-2022-31886 | Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31886 |
| CVE-2020-19896 | File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-19896 |
| CVE-2020-19897 | A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-19897 |
| CVE-2021-41559 | Silverstripe silverstripe/framework 4.8.1 has a quadratic blowup in Convert::xml2array() that enables a remote attack via a crafted XML document. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-41559 |
| CVE-2022-24444 | Silverstripe silverstripe/framework through 4.10 allows Session Fixation. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-24444 |
| CVE-2022-25238 | Silverstripe silverstripe/framework through 4.10.0 allows XSS, inside of script tags that can can be added to website content via XHR by an authenticated CMS user if the cwp-core module is not installed on the sanitise_server_side contig is not set to true in project code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-25238 |
| CVE-2022-29858 | Silverstripe silverstripe/assets through 1.10 allows XSS. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-29858 |
| CVE-2022-31884 | Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31884 |
| CVE-2022-31887 | Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-31887 |